Combined use of wireless controllers and "fat" and "thin" AP

There are already many articles on the Differences Between Wireless AP and wireless routing. The difference between the two is the difference between "fat" and "thin" AP. Then I will focus on their applications with wireless controllers. For more information, see.

An AP (Access Point) is also known as a wireless bridge or a wireless gateway. The transmission mechanism of this wireless device is equivalent to a hub in a wired network, which continuously receives and transmits data in a wireless LAN; any PC with a wireless network adapter can share resources in a wired local area network or even a wide area network through an AP. Theoretically, when a Wireless AP is added to the network, the network coverage diameter can be multiplied, and more network devices can be accommodated in the network. Each Wireless AP basically has an Ethernet interface for wireless and wired connection.

The so-called "fat" AP in the industry should be called a wireless router. A wireless router is different from a pure AP. In addition to the wireless access function, it generally has two WAN and LAN interfaces. It supports DHCP server, DNS, and MAC address cloning, and security functions such as VPN access and firewall.

The terms "slim" and "fat" can be used in many aspects of access points (AP:
◆ Some commercial thin AP products represent only a few entry-level/residential products with advanced functions. In contrast, fat AP has many enterprise network functions, such as identification and SNMP-based management.
◆ Some manufacturers use thin AP products that cannot be configured or used independently. These products are only part of a WLAN switching system and are responsible for managing installation and operation. In this case, a fat AP is an independent AP, regardless of its function set.
◆ Some manufacturers use thin AP to deliver selected tasks to upper-Layer servers. These tasks, for example, communication with an 802.1X authentication server, generate an encryption key, as a VPN gateway, or for cross-Network Mobility re-routing, these functions can be executed by a fat AP without being forwarded to the upper-layer server.

Obviously, there are many different ways to combine and allocate AP functions; no matter how you plan to deploy it, thin and fat are just two extreme labels of a complex gradient process. My suggestion is to carefully understand the actual features of the products you want to buy, rather than being confused by thin or fat labels. For example, do you want to buy an AP from the same manufacturer? Instead, what if I want to use APS from different manufacturers? Do you really need to have functions such as vlan id, SNMP management, and VPN mobility in WLAN for your business activities?

Of course, when 802.1X is used, I still think it is good to share the task. For example, when there are many workstation groups between the encryption keys generated by the upper-layer server and the cached encryption keys, latency may be reduced-this is important for WLAN support for video or audio applications that are very sensitive to latency. To enhance communication and protect security, it is easier to use one device (one server) than to use many devices (separate AP. Therefore, using a server as your 802.1X Authenticator (for clients within the valid range) can prove to be more secure. But in the end, you must make a comprehensive balance between these benefits and your costs to determine what is best for your WLAN.

Using a lightweight AP + wireless controller does not change the existing wired network structure. The AP and the wireless controller communicate through the LWAPPIEEE802.11v protocol. All wireless data and control information are transmitted between the AP and the wireless controller in the form of LWAPP encapsulation, the real interface between the wireless and wired networks is on the wireless controller.

In the past, when the AP was networking separately, the interfaces between the wireless and wired networks were on the wired ports of the Wireless AP, and the AP decided the data forwarding rules. Later, due to the two concepts of centralized control and centralized management, we will detail the requirements in the following sections, including Airespace, Aruba, and Cisco, which have launched wireless controllers, wireless switches, and other products, for example, Cisco's original WLSM requires the ipvst6500 switch and Supervisor720) as a centralized control device for its own fat AP, which is called as an autonomous AP, ciscoworks WLSE or WLSE Express is used for centralized management. After the acquisition of Airespace, Cisco obtained a complete set of products and technologies under the lightweight AP architecture, and integrated with the original products into a new architecture-Cisco uniied Wireless Network, cisco integrated wireless network. The detailed architecture white paper is available at the following URL.

In this architecture, there are five layers:
1. In the wireless access layer, because Cisco and more than 90% of Wi-Fi access terminals support the CCX technology platform, the client can ensure secure access to the Cisco wireless network, and enjoy QoS, fast and secure roaming, and wireless IDS;
2. Wireless access layer, which consists of various types of Cisco AP indoor and outdoor, autonomous AP or lightweight AP;
3. The network integrated control layer provides various Cisco wireless controllers, including access application, data access control, QoS control, real-time RF control and adjustment, wireless IDS detection, and illegal AP suppression;
4. The network management layer manages wireless network elements based on SNMP;
5. Integrated application layer, including wireless NAC, wireless IP Phone, wireless location service, and other applications closely related to wireless networks.
I think the specific application needs to be analyzed based on the needs, but in the future, a large number of customers will choose the Networking Mode of light AP + wireless controller, which is a big trend.