WLAN Access Controllers Bypass Networking Application Scenarios


In bypass networking mode, the AC (AirEngine 9700S-S) is connected to a network device (usually an aggregation switch) to manage APs.

The AC manages APs. Management flows are transmitted in CAPWAP tunnels, and data flows are forwarded to the upper layer network by the aggregation switch and do not pass through the AC.

AirEngine 9700S-S

PN: 02352PLX

In stock

Ready to ship | |

Tunnel Forwarding

In tunnel forwarding mode, wireless data is transmitted between APs and ACs over CAPWAP tunnels, both management flows and data flows of APs are transmitted to the AC over CAPWAP tunnels, and then the AC transparently transmits these flows to the upstream device.

Tunnel forwarding is usually used to control wireless user traffic in a centralized manner. This forwarding mode facilitates device deployment and controls all wireless service data flows by aggregating traffic of all wireless users connected to APs to an AC through CAPWAP data tunnels.

Direct Forwarding

In direct forwarding mode, wireless data is translated from 802.3 packets into 802.11 packets, which are then forwarded by an uplink aggregation switch.

The bypass networking mode is often used on enterprise networks. Wireless data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the usage of existing security policies. Therefore, this networking mode is recommended for integrated network deployment.

  • The AC only manages APs. All AP management flows (including authentication traffic) must arrive at the AC.

Interfaces connected to the AC are reserved on the aggregation switch. The aggregation switch functions as the DHCP server to allocate IP addresses to APs. APs obtain the IP address of the AC using the DNS mode, DHCP mode or broadcast mode.

  • Data flows from APs are forwarded by the Layer 2 switch and aggregation switch, and do not pass through the AC.

Different service VLANs are assigned to STAs with different service set identifiers (SSIDs). The access switch and aggregation switch identify packets from these VLANs and forward these packets to the upstream device. The aggregation switch allocates IP addresses to STAs.


In bypass networking mode, the AC manages all the APs connected to the aggregation switch. This network topology applies to scenarios where APs are scattered across hot spots. The bypass networking mode requires only a small modification to the existing network, facilitating device deployment. You can select the direct or tunnel forwarding mode according to networking requirements.