Cisco Wireless Controller Software for SRE

The Evolution of Controller-Based Wireless LANs

  • Viewing Options

  • PDF (149.2 KB)
  • Feedback

This paper revisits the benefits of centralized 802.11n wireless LAN networks and describes the case for transforming the controller-based architecture to match market needs. Centralization of wireless LANs (WLANs) delivers networks that are easy to deploy, scale, and manage. A local-mode controller-based campus environment delivers increased device scalability and an interactive multimedia experience coupled with enhanced policy to manage the full range of mobile devices. A controller-based deployment using FlexConnect technology enables multisite, lean branches to manage the increased scale of deployments without additional increase in operational complexity.


In the last 10 years, wireless LAN networks have experienced an incredible evolution. From the technology perspective, we have transitioned from 802.11b to 802.11a/g to 802.11n. The growth of mobile devices such as smartphones and tablets has fueled the demand for new wireless networking equipment that supports higher capacity, enhanced scale, and reliability. From an applications and services perspective, voice, video, location, and context capabilities are growing exponentially.
Pervasively deployed, high-capacity, optimally designed wireless networks are now mainstream. At the same time unique architecture requirements have emerged for campus and branch environments. The proliferation of wireless devices has led to the organic need for enhanced scale while simultaneously lowering the operational costs to align with IT budgets. At the same time, certain unique needs have emerged within campus deployments in contrast to deployments in a lean, multibranch environment. A lean branch is defined as having both limited IT budgets that prohibit hiring a local network administrator and deploying physical controllers per branch, as well as having limited needs of shaping the WLAN data. This paper outlines the Cisco ® wireless architectures available to address the performance and scale for each wireless deployment scenario.


Cisco pioneered WLAN centralization and delivered the industry's first unified platform for advanced wireless LAN services. This robust architecture was standardized with Control and Provisioning of Wireless Access Points (CAPWAP) and was flexible enough to deploy in various scenarios with local mode as well as Hybrid Remote Edge Access Point (H-REAP) mode.
History showed us the following benefits of centralization:

Lower Operational Expenses

A controller-based, centralized architecture enables zero-touch configurations for lightweight access points. Similarly, it enables easy design of channel and power settings and real-time management, including identifying any RF holes to optimize the RF environment. The architecture offers seamless mobility across the various access points within the mobility group. A controller-based architecture gives the network administrator a holistic view of the network and the ability to make decisions about scale, security, and overall operations.

Easier Way to Scale with Optimal Design

As enterprise deployments scale for pervasive coverage and to address the ever-increasing density of clients, operational complexity starts growing exponentially. In such a scenario, having the right hierarchical split-MAC architecture enables the network to scale well. With a hierarchical architecture, the network management system also needs to communicate with fewer controller entities instead of reaching out individually to tens of thousands of access points for configuration, firmware, and RF management. A centralized controller also does not require VLANs to be configured across edge switches connected to access points, which enables easier scaling across the network. Using a dedicated device for a controller enables the access point to focus on RF optimization functions such detection and classification using Cisco CleanAir technology and Cisco ClientLink.

Single Location to Apply Wired and Wireless Services

A local-mode architecture uses the controller as a single point for managing Layer 2 security and wireless network policies. It also enables services to be applied to wired and wireless traffic in a consistent and coordinated fashion. Based on applications today, most data flows towards the data center or the Internet. While video conversations are likely to grow over the next few years, these conversations are more likely to happen in separate physical locations, potentially spanning long distances, with peers in another site. Therefore, even video traffic is unlikely to be locally forwarded in most cases.
In addition, certain controllers, such as Cisco Wireless Services Module (WiSM) blades on the Cisco Catalyst ® 6500 Series Switches, perform various other functions, including application inspection using the Cisco Network Analysis Module, enhanced security with a full stateful firewall and intrusion detection system, and more. Placing the controller in a centralized location simplifies N+1 or N+N redundancy, depending on the size of the network. This redundancy means that for each wireless controller (N) there is at least one backup controller (+1). The backup controller is not positioned to actively contribute to normal system operation but provides a reliable way to protect the network in case of any failure or downtime on the component being used to manage network access.

Enterprise-Grade Controller

While controller-like functions can be run on various types of devices and can exist at any location, there are certain attributes that differentiate a true enterprise-grade solution:

• A CAPWAP-based flexible architecture, which supports all types of deployments, from home to enterprise, indoor and outdoor, campus to branch

• The ability to support seamless mobility across a Layer 3 network in a large-scale campus and high resiliency across the branch

• The ability to make real-time radio resource decisions in a holistic manner on the controller, which allows the controller to take into consideration various networkwide statistics

• High, system-wide throughput even with data encryption and access control lists (ACLs)

• The capacity to support access point scalability, simultaneously serving clients, monitoring for wireless intrusion detection system and wireless intrusion protection system (wIDS/wIPS), location, rogues, and system-wide scaling of spectrum detection, classification, and event-driven radio resource management

• The ability to support simultaneous upgrades of hundreds of access points within minutes and to fail-over to a redundant controller within seconds

Market Bifurcation

With the growth in mobile devices and mobile commerce (mCommerce) applications, the importance of pervasive mobility continues to grow in all environments. The mission criticality of mCommerce applications means that the ability to provide full spectrum capacity with Dynamic Frequency Selection (DFS) and to use the best channels through CleanAir is necessary across all deployments. With an increase in the number of wireless deployments, custom demands within some categories of deployments are more essential. Environments with multiple lean branches demand the ability to scale in a cost-effective manner, while at the same time providing the reliability of WAN tolerance, coupled with the same simplicity of management that a centralized architecture provides. The demands from campus environments, on the other hand, center on enhancing the scale of rich media and policy management, continually lowering operational costs, and minimizing downtime during network upgrades. A controller-based architecture continues to be relevant in addressing both market segment needs. The next section considers the specific requirements of the branch and campus environments to understand how optimal solutions can be deployed.

Lean Branch Environments

Since its inception, the Cisco Unified Wireless Network has included the option to operate in the H-REAP mode instead of local mode. The Cisco Flex 7500 Series Cloud Controller has helped evolve H-REAP into a scalable, robust FlexConnect solution optimal for the lean-branch environments such as those found in retail and financial organizations. In particular, the following trends specific to multiple-branch deployments have emerged.

Consolidated Operations

An increase in mobile devices, coupled with the need by applications that demand pervasive mobility, has led to an increase in the size of networks deployed. At the same time, IT budgets have continued to shrink, limiting the ability to maintain a network expert within the branch. This has led to increased demand for a highly scalable controller deployed at a central location.

Tolerance for Slow WAN Links

The presence of slow WAN links means that latency-sensitive data traffic cannot flow back to the central controller to be off-loaded locally. Also the mission-critical wireless applications require that wireless clients continue to operate even if WAN link go down. In some instances of deployments, even authorization needs to be off-loaded to the access point and, wherever possible, a local RADIUS server. It is also desirable to limit downtime during network upgrades. The pre-image download feature in Cisco Unified Wireless Network is the ability to download the images on the access points in advance of the actual upgrade, thus reducing network downtime significantly.

Campus Environments

In addition to the traditional benefits of a Cisco Unified Wireless Network approach, the local-mode deployments have the following custom demands.

Seamless Mobility

In a campus environment, it is crucial to remain connected to your session despite walking between various floors or adjacent buildings with changing subnets. The local controller-based Cisco Unified Wireless Network enables fast roaming across the campus.

Ability to Support Rich Media

As wireless has become the primary mode of network access in many campus environments, voice and video applications have grown in significance. Local-mode deployments enhance robustness of voice with Call Admission Control (CAC) and multicast with Cisco VideoStream technology.

Centralized Policy

The consolidation of data at a single place in the network enables intelligent inspection through the use of firewalls, as well as application inspection, network access control, and policy enforcement. In addition, the uses of network policy servers enable correct classification of traffic from various device types and from different users and applications.

Indoor Mesh

Various campus environments include a few buildings that require temporary wireless deployments with an indoor mesh. Such architecture requires a local-mode controller-based deployment.


To match the scale, throughput, and robust needs of today's environments, WLAN infrastructures need to evolve. The distinct needs of campus and lean, multiple-branch environments require a flexible architecture that supports both deployments. The Cisco Unified Wireless Network with local-mode Cisco 5500 Series Wireless Controllers and Cisco Wireless Services Module 2 (WiSM2) optimally addresses campus requirements, while the Cisco Flex 7500 Series Cloud Controller is the industry-leading solution in lean branch environments.