CWNP CWNA – WLAN Architecture Part 2
So the heart of centralized wireless lan architecture is that wireless lan controller. And as I said, it’s just basically that central point for data aggregation. All the people that are connecting, it looks like I broke that laptop. Everybody is connecting their data is going to go to that wireless lan controller and then come out on that wired network and the encryption is handled there everything. It just really offloads the work that the access point has to do.
So the access point can just worry about things like the association. It doesn’t even have to do authentication. It can pass that on to the wireless lan controller. They can connect to a radius server and do the authentication that way. Or open up a web page that asks you for your username and password. We often call that a captive portal page, regardless of the vendor. So those are just, like I keep saying, some of the biggest benefits, especially if you have a very robust wireless network.
There is a chance you could have multiple wireless lan controllers to communicate with each other. And the deployment of that can be beneficial again depending on how many access points that you have. So one of the things about wireless lan controllers is that you can split up the load oops that’s an access point. You can split up the load of these access points so that they all don’t have to go to one wireless lan controller unless one of them fails.
So they can connect to each other. They can connect to each other and they also talk to each other, or at least they should. So that if I have a user who’s connected to one access point, I already said that if they roam and then hand off to this other access point, not a big deal. But what if they keep roaming to somewhere else in your network? Now they’re going to connect to an access point connecting to a different wireless lan controller.
But because the two of them are talking, the two know that this user is moving around. So again their settings don’t change, the traffic pattern will change, everything’s still going to go to that home agent, the first wireless lan controller, but the mobility is still there, the encryption is still there, all of that’s great. They can also push out the same or different profiles. One of the profiles for group profiles might be this mobility group that I just talked about, which could be a configuration for a single or multiple types of access points. They can choose again channels and transmit power and you can create these profiles and push them out to multiple devices at the same time. The wireless lam profiles are able to basically take care of things like having different ssids.
You might have from one access point here, the ability to have an ssid that’s called Guest and another one that’s called Network or something else. And that way you give people the opportunity who don’t work for your company if they come in to visit that they can use the guest ssid and by signing up to that ssid and you send it to the wireless lan controller. The wireless lan controller will most often supply that connection with a vlan right away to segment your traffic. That only allows you to go out to the internet and doesn’t allow you to come into your network where those people who connect to the network ssid will have access to the Internet as well but can get on the inside of the network.
So you’re automatically adding some more security through the use of that wireless land controller and that’s a part of your wlan profiles. It’s just a set of configuration parameters again that we’re going to push out and like I said, it can deal with the ssids or different ones. I think I just said vlan assignments as well. And of course if you’re doing quality of service over wireless. That can be a part of the profile as well.
There is a chance you could have multiple wireless lan controllers to communicate with each other. And the deployment of that can be beneficial again depending on how many access points that you have. So one of the things about wireless lan controllers is that you can split up the load oops that’s an access point. You can split up the load of these access points so that they all don’t have to go to one wireless lan controller unless one of them fails. So they can connect to each other. They can connect to each other and they also talk to each other, or at least they should.
So that if I have a user who is connected to one access point, I already said that if they roam and then hand off to this other access point, not a big deal. But what if they keep roaming to somewhere else in your network? Now they’re going to connect to an access point connecting to a different wireless lan controller. But because the two of them are talking, the two know that this user is moving around. So again, their settings don’t change, the traffic pattern will change, everything is still going to go to that home agent, the first wireless lan controller, but the mobility is still there, the encryption is still there.
All of that is great. They can also push out the same or different profiles. One of the profiles for group profiles might be this mobility group that I just talked about, which could be a configuration for a single or multiple types of access points. They can choose again, channels and transmit power and you can create these profiles and push them out to multiple devices at the same time. The wireless lam profiles are able to basically take care of things like having different ssids.
You might have from one access point here, the ability to have an ssid that’s called Guest and another one that’s called Network or something else. And that way you give people the opportunity who don’t work for your company if they come in to visit, that they can use the guest ssid and by signing up to that ssid and you send it to the wireless lan controller. The wireless lan controller will most often supply that connection with a vlan right away to segment your traffic. That only allows you to go out to the internet and doesn’t allow you to come into your network where those people who connect to the network ssid will have access to the Internet as well but can get on the inside of the network.
So you’re automatically adding some more security through the use of that wireless lan controller and that’s a part of your wlan profiles. It’s just a set of configuration parameters again that we’re going to push out and like I said, it can deal with the ssids or different ones. I think I just said vlan assignments as well. And of course if you’re doing quality of service over wireless. That can be a part of the profile as well.
So concept of split Mac is one that I brought up a little bit ago when I talked about how we can offload a lot of the work that a standalone access point is doing by offloading it onto the wireless lan controllers. And by doing that, they just typically use this idea of split Mac, meaning both of them together are taking care of layer two for the osi model by splitting the functions up.
Some other options when you’re doing I talked about this dynamic rf, changing the channel, changing the power for automatic cell sizing and automatic monitoring. You can use it to do troubleshooting. I mean, everything you want in this wireless lan controller, some of the wireless lang controllers. You can even upload the blueprint of your office and you can add add, I mean, if you like to play with us, all the cubicles that are in there and where the kitchen is and what kind of walls and material you have. And all of that can be used in kind of what we create a site survey, and it helps the wireless land controller then say not only where to put the access points in your network, but it also can again determine that if one of those access points go down, which ones to increase the power on to maintain coverage. I mean, it’s just a lot of really cool options. Again, depending on the vendor that you get, it’s best described it says as a self organizing, self healing wireless lan, which it is.
You could put policing policies, bandwidth management, so if you’ve got somebody who loves to download bittorrents at your office, then they’re not supposed to. You could block that with firewall capabilities or you could just dumb it down, policing it so they have barely any bandwidth. I don’t know how many times to say that it does roaming for you. I said the wireless. Now, very seldom when you buy a wireless lan controller, you’re often going to see physical ports, but not too many. And those ports on these wireless lan controllers are supposed to go to switches, but they do make some very small models of wireless lan controllers which you might just actually plug the actual access point into and they can still supply power over that ethernet. We call that the poe. Most often though, we have those access points connected to a switch that can provide that power over ethernet. So I mean, all of those are options and like I said, most of them do that third party edge switch.
There are some different types of forwarding models that we can do with the wireless lan controller. I’ve talked about the centralized one already many times and I said that the traffic from an access point will send the traffic to the wireless lan controller that will then take care of the encryption, all that other kind of cool stuff, the cafe portal and then dump it into the wired network from there so that becomes centralized data forwarding. But remember I said that that might not be appropriate if your headquarters has a very slow connection, let’s say, to a branch office with access points. Because at that level, I would have a problem dumping all my traffic across a wan connection just to have that controller send it back to my local office so we can have a bit of a distributed data forwarding. Either meaning that you have a lower end wireless lan controller at that office, or that you have to tell the access points. That for some networks. Don’t send it to the wireless lan controller, those being local and for everything not local, then send it into the wireless lan controller. So that means the access point, like I said, could do the data forwarding, as I just mentioned locally, and I’ll using that wide area network. Or like I said, you could have again another wireless lan controller out there to take care of that local traffic.
As a review of everything else that we’ve been talking about. The idea of having that wireless lan controller does appear as though your traffic might be doing a uturn. And in a way it is right, because we send that traffic into the access point, it uses a secure tunnel connection to get to the wireless lan controller. Wireless lan controller decides how to forward the traffic so it looks like everything’s doing a uturn. And then of course, from there, you’re going to go to whatever server or server farm or storage area or phone traffic, whatever the case may be. And like I said, if you have a lot of wireless lan controllers, you could actually have a network management server. cisco causes the wcs server, so you can actually manage all of the wireless lan controllers from a single point. And trust me, if you’re into the 50 60 wireless lan controllers, you’re going to want to have some sort of extra network management system to work together with all of them.
As a review of everything else that we’ve been talking about. The idea of having that wireless lan controller does appear as though your traffic might be doing a uturn. And in a way it is right, because we send that traffic into the access point, it uses a secure tunnel connection to get to the wireless lan controller. Wireless lan controller decides how to forward the traffic so it looks like everything’s doing a uturn. And then of course, from there, you’re going to go to whatever server or server farm or storage area or phone traffic, whatever the case may be. And like I said, if you have a lot of wireless lan controllers, you could actually have a network management server. cisco causes the wcs server, so you can actually manage all of the wireless lan controllers from a single point. And trust me, if you’re into the 50 60 wireless lan controllers, you’re going to want to have some sort of extra network management system to work together with all of them.
So in this module, we talked about the Wireless Land client devices, the architectures of the Wireless Land, and some of the specialty items or features that you have in your Wireless Land infrastructure.
Popular posts
Recent Posts