LWAPP Advantages (Cisco Wireless LAN Controllers)

As mentioned in the introduction to this topic, as enterprise wireless networks grow, administration and management needs increase. You also need to keep a handle on the security of the wireless network as it grows. The infrastructure needs to be easily scalable to allow for painless, or nearly painless, growth.

Because LWAPP allows the 802.11 functionality to be split between the AP and the WLC, it provides a solution to each of these factors, as discussed in the following sections.


AP management is one feature of LWAPP that is a huge departure from previous ways of doing things.

Originally, if a wireless network was composed of hundreds of APs, distributed across different floors in a building, each one needed individual monitoring, configuration, and RF coordination. This was a difficult task, and some products were designed to simplify this, like the Wireless LAN Solution Engine (WLSE), for example. WLSE offered a simplified view; however, APs were still "individual" units.

The emerging presence of WLCs and LWAPP provides a much easier method of AP management. In simple terms, the idea is that each WLC can offer management of anywhere from 6 to 150 APs. The WLC is a single point of aggregation, where

■ Configuration is generated for all devices.

■ All APs can forward raw operative data for aggregation.

■ It is possible to enforce coordination between different RF parameters across all APs.

A WLC has a higher processing capability than an individual AP, which allows you to offer an even higher level of coordination among multiple WLCs.

Of course, given a maximum capacity of 150 APs in current LWAPP-based WLC models, aggregation of operative data across each WLC must be available. The Wireless Control System (WCS) and WCS Navigator allow you to manage multiple WLCs from a single server. WCS and WCS Navigator are outside the scope of this topic.

Note 5500 series WLCs can support up to 250 APs, but they require 6.0 code, which uses CAPWAP instead of LWAPP. To stay in line with LWAPP features, the maximum AP capacity of an LWAPP-based controller is 150.


With AP management simplified, the wireless network can now be looked at from an operative point of view with WLCs in place of APs. This substantially reduces the number of individual units that must be administered.

Because LWAPP offers a separation between the existent LAN traffic and the "new" wireless traffic, it simplifies network planning and traffic handling.

Adding capacity to an existing wireless network can be seen as a process of physically studying the RF environment that needs to be covered (to properly add and place the APs) as well as adding WLCs to the mobility group to handle the added load. Through the inherent capabilities of LWAPP, the WLC will offer AP load distribution and failover features.

Note Never forget a proper RF site survey.

WLCs using Radio Resource Management (RRM) can compensate for environmental changes and "fix" coverage problems, but they can never correct an RF deployment that was performed incorrectly in the first place.


LWAPP-based systems offer several advantages over traditional individual deployments, including the following:

■ Wireless traffic enters the network over a single point (WLC) instead of multiple ingress points (APs), making traffic inspection easier.

■ The WLC is now responsible for acting as an authentication point (authenticator), so you now have to configure a single device instead of 100 to take care of authentication.

■ An AP does not have a full configuration that can be extracted if someone has physical access to it. Also, no one can tamper with the configuration because it can only be configured from the WLC, using encrypted and authenticated LWAPP control messages.

■ The WLC can authenticate the APs that try to join the wireless infrastructure to prevent the introduction of rogue APs with malicious intent.

This list accounts only for the inherent security features of LWAPP and not the different security processes that use LWAPP as encapsulation, such as rogue detection or Intrusion Detection Systems (IDS).


Given a simplified deployment and management model, wireless systems became pervasive across the enterprise, opening new working models and applications where users and devices can have permanent network access all the time, in all areas. This opens a full range of new possibilities.

LWAPP systems believe it is critical that this new mobility is kept across different areas and inside the enterprise. Because the APs return all the RF and client information to their respective WLCs using the LWAPP tunnel, inter-controller communication allows all controllers in a mobility group to have information about the entire RF environment and the wireless clients. Several additional protocols allow interaction between standalone controllers, keeping the scalability and providing seamless roaming.

Table 3-1 summarizes the wireless network administration advantages that are inherent with an LWAPP-based wireless infrastructure.

Table 3-1 LWAPP and Standalone AP Comparison


Standalone AP WLAN


Centralized; can manage/configure up to 150 APs from a single controller.

Decentralized; have to touch each AP individually.


Can easily add APs to the network. As soon as the AP is registered to the controller, it can start servicing wireless clients. Basically plug-and-play. AP failover and load balancing. Sharing of RF information.

Each new AP must be configured individually. Without WDS1, WLSM2, or WLSE, no sharing of RF information.


Single network egress/ingress point for client traffic on the network. (Note that with H-REAP3 deployments, this is not necessarily the case.) An LWAPP AP that is not connected to a controller cannot service wireless clients. WLC can authenticate APs to prevent rogue LAPs4 from being on the network.

Multiple egress/ingress points. Each AP bridges client traffic to the wired network. Someone with physical access to the AP can reconfigure it for their own use.


Client devices can L2/L3 roam seamlessly within the wireless network.

Must have a WLSM for L3 roaming.

1WDS =Wireless Domain Services

2WLSM = Wireless Integrated Service Module

3H-REAP = Hybrid Remote Edge Access Point

4LAP = lightweight access point

Next post:

Previous post: