Wi-Fi is a Passion


Overview - Wireless Architectures

As you probably already know through reading my study notes, there is a lot of overlap between CWDP, CWSP, and CWAP. This blog is about the WLAN architectures that I already talked about in those two blogs: Overview - Architectures and WLAN Security Infrastructures Architectures.

Because of that, I’ll cover them here briefly again, since there are not many changes. There are three categories:

Controller-based are environments with a controller, hardware appliance, or a virtual appliance. You can still manage the access point by itself, but a portion is managed by the controller. It increases the single point of failure. If the controller is down, the access points don’t operate and it increases traffic since traffic needs to go from the access point first to the controller through a tunnel (like LWAPP (UDP 12222/12223) or CAPWAP (UDP 5246/5247). However, the administration is done centralized and not on every access point individually and this can be a pain in big enterprise environments. Access points can handle more clients since management is processed by the controller and not by the access point. So, what does an access point do and the controller, according to Cisco documentation? The access point:
- Handles the frame exchange handshakes between the client and access point.
- Transmits the beacon frames.
- Buffers and transmissions the frames for the clients in power save mode.
- Responds to probe requests and forwards notification of the probe request to the controller.
- Provisions real-time signal quality information to the switch per frame.
- Monitors the radio channels for noise, interference, and other WLANs.
- Monitors for the presence of other access points.
- Encrypts and decrypts 802.11 frames.

The controller, also according to Cisco documentation, has the following responsibilities:
- 802.11 authentication
- 802.11 association and reassociation
- 802.11 frame translation and bridging
- 802.1X/EAP/RADIUS processing
- Termination of 802.11 traffic on a wired interface, except in the case of REAP and H-REAP access points.

Cloud-based are like controller-based environments; however, the management is in the cloud. The cloud management can provision access points, monitor them, (re)configure them and maintenance operations from the cloud. The access points act most of the time as a distributed edge manner, which means that they function as a station without requiring access to the cloud. The advantages of this are that when there is an internet connection failure, the access points still can operate and that the data communication goes faster.

Autonomous are configured directly on the access point itself, and there is not a controller that manages them. There are options with a Wireless Network Management System that can do some monitoring and configuration, but all the responsibilities that a controller takes over are handled by the access point.

You have two types of data forwarding: distributed and centralized. With centralized the data goes first to the controller and then to the destination. Distributed data forwarding is directly to the destination without going to the controller. The challenge with centralized data forwarding is if the controller is not on the location, but in a datacentre, then the data needs to go over the WAN link and that can occur in delay. There are options on the controller for local switching, where the data stays local and the management and control frames go to the centralized controller.