Wi-Fi is a Passion


WLAN deployment pt 2.

As a wireless designer, you should not have a tunnel vision. Wireless needs an infrastructure, mostly wired. This network is most of the time already in place, or done by another engineer. However, there are moments that you should work together.

On routers are most of the time access control lists implemented. Those routers should pass through any WLAN-related protocol like LWAPP, CAPWAP, RADIUS and LDAP. LWAPP and CAPWAP is for tunnel protocols between the access points and the wireless LAN controller and using UDP ports 12222 and 12223 (for LWAPP) and 5246 and 5247 (for CAPWAP). RADIUS is for authentication and uses UDP port 1812 for authentication and 1813 for accounting. There are older RADIUS servers that can use 1645 (for authentication) and 1646 (for accounting). LDAP uses both TCP and UPD ports 389.

For switches, it is important to have enough PoE budget. PoE is for powering the access points, but not all the switch ports support PoE, or there is a budget for only 10 PoE ports on a switch. If there is not enough PoE on the switch, the access points will not power up. Other important thing on switches are the VLANs. Most of the time every SSID has its own VLAN.

DHCP is not only used for assigning IP addresses. Access points use option 43 and option 60 for finding the wireless LAN controller. Very common problems that you can face on the wireless network can be related to DHCP, like a full scope. Another option to let access points know where the WLC is with DNS.

Each architecture has its own installation process.

For controller-based controllers you mount them in rack where the routers and switches are, or the other servers. This can be on the HQ or in a datacenter. You configure a name, IP addresses, VLAN settings, mobility domain for roaming, RF and AP groups, SSIDs, RADIUS settings, radio settings for 2.4 GHz and 5 GHz, RRM, NTP and there are other vendor specific settings that can be configured. You should read through the deployment guide of the vendor. The access points are most of the time configured through the WLC.

Cloud-based controllers are similar to the controller-based controllers. The management system is not on premise, but in the cloud. There is a dashboard where you can configure the network, like firewall settings, prepare firmware, provide static IP addresses or by DHCP. When all the settings are configured you can mount and connect the Ethernet cable to the access point.

You have the option to configure a VMware with a virtual controller or have an access point that plays as a controller, like the IAP from Aruba or Cisco Mobility Express. You can run a configuration wizard or configure it like a hardware controller. The difference is it is not a hardware appliance but virtual on VMware or an access point. Look in the deployment guides since not all the vendors allow virtual controllers and hardware controllers on the same network.

The last architecture is the autonomous access points. Those access points need to be configured individually or through a centralized management solution. However, not all centralized management solutions can configure all the settings on the access points. Some settings still need to be done on the access point itself. The access points have most of the time a web interface to configure them through. When you are staging an access point, they have most of the time a stating address, for example When logged in the web interface you can assign IP address, radio settings, and so on.