Making the Case for Centralized WLAN Management
Standalone wireless access points are a burden to manage. Cisco has a wide suite of centralized wireless controllers available to centralize and manage your thousands of access points as one. In this article, we examine how WLAN management looks in the world of centralized control with Cisco controllers.
In the absence of WLAN controllers, configuring a new access point requires a few steps. First, you remove it from the box and connect it to your laptop's serial port. Next you login and paste in your standard configuration and set the IP, after allocating an IP address and creating the DNS and DHCP entries. Next, you decide where to plug it in and configure a switch port to connect the access point to. Finally, you can deploy the access point.
With centralized management, the only required step is the physical deployment. The access point will need to connect to a trunk port on your switch if you run more than one wireless network and wish for it to land on a specific virtual LAN (VLAN) once it hits the wire. Even without a special VLAN configuration, you will need to place the access point in the right VLAN to get DHCP and the next-server address of the wireless controller, where it fetches its configuration from. The port configurations can be done ahead of time, and pushed out to many switches at once; or they can even be automated. Suffice it to say, deploying new access points in this manner is most enjoyable.
It may seem a marginal benefit to save 20 minutes of configuration time to configure new access points, especially to smaller businesses. Larger infrastructures may have 100, 1,000, or even 10,000 access points to deploy and manage. With thousands of access points, it simply isn't possible to configure, let alone manage, such a large wireless network.
Not only do centralized wireless controllers ease the burden of deploying new access points, but they also greatly simplify the day to day management of them.
Aside from automated deployment, which, truth be told, is available to some extent with third party management tools, centralized wireless controllers are also able to implement some neat tricks.
Management, as was briefly touched on, is done from a single point. Not only is logging in to the thin-client access points impossible, it is unnecessary. Controllers allow the administrator to create groups for many purposes: geographical, security, and features. To deploy a change to the wireless configuration of an entire building, for example adding an SSID, simply apply that change to the group.
Wireless controllers are able to implement tricks unavailable in a standard decentralized wireless network. RF management, for example, allows the controller to detect radio interference and work around it by automatically boosting the power of nearby access points. Voice over Wi-Fi with proper QoS and location services allows for reliable and robust deployment of VoIP services.
Location tracking is useful for more than emergency services. User mobility when roaming between access points with potentially different networks, even with the ability to track and manage security policy updates, is possible with these controllers. The controllers also implement IPS and IDS features, and can use the location services to pinpoint the exact location of an evildoer. Defining security groups and configuring authentication protocols without having to manually configure an access point is also another time saver.
Ultimately, a whole slew of features is available when a centralized controller is calling the shots. Perhaps the most beneficial features--because let's face it, most people could at least partially automate the centralized configuration duties--is RF control. The capability to knock rogue access points off the air and work around obstructions and interference is nothing short of amazing. There is no longer any need to physically move about access points due to spotty coverage, nor to run about frantically trying to locate an unauthorized device somewhere within a quarter mile.
To implement a central wireless controller, you first need to find one. There are two Cisco options: standalone and modules. Both types have the same software, and therefore the same feature set, so the decision comes down to which you'd prefer. You will likely want two, since the drawback to centralized control is that all wireless traffic will flow through the central point, making the controller a single point of failure. The controllers have high availability features, which will allow one unit to take over if the first becomes unavailable.
The 2100, 4400, and 5500 series devices are standalone controller units. Integrated controllers and controller modules are available for many Cisco routers. Modules in the 6500 series are called the WiSM (Wireless Services Module), and the integrated controller stacks with other 3750 devices. Finally, the integrated service module is available for a number of Cisco routers (but not the 2600 series). The service modules often come with a limited feature set, as many of the devices they are available for are targeted at SMBs. Just pay attention to how many simultaneous clients and access points each will allow.
To get started implementing a controller-backed wireless network, you must first consider what to do with existing access points. You can re-flash your existing Cisco Aironet 1200 series access points to be thin clients, but since the thin access points are less expensive, this is often difficult to justify. Deploy a test network, sell them on eBay, or re-flash them; in the end, you need thin access points running the firmware the controllers expect to take advantage of all the features. Afterward, you simply need to configure the controllers and VLANs, and start deploying hundreds or thousands of access points.
Managing a heterogeneous wireless network with central controllers, provided by the same vendor, is absolutely the easiest way to deploy a scalable WLAN infrastructure. The cost of developing your own scripts or buying third party management software far outweighs the cost of the access point controllers. Even ignoring the added functionality you get with WLAN controllers, it makes sense to stick with one vendor: one vendor to call, one bill to pay, and a higher probability of 100 percent reliability.