Cisco Wireless Network Architecture

1. Introduction to Cisco Wireless Network Architecture

Cisco wireless networks provide flexibility, scalability, and performance for modern IT environments. Depending on the deployment size and management needs, Cisco offers three main architectures:

Autonomous AP Architecture – Each AP operates independently, making it suitable for small networks with minimal management.

Split-MAC Architecture – Lightweight APs (LAPs) offload management tasks to a Wireless LAN Controller (WLC), enhancing scalability and performance.

Cloud-Based AP Architecture – APs connect to a cloud controller, reducing on-site infrastructure while enabling centralized remote management.

This course explores each architecture’s benefits, traffic flow, and best use cases to help you choose the optimal wireless solution !

2. Autonomous AP Architecture

🔍 Autonomous AP Architecture Overview

The Autonomous AP Architecture is a network setup where each AP operates independently. These Autonomous Access Points (APs) provide wireless connectivity to clients and connect directly to the wired network. This type of architecture is also referred to as “Local MAC architecture.”

Autonomous AP Architecture

Let me guide you step by step to help you understand how this architecture works.

🔹 Configure Each AP Individually

To set up autonomous APs, you need to configure them one at a time. This is done by accessing each AP individually. Here’s how you can do that:

Independent AP Management Configuration Autonomous AP
  • Use a console connection (local access).
  • Access the AP remotely via SSH, Telnet, or a Web Interface (HTTP/HTTPS).

⚠️ Remember: The AP must have a management IP address to enable remote access.

🔍 Scenario Example

Imagine you’re setting up two SSIDs on your network:

  • One for your employees (VLAN 10).
  • One for your guests (VLAN 20).
Autonomous AP Architecture with 2 SSID

🔹 To configure this, you’ll need to:

  • Create the VLANs for your wireless networks.
  • Set up the SSIDs (the names of your wireless networks).
  • Adjust the RF settings, such as the channel and transmit power.
  • Define security policies, like access control lists (ACLs) and QoS rules.

🔹 Connecting the AP to the Wired Network

Once your APs are configured, you’ll need to connect them to the wired network. Since autonomous APs tag wireless traffic with VLANs, the switch port must be set to trunk mode to allow multiple VLANs to pass through.

Autonomous AP Architecture Trunk Link

For example:

  • VLAN 10 will handle employee traffic.
  • VLAN 20 will handle guest traffic.
  • VLAN 100 will manage administrative access and monitoring.

🔹 Ensuring Roaming

In a wireless network, users often move around and connect to different APs. This is called roaming. To make sure users can move seamlessly across the network, you need to ensure that traffic for VLANs 10, 20, and 100 can flow across all switches.

Consistent VLAN Configuration Autonomous AP Wireless

🔹 Here’s what you need to do:

  • Create VLANs (10, 20, and 100) on every switch that connects to an AP.
  • Configure trunk links between switches so that these VLANs can be carried throughout the network.

🔍 Traffic Flow in Autonomous Architecture

Let’s take a closer look at how traffic moves in this architecture.

📢 Case 1: Wireless to Outside Network

When a wireless client connects to the AP and sends traffic to the internet:

  1. The traffic is sent to the AP, which tags it with the correct VLAN.
  2. The AP forwards the traffic to the default gateway.
  3. The gateway routes the traffic to the internet.
Autonomous Architecture Traffic to outside network

📢 Case 2: Wireless to Wireless Communication

When one wireless device sends traffic to another wireless device:

  1. The traffic is first sent to the AP.
  2. The AP forwards the traffic directly to the other device within the same VLAN.
Autonomous Architecture Traffic between wireless devices

⚠️ Limitations of Autonomous APs

Autonomous APs can be a great choice for small networks, but they come with some challenges:

  • Manual Configuration: Each AP must be set up individually, which takes time.
  • Roaming Complexity: You’ll need to maintain consistent SSID and VLAN configurations across all APs and switches.
  • VLAN Propagation: VLANs must be configured across the entire wired network.
  • Manual RF Tuning: You’ll need to manually adjust the channels and transmit power for each AP.
  • Lack of Centralized Management: There’s no central system to control traffic, QoS policies, or security monitoring.

📢 To Summarize : Autonomous APs are a good option for small networks where simplicity is key. However, as your network grows, you’ll find it harder to manage because everything has to be configured manually. That’s when other solutions, like Cloud-Based APs or Split-MAC APs, become much more efficient.

3. Split-MAC Architecture

🔍 Unlike autonomous APs that operate independently, the Split-MAC Architecture divides tasks between the Access Point (AP) and the Wireless LAN Controller (WLC).

In this model, the Access Point becomes a Lightweight Access Point (LAP) because its workload is shared with the WLC.

Why is it called “Split-MAC”?

🔍 Let’s start with the name. The “Split-MAC” architecture separates responsibilities between the LAP and the WLC. The LAP handles real-time tasks, while the WLC takes care of management tasks. This division simplifies the management of your wireless network and allows centralized control over all the APs.

This concept is crucial for your CCNA, so make sure you clearly understand how responsibilities are divided between the LAP and WLC.

Lightweight Access Point Versus Wireless LAN Controller

Roles of the LAP and WLC

Let’s break down the specific responsibilities of each:

Real-Time Tasks (LAP responsibilities):

  • Sending beacons and responding to probes.
  • Transmitting 802.11 frames.
  • Performing packet acknowledgments and retransmissions.
  • Encrypting and decrypting wireless traffic.

Management Tasks (WLC responsibilities):

  • Authenticating and associating clients.
  • Enforcing security policies, such as access control and QoS.
  • Managing client reassociation to enable seamless roaming.
  • Optimizing RF settings, like power levels and channel assignments.

By separating these roles, the WLC takes care of the heavy lifting in managing your wireless network, while the LAP focuses on fast, real-time operations.

CAPWAP Protocol

🔍 The CAPWAP (Control And Provisioning of Wireless Access Points) protocol allows the LAP and WLC to communicate. It’s the backbone of this architecture and ensures that both devices work together efficiently. CAPWAP replaced the older LWAPP protocol by introducing stronger security features.

Cisco CAPWAP Tunnel

Here’s how CAPWAP operates:

  • Control Tunnel (UDP Port 5246):
    • This tunnel manages and configures LAPs. The control traffic is encrypted with DTLS to ensure security.
  • Data Tunnel (UDP Port 5247):
    • This tunnel carries client data. By default, it’s unencrypted, but you can enable encryption if needed.

💡 If you’re curious to dive deeper, CAPWAP is defined in multiple RFCs (5415-5418).

Split-MAC Architecture Example

🔍 To help you visualize, here’s an example:

Wireless LAN Controller and Lightweight APs Split Mac Architecture

Imagine you have several lightweight APs, each connected to a WLC. Instead of configuring each AP individually, you only need to configure the WLC. The WLC will then use the CAPWAP control tunnel to automatically manage and configure the LAPs.

📢 This centralized approach saves you a lot of time, especially in large networks.

💡 Remember that the WLC manages Lightweight APs, and the LAP sends traffic first to the WLC before forwarding it to the destination.

Configuration Example

🔹 LAP establishes a CAPWAP tunnel with the WLC to receive its configuration.

🔍 In this setup, the LAP broadcasts two SSIDs:

  • An Employee Wireless Network on VLAN 10.
  • A Guest Wireless Network on VLAN 20.

Port Configuration

🔹 LAP Port:

  • Configure it as an access port on VLAN 100 (Management).
  • This ensures the LAP can communicate with the WLC for management traffic.

🔹 WLC Port:

  • Configure it as a trunk port allowing VLANs 10, 20, and 100.
  • On this link, set up an EtherChannel. This is essential because all wireless traffic flows through the WLC before being sent to the wired network, and the EtherChannel helps handle the high volume of data efficiently.

⚠️ In summary: The WLC trunk port requires access to all VLANs, while the LAP only needs connectivity to the management VLAN (VLAN 100).

How the LAP Finds the WLC

🔍 You might wonder: How does the LAP find the WLC when I connect it to the network?

Where is the WLC Lightweight AP

When the LAP boots, it searches for the WLC using the following methods:

  1. DHCP: The DHCP server provides the WLC’s IP address via Option 43.
  2. DNS: The LAP resolves the hostname cisco-capwap-controller to find the WLC’s IP address.
  3. Broadcast: The LAP sends a local subnet broadcast to discover the WLC.

⚠️ To prevent unauthorized APs from joining, X.509 certificates are used to authenticate connections between the LAP and the WLC.

Traffic Flow in Split-MAC Architecture

🔍 To recap, we’ve split the responsibilities between the Lightweight Access Point (LAP) and the Wireless LAN Controller (WLC). The LAP handles real-time tasks, while the WLC manages configuration and other management tasks. The CAPWAP protocol ensures communication between them through two tunnels:

Control Tunnel: Handles management and control data. ✅ Data Tunnel: Transports wireless client traffic.

🛠️ A properly configured switched network is essential for this setup. Specifically:

  • Trunk ports should be used for the interface connecting to the WLC to support multiple VLANs.
  • Access ports should be used for interfaces connecting to Lightweight APs.

🔍 How does wireless client traffic flow through the network?

Case 1: Traffic from Wireless Devices to the Outside Network

Split MAC Architecture Traffic to outside

Steps:

  1. Wireless devices connected to the Lightweight AP generate traffic destined for devices outside the local network.
  2. The LAP encapsulates this traffic and forwards it to the WLC through the CAPWAP data tunnel.
  3. The WLC decapsulates the traffic, tags it with the appropriate VLAN based on its configuration, and sends it out toward its destination.

Case 2: Traffic Between Wireless Devices

Split MAC Architecture Traffic between wireless devices

Steps:

  1. When wireless devices within the same network need to communicate:
    • The traffic is encapsulated by the LAP and sent to the WLC through the CAPWAP data tunnel.
  2. The WLC:
    • Decapsulates the traffic.
    • Tags it with the correct VLAN.
    • Sends it back out, directing it to the appropriate LAP to reach the destination wireless device.

⚠️ Even when wireless devices communicate within the network, their traffic is routed through the WLC first for VLAN tagging and forwarding.

Advantages of Split-MAC Architecture

The Split-MAC architecture provides several advantages:

  • Centralized Management: The WLC handles the configuration and monitoring of all LAPs, reducing manual configuration.
  • Seamless Roaming: Wireless clients can move between APs without noticeable delays.
  • RF Optimization: The WLC automatically adjusts RF settings such as power and channel assignments.
  • Self-Healing: If an AP fails, the WLC increases the power of surrounding APs to eliminate coverage gaps.

4. Cloud-Based AP Architecture

🔍 When you need the simplicity of autonomous APs combined with centralized management—but without requiring an on-site Wireless LAN Controller (WLC)—the Cloud-Based AP Architecture becomes an ideal solution.

In this setup, Access Points (APs) connect to a cloud platform for configuration and monitoring. One popular example is Cisco Meraki Cloud, a platform that simplifies the deployment and management of wireless networks by offering an intuitive web-based dashboard.

Cloud Based AP Architecture

🔍 This architecture shifts the controller functionality to the cloud, eliminating the need for a physical WLC at the site. As a result, deploying and managing multiple APs is streamlined through a centralized web dashboard.

The cloud platform oversees tasks such as:

  • Assigning channels to each AP.
  • Configuring transmit power.
  • Fully managing AP settings for seamless operation.

⚠️ Wireless client traffic does not traverse the cloud. Instead, client data is sent directly to the destination much like when using autonomous APs.

💡 For instance, communication between two devices, such as PCs, remains local and does not need to get through the cloud.

Cloud Based AP Architecture overview

📢 This architecture offers a balance between the simplicity of autonomous APs and the centralized control of Lightweight APs.

5. Conclusion

Wireless architectures are essential to meet the diverse needs of modern networks, each offering specific advantages depending on the size and complexity of the deployment.

  • Autonomous AP Architecture is well-suited for small networks due to its simplicity, but its lack of centralized management can quickly become a limitation in larger environments.
  • Split-MAC Architecture, with its centralized approach and lightweight APs, is ideal for enterprise networks requiring simplified management, automatic RF optimization, and seamless roaming.
  • Cloud-Based AP Architecture combines the best of both worlds, offering centralized cloud management while maintaining a simplified on-site infrastructure, making it an excellent choice for organizations seeking a modern, flexible, and scalable solution.

To choose the best architecture, it’s important to consider the size of the network, management requirements, budget, and future scalability.

Cisco Wireless AP Modes