Category Archives: Wireless LAN Controller

Why is a Controller required in a wireless network

What can you do with a controller based centralized wireless networks of today? Read on to find out the features and functionality provided by controller based wireless (Wi-Fi) networks for medium and large institutions/ enterprises.

First of all, a wireless controller is a centralized Wi-Fi management device that manages all the access points in a campus. The following points illustrate why a controller is inevitable for larger networks.

Centralized Authentication:

No more individual MAC address tables and updation in each access point, controller provides for a centralized authentication mechanism through individual user name-password based Radius Server/ Active Directory/ LDAP Integration , centralized MAC address filtering or certificate/ shared key based authentication for all the clients from a central location.


Centralized Radio Management for all Access Points:

  1. Interference Mitigation: Adjacent Access Points are always maintained to operate in different non-overlapping channels by the controller so that there is no loss of packets due to interference in a dense wireless network. Avoiding same channel interference in dense wireless networks. Interference-Mitigation
  2. Load Balancing: The users are automatically shifted to adjacent access points if the load (number of users connecting) on one access point is high and the neighboring access point is lesser. Load balancing of users across access points in a controller based wireless networkloadbalancing
  3. Radio Balancing: 802.11n enabled clients are connected to the 802.11n radios, 802.11a enabled clients are connected to 802.11a radios; 802.11b/g enabled clients are connected to 802.11b/g radios in a multi-radio enabled access point.
  4. Fail Over: Clients are automatically shifted to neighboring access points if any access point suddenly fails, thereby introducing redundancy in the network. Controller based Access Points shift all wireless users to neighboring access points in case if any access point failsautofailover

RF Visualization: Another advantage of today’s centralized wireless networks are the visualization capabilities of the Controller. Once the Floor plan of the campus is integrated with the controller, the coverage pattern, signal strength, users associated in each access point and various parameters can be viewed LIVE over a PC monitor (through a web based application) sitting in a central location. This makes monitoring and trouble shooting of networks very easy. You can also locate any active Wireless client in the network map by just typing its MAC ID in the software.


RF Visualization in a wireless network

Network Access Control based on User Identity:

With today’s centralized Controller based Wireless networks, wireless users can be further segregated in to sub-groups and each group can be given separate network access policies. For example, all the wireless users accessing the network from the finance department can be given SAP/ERP access while the sales department can be denied the same. Internet access for the junior management staff can be blocked and guests can be given temporary internet access without giving access to internal network. IT department and senior management can be given full unrestricted access to the network resources. Certain laptops/ wireless clients can even be blocked network access if they do not have the latest versions of the anti-virus/ OS patch running on their systems. You thought all this is possible only with wired networks?? Not any more.



After authentication, all the wireless packets are encrypted end to end using 128 bit encryption technology making it difficult for any casual intruders to get in to your network.

Wireless Intrusion Detection/ Prevention Systems (Where dedicated access points can act as scanners for wireless threats) can identify and block a whole range of wireless attacks like:

  1. Ad-hoc network
  2. Mis-association of AP/Client to other network access points
  3. Rogue Access Points detection and prevention
  4. Multiple futile attempts to connect to the wireless network
  5. Honey pot attacks/ Man-In-The-Middle Attacks
  6. Denial of Service Attacks etc.

Branch offices and remote offices are also protected as the controller can form a Secure VPN tunnel between the HO and branch locations. Rogue Access Points and Laptop’s can be even located using location visualizers.

Mesh Connectivity:

Now you can connect even the Access Points without Cables!!


Bandwidth Restriction per user/ per group:

You can prevent a few wireless users from clogging the entire network by restricting the bandwidth available to them at any point of time. You can also reserve a minimum bandwidth to all the critical users.


Quality of Service through Traffic Prioritization: A centralized controller based wireless infrastructure can identify and differentiate between different types data packets and prioritize the critical traffic on the wireless network infrastructure – This is crucial for real time wireless traffic like voice, video etc.

Source: .excitingip |  Rajesh K. March 8, 2010

Wireless LAN Controller

From Wikipedia, the free encyclopedia

A wireless LAN (WLAN) controller is used in combination with the Lightweight Access Point Protocol (LWAPP) to manage light-weight access points in large quantities by the network administrator or network operations center. The wireless LAN controller is part of the Data Plane within the Cisco Wireless Model. The WLAN controller automatically handles the configuration of wireless access-points.


• Interference detection and avoidance: RF power and channel assignment will be adjusted to the plan

• Load balancing: Disabled by default, high-speed load balancing can be used to connect an user to multiple access points for better coverage and data rates

• Coverage hole detection and correction: Part of the RF management is the ability to handle power levels. Power can be increased to cover holes or reduced to protect against cell overlapping

The WLAN controller also comes with various forms of authentication such as: 802.1X (Protected Extensible Authentication Protocol (PEAP), LEAP, EAP-TLS, Wi-Fi Protected Access (WPA), 802.11i (WPA2), and Layer 2 Tunneling Protocol (L2TP)