Access Point Protocol The control traffic between the access point and the controller is encapsulated by Lightweight Access Point Protocol (LWAPP). The control traffic is also encrypted via the Advanced Encryption Standard (AES). The data traffic between the access point and controller is also encapsulated with LWAPP. The data traffic is not encrypted. It is switched at the WLAN controller, where VLAN tagging and QoS are also applied. The access point and wireless LAN controller are connected via a network. If it is a switched network, you can use Layer 2 or Layer 3 mode. If it is a routed network, you use Layer 3 mode. Layer 2 LWAPP traverses the network inside Ethernet frames. For Layer 2 mode, the wireless LAN controller and access point must be in the same broadcast domain and IP subnet. Layer 3 LWAPP is encapsulated within UDP/IP packets. The wireless LAN controller and access point can be in the same or different broadcast domains and IP subnets. For Layer 3 mode, the access points need IP addresses. They must obtain an IP address via DHCP. Lightweight access points first search for a wireless LAN controller using LWAPP in Layer 2 mode. Then the access point searches for a WLAN in Layer 3 mode. In Layer 3 mode, the access point first requests an IP address via DHCP. The access point then sends a LWAPP Discovery Request to the wireless LAN controller via an IP directed broadcast. The wireless LAN controller responds with a Discovery Response sourced from its management IP address. This response includes the IP addresses of AP-Managers and the number of access points that are currently associated with each AP-Manager. The access point chooses the AP-Manager with the least number of associated access points and sends the Join request. All subsequent LWAPP communication is unicast to the AP manager IP address. All subsequent LWAPP communication is with the access point manager IP address of the wireless LAN controller. The Cisco 2000 Series delivers WLAN services to small and medium-sized enterprise environments. It supports up to six lightweight access points, making it a cost-effective solution for smaller buildings. With integrated DHCP services and zero-touch access point configuration, the Cisco 2000 Series is also ideal for environments with limited onsite IT support, such as branch offices within a distributed enterprise. The Cisco 4400 Series Wireless LAN Controller is designed for medium to large facilities. It is available in two models:

• Cisco 4402
  • Two Gigabit Ethernet ports
  • Configurations that support 12, 25, and 50 access points
  • One expansion slot
• Cisco 4404
  • Four Gigabit Ethernet ports
  • Support for 100 access points
  • Two expansion slots

In addition, each Cisco 4400 Wireless LAN Controller supports an optional redundant power supply to ensure maximum availability. Wireless LAN controllers are also available for the Cisco Catalyst 6500 and Cisco Integrated Services Routers (ISRs). The two WLAN solutions have different characteristics and advantages. Autonomous access points are configured per access point. Their Cisco IOS software operates independently. Centralized configuration, monitoring, and management can be done via the CiscoWorks WLSE. Autonomous access points can be installed with redundancy per access point. Lightweight access points are configured via the wireless LAN controller. They depend on the wireless LAN controller for control and data transmission. Only in Remote-Edge Access Point (REAP) mode does a lightweight access point not depend on the wireless LAN controller for data transmission. Monitoring and security is implemented by the wireless LAN controller. Centralized configuration, monitoring, and management can be done via the Cisco WCS. Wireless LAN controllers can be installed with redundancy within wireless LAN controller groups.

---

Content 6.5 Implementing Wireless LANs 6.5.3 Describing WLAN Components A WLAN consists of the following components:

• Wireless clients are connected to the network (for example, notebooks).
• Access points build the WLAN infrastructure.
  • Autonomous access points
  • Lightweight access points
• Lightweight access points are configured using WLAN controllers.
• WLAN management administers and monitors large deployments of WLANs.
• Network infrastructure is provided by switches and routers to connect access points, controllers, management, and servers.
• Network services, such as DHCP, Domain Name System (DNS), and authentication, are required both for the wireless network and the user.
• Cisco Aironet bridges operate at the MAC address layer (data link layer).

---

Content 6.5 Implementing Wireless LANs 6.5.4 Cisco Unified Wireless Network The Cisco Unified Wireless Network is an end-to-end unified wired and wireless network that cost-effectively addresses WLAN security, deployment, management, and control issues. Cisco’s unique approach addresses all layers of the WLAN network, from client devices and access points, to the network infrastructure, to network management, to the delivery of advanced wireless services. The Cisco Unified Wireless Network is composed of five interconnected elements that work together as building blocks to deliver a unified enterprise-class wireless solution:

• Client devices: Cisco is leading the development of interoperable, standards-based client devices through the CCX program. CCX helps to ensure the widespread availability of client devices from a variety of suppliers that are interoperable with a Cisco WLAN infrastructure. Cisco Compatible client devices deliver “out-of-the-box” wireless mobility, QoS, network management, and enhanced security.
• Mobility platform: Cisco Aironet lightweight access points provide ubiquitous network access for a variety of indoor and outdoor wireless environments, including wireless mesh. The Cisco solution supports a wide array of deployment options, such as single or dual-radios, integrated or remote antennas, and ruggedized metal enclosures. They operate as plug-and-play wireless devices with zero-touch configuration.
• Network unification: The Cisco Unified Wireless Network includes a solid migration path into all major Cisco switching and routing platforms via Cisco WLAN controllers. Cisco WLAN controllers are responsible for systemwide WLAN functions, such as integrated intrusion protection system (IPS), real-time RF management, clustering, zero-touch deployment, and N+1 redundancy.
• World-class network management: The Cisco Unified Wireless Network delivers the same level of security, scalability, reliability, ease of deployment, and management for WLANs that organizations expect from their wired LANs. Cisco’s world-class WLAN management interface is the industry-leading Cisco WCS. Cisco WCS brings ease of use to WLAN management. It provides a powerful foundation that allows IT managers to design, control, and monitor their enterprise wireless networks from a centralized location, simplifying operations and reducing the total cost of ownership.
• Unified advanced services: The Cisco Unified Wireless Network cost-effectively supports new mobility applications, emerging Wi-Fi technologies, and advanced threat detection and prevention capabilities. Cisco services are more comprehensive than other wireless point-product vendors. Cisco’s solution supports:
  • Advanced features, such as wireless VoIP and future unified cellular and Wi-Fi VoIP
  • Emerging technologies, such as location services for critical applications like high-value asset tracking, IT management, and location-based security
  • Advanced wireless security features, such as Network Admission Control (NAC), Self-Defending Network (SDN), identity-based networking (IBN), intrusion detection systems (IDS) and guest access for end-to-end network security

The