Summary on advantages and disadvantages of wireless controller + thin AP architecture comparison with fat AP

 

I. concept explanation:

Fat AP (Fat AP): Fat AP can be used independently. Currently, some Fat AP can be converted to thin AP by upgrading IOS (by upgrading IOS to thin AP ).

Features of Fat AP: Fat AP is relative to Fit AP, fat AP integrates the features of the physical layer, user data encryption and authentication, QoS, network management, roaming technology, and other application layers of WLAN. The Fat AP wireless network solution can be composed of Fat AP directly on a wired network. The structure of the Fat AP device is complex and difficult to centrally manage.

Fit AP (thin AP): The thin ap needs to be used in combination with the Controller. If there is no controller, It is a block iron. currently, some thin APS can be converted to a fat AP by upgrading IOS (by upgrading IOS to a fat AP ).

Thin AP features: Fit AP is a Fat AP with only encryption and RF functions. It has a single function and cannot work independently. The entire Fit AP wireless network solution consists of a wireless controller and a Fit AP based on a wired network. "Zero Configuration" on Fit AP, all configurations are concentrated on the wireless controller. This also makes the Fit AP solution more convenient for centralized management, and thus has three-tier roaming, user-based permission distribution and other features not available for Fat AP.

Ii. comparison:

The "wireless switch + thin Wireless Access Point" solution is a new architecture technology of the wireless LAN Solution in recent years, this is to solve the major defects that the original fat AP products cannot centrally manage and deploy security policies. This solution architecture consists of three parts: thin Wireless Access Point, wireless switch/controller, and wireless network management platform: thin Wireless Access Point (short for thin AP) the original radio frequency of the fat AP is a zero-configuration product located in the network access layer, which aims to connect wireless users to the wireless network. Wireless switch/controller: A wireless switch/controller is a high-performance server architecture product. It is a management center device in a wireless network. It establishes communication with a thin AP through an international standard CAPWAP encrypted tunnel, and fully control the thin AP, the thin AP itself does not save the configuration, only by the control of the wireless switch/controller can work, therefore, all users' connection, access, authentication, permissions, and security information must be managed by wireless switches/controllers. Wireless Network Management Platform: as a unified management center platform across the network, all functions of wireless devices, wireless user information, wireless link monitoring, topology, wireless positioning, alarms, configurations, and reports are directly reflected and operated on the network management platform, it is executed by a wireless switch/controller.

Compared with the traditional autonomous Wireless Access Point (fat AP), the difference between the "wireless switch + thin AP" solution is obvious, mainly reflected in the following aspects:

1: unified global management

The management of fat AP only exists in itself, and there is no unified global management, nor monitoring and management of wireless links and wireless users ,;

The management right of the "wireless switch + thin AP" solution is all concentrated on the wireless switch/controller, and through the network management platform, allows you to visually and uniformly discover, upgrade, and configure devices throughout the network in batches, and even monitor wireless links and manage wireless users;

2: unified global security

A fat AP has only a few security policies and can only exist in itself. For large-scale wireless networks, security policies must be configured and distributed in batches, the current situation of fat AP cannot support unified global security;

The security policies of all users and thin aps in the "wireless switch + thin AP" solution are all deployed on wireless switches/controllers, making it easy to deploy security policies;

3: unified global Authentication

Fat AP authentication can only be deployed on the AP itself, and the authentication policy cannot be updated regularly. At the same time, it can only be authenticated, and other authentication-based policies cannot be deployed;

The authentication body of the "wireless switch + thin AP" solution is a wireless switch/controller. In combination with the background Radius system, the authentication policy can be flexibly defined, deployed, and changed;

4: security of the device

Fat AP has all its configurations. Once stolen, it is easy to log on through the serial port or network port to obtain information about wireless network intrusion, which is a huge risk for large-scale wireless network deployment;

The thin AP product of the "wireless switch + thin AP" solution does not store the configuration itself, that is, "Zero Configuration product". All the configurations are stored on the wireless switch/controller. Therefore, logically, wireless users access a thin AP, which is actually accessing a wireless switch/controller. Therefore, even if a thin AP deployed on the user's site is stolen, unauthorized users cannot obtain any configuration, eliminate the possibility of intrusion;

5: Full-network roaming

Because all management and configuration of a fat AP are on its own, the IP addresses of its downstream users must also belong to the IP address planning of the port VLAN and network segment of the fat AP's direct Ethernet switch. If the AP is deployed on a large scale, it will disrupt the IP address planning and VLAN planning of the original wired network, and when a wireless user crosses the fat AP, once a different network segment is entered, the IP address re-request and re-authentication process are involved, and network access is interrupted. Therefore, the fat AP product does not support cross-network roaming;

In the "wireless switch + thin AP" solution, the IP addresses, authentication, and encryption of wireless users all come from wireless switches/controllers, which thin AP is actually accessing the same (or the same group) wireless switch/controller, and will keep its original connection information, IP address, authentication information, and encryption information, therefore, cross-network segment roaming will not be interrupted.

6: Deployment environment of fat AP and thin AP

In the actual environment: Generally, fat AP is deployed in environments with less than five points. We recommend that you deploy a thin AP + wireless Controller Architecture in environments with more than five points. (That is to say, the fat AP is generally deployed on a home user or a small office network, and the thin AP + wireless controller architecture is suitable for enterprise networks ).

 

 

 

This article is from the "HoltZhang" blog