Difference between Stand Alone Access points and Controller based Access points


This article discusses the difference between Stand-Alone Access Points (Thick) and Controller based Access Points (Thin) in a wireless network. We discuss the basic structural difference, authentication, radio management, security, access control and other management features in both of them.

There is always a question of which is better: Stand alone access points or Controller based access points for Wi-Fi access. While the obvious answer would be ‘Controller based access points’ for its centralized management, configuration, encryption, updates and policy settings through a centralized controller, they come with a cost. You would be surprised at how much a small enterprise grade Stand alone Wi-Fi access point (Not the home/SOHO access point) can do, at a very low price. Hence, the Stand alone access points maybe sufficient for certain small deployments. They could be used even in larger deployments along with a multi-vendor Wireless LAN Management software which gives centralized control interface. We will see the differences between thin and thick access points, with respect to the following parameters.

Authentication: Enterprise grade Stand alone (thick) access points support MAC authentication as well as 802.1x authentication through a Radius server or both, much like the controller based (thin) ones. Except maybe for a guest access, where a separate captive portal can be integrated in to the controller to authenticate the guests and keep them on a separate network (different from the internal network) without having to create a profile for them or making any changes on the Radius server.

Encryption: Stand alone access points encrypt the communication between themselves and the laptop/PC but controller based access points encrypt the entire line – PC to access points to controller. WPA2, which is the latest encryption standard, would be supported by most of the controllers, while some stand alone access points may be using WEP or its equivalents, which are weaker. A stand alone access point may store encryption keys, and if they are stolen, those keys could be retrieved.

SSID/VLAN: While there can be a number of SSID’s and VLAN’s in stand alone access points for grouping the number of users, generally the wired VLAN needs to be extended over the wireless too, and the VLAN settings depend on the wired VLAN parameters. With controller based access points, there could be just one SSID and separate wireless VLAN’s under it, which is totally independent of the wired VLAN settings. The controller acts as a layer 3 device and hence is able to by-pass the layer 2 VLAN settings of the switch.

Radio Management/ Channel Management: While the controller based access points can provide very good radio management via the controller by making sure no two neighbouring access points are transmitting in the same channel (frequency) as that might result in interference, Stand alone access points can also monitor the neighbouring access points by themselves to ensure this automatically. Like the controller based access points, the stand alone ones can also reduce power levels dynamically in order to reduce interference in some situations.

Group configuration: Group configuration and centralized management, updates of firmware is easier with controller based access points. Very few stand alone access points can also do this by the process of “Clustering” or “Grouping” where there is a master access point which intimates all the slave access points if any changes in configuration are made. But the number of such access points that can group together is limited.

Bandwidth/ Load balancing: Some controller based access points can limit the maximum bandwidth that can be used by individual station/ group to make sure that one station/group would not overload the whole network. This cannot be done by stand alone access points. Controller based access points can also balance the load across the access points in that area. Suppose if there are 15 stations associated with one access point, and a neighbouring access point has only five, five stations from the first access point are sent to the second automatically so that the load in each of them is almost similar and the performance of the wireless network is optimum. But stand alone access points cannot do this.

Redundancy: Well, the controller is a single point of failure and the access points attached to it may not work if the controller is down. That is one reason why the High Availability mode always has a back up controller, sitting passively. But however, if any access points attached to this controller fails, the clients are automatically forwarded to the nearest access point without a dis-connect. If a stand alone access point fails, the users could still connect to the neighbouring access point (provided there is one in the vicinity) but only after the current session is terminated and after re-authentication and sometimes an administrator may need to give permission in the ACL of that access point.

Network Access Control: Some controllers can control the network access on a per user basis. For example, individual user/group could be denied access to use certain applications like internet/SAP or any other service. Basically policies could be set in the controller to restrict them to certain applications only. The users could also be integrated with the existing NAC policies of the wired network. Many stand alone access points cannot do this.

Security: While most of the stand alone access points can identify a rogue access point and provide some basic IDS functions, controller based access points can do much more. They can dedicate a radio (or whole access points) for wireless intrusion detection and monitor the network for wireless threats like MAC spoofing, honey pot attacks, Denial of Service attacks, Ad-hoc networks etc.

Quality of Service: Both stand alone access points and controller based access points can support prioritization of data packets based on applications/protocols like voice, video etc. to ensure that the delay sensitive voice/video packets are processed before the data traffic like mails etc. according to the IEEE WMM – Wireless Multimedia Standard. Controller based access points can go one step ahead and give true roaming by handing over the voice sessions between the access points for the Wi-Fi voice clients.

Mesh Networking: Both controller based and stand alone access points can support mesh networking – the connectivity between two or more access points through wireless mode (in addition to the connectivity to the laptops/stations). Normally all the access points are connected in the back end through a wire, but they can also connect to one another using dedicated radios with dual radio access points. Mesh networking might be required where data cables cannot be taken or taking them becomes very expensive. However, mesh networks reduce the amount of bandwidth supported with each hop.

Live monitoring of Wireless network and location based services: The controller based access points can allow floor plans (of the area covered with Wi-Fi) to be integrated with the controller and the power levels (signal strength) of the Wi-Fi network at different places can be viewed Live (pictorially with different colour levels indicating different signal strengths) for network and performance monitoring,. Stand alone access points cannot do this. Some controllers also integrate location based services which can identify any active wireless client in the floor plan (through its MAC address, for example) within a range of 3-5 meters.

The points mentioned in this article are not comprehensive and they are supposed to serve as a guidance only. It should also be remembered that these parameters change from vendor to vendor for both stand alone and controller based access points.

Related Article: Why is a controller required for a large wireless network and what are the features of the wireless controller

excITingIP.com

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”


2 thoughts on “Difference between Stand Alone Access points and Controller based Access points

  1. james

    hello. thank you for this breakdown of access points. I am studying networking and my CCNA right now and this was a nice discovery. thanks again!

  2. Roger Avilash
    Roger Avilash says:

    Really it was very useful

Comments are closed.