| technology | networking - Christian Scott
5 Reasons Why Autonomous WLANs Don't Scale
While studying for the Certified Wireless Network Administrator (CWNA) certification, several of the topics you will encounter are WLAN architectures and wireless local area network scalability. Scaling wireless networks is a critical need for many businesses, especially those with large campuses, manufacturing or warehouse space, and medical environments.
As these facilities expand in physical size or the need for network mobility in various areas increases, you must make sure you provide a scalable wireless LAN solution that can be adapted to the needs of the business. To understand how to scale wireless networks, you should be familiar with the three types of architectures that exist for wireless LANs: autonomous, centralized, and distributed.
Centralized and distributed deployments are what most businesses leverage for scalable and manageable wireless access in office environments. Let's discuss the first architecture type, Autonomous WLANs, and why they are difficult to scale.
What are Autonomous WLANS?
Autonomous WLANs consist of access points traditionally called “fat” access points, or autonomous access points. This means the access point contains all three functional planes of WLAN architectures within one physical unit: control, data, and management. The autonomous WLAN architecture is very likely the one used in your home network — unless you are using one of the more recent consumer wireless mesh networks, which are considered a distributed WLAN architecture.
Autonomous WLANs have a few benefits, namely simplicity and self-reliance. They are easy to deploy because there is often only one access point, so configuration is handled on that system’s interface (web GUI, CLI, SSH, or perhaps even SNMP). They also do not rely on another web service or controller to receive updates to their configuration or tunnel traffic, as distributed and centralized deployments do.
There are also disadvantages to using these types of access points when attempting to scale a wireless network. Especially when it comes to coverage for large campus, medical, and manufacturing environments. Let's examine five reasons why — and what to consider when designing wireless networks.
1. Managing Large Numbers of Siloed Access Points is Difficult
One of the most challenging problems to deal with as a wireless administrator is the sheer number of networking devices that exist in deployments. In small and home offices, there may only be one to three wireless access points. This makes it relatively easy to manage each access point independently. If you were to keep purchasing the same autonomous or fat access point to scale out your wireless network into the company’s warehouse, you have a couple of things to consider.
In autonomous deployments, all configuration for access points is handled on each physical radio. This includes system settings for the access point, such as date, time, power levels, ITU region, and logging servers. It also includes detailed network settings, such as your actual wireless network SSIDs and relevant security settings. This means, if you need to make a change to the wireless password for a particular SSID, you must log in to the configuration page of each access point in your building, and make the change manually. The same applies to any of the system settings you want to control on the radios.
With a centralized or distributed deployment, this is handled on the WLAN controller, and the changes you specify are replicated to all of the access points in the deployment, who obey the controller and update their operations automatically.
2. Security, VLANs, and Guest User Policies Cannot be Managed
As corporations increase their building space, wireless network security becomes more important. It is vital that you segment different types of wireless clients on corporate WLAN deployments to prevent unauthorized guests from accessing company resources. This can be accomplished through the use of VLANs, stateful firewalls at the access point, and device/user policies with WPA Enterprise authentication. With autonomous wireless deployments, it is only possible to meet some of these needs.
For example, you could enable a traditional autonomous WLAN to work with different VLANs and subnets per the basic service set identifier (BSSID) that is broadcast on the network. However, you would not be able to centrally manage these settings as required policies, which are critical for security. Or execute active firewall policies on the wireless access points, to ensure guest laptops are not able to access corporate resources. With centralized and distributed WLAN architectures, these tasks become much easier, as the security, segmentation, and firewall filtering tools are built into the wireless controllers and access points by default.
Another common requirement for scalable wireless deployments is a Wireless Intrusion Prevention (WIPS) system, which watches for rogue or impersonation access points and actively jams them from broadcasting — to prevent real clients from connecting to a fake access point, acting as a man in the middle.
3. Traffic Flow for Wireless Clients on Access Points
This is a big one. In autonomous wireless deployments, each access point is making decisions about client traffic; where to send it, which protocol to send it with, and what security and filtering should be applied. While this brings some efficiency, with the division of labor between all APs in the deployment, we also lose a major advantage: coordination. If a wireless client is connected to an access point, and the access point loses its uplink to the corporate network, wireless clients will continue to connect to the faulty access point and be unable to connect.
This is because the access point, being autonomous, does not know about the other access points in the deployment. Therefore, it cannot tell clients to roam to the others and stop broadcasting until the uplink status has been restored. This is critical in manufacturing and medical environments, where staff expects to be connected wirelessly regardless of what is happening on the network.
Additionally, because the traffic flow of clients is handled on individual, siloed radios, there is no support for technologies like 802.11r, Layer 3 roaming, global bandwidth, or QoS policy enforcement. This makes it very difficult to ensure your wireless clients can connect and access critical resources in a timely fashion.
4. Lack of Coordination
A key component to designing and deploying a wireless LAN is using the available wireless RF spectrum wisely. There are two radio frequency bands used for Wi-Fi: 2.4GHz and 5.0Ghz. Each of these bands has channels allocated, which you can assign to radios in a coordinated WLAN deployment such as with centralized and distributed architectures. With Autonomous WLANs, you may be able to specify these settings, but the radios themselves cannot communicate with each other on channel usage. Many centralized and distributed systems today have methods for dynamic channel usage, allowing the wireless network to adapt to changes in the RF environment.
Additionally, autonomous WLAN architectures lack a core feature required to scale a WLAN deployment: templates and wireless access point management. Say your company is adding new offices to the end of a current manufacturing facility. The staff working in these offices will require wireless access, just like the office staff in the front. You have already created staff and guest networks, security policies, and quality of service rules. With a centralized or distributed WLAN architecture, you would simply procure a new access point, join it to your controller, and mount it in the ceiling. It would then pull the profile you have created and begin servicing clients, just like the other radios.
In an autonomous deployment, no such templating or global management feature exists. New access points manually joined in an autonomous WLAN deployment may not match the channel, power level, or band steering settings as the other autonomous access points, and create interference and connectivity issues for clients.
5. No Support for Real-Time Software Updates or Advanced Networking Features
There is one last principle vital to understanding autonomous wireless deployments and scale. Vulnerabilities in upatched, outdated systems not being managed lead to cyberattacks. It is crucial for companies to deploy a wireless architecture that provides some method of installing updates and firmware for current bug fixes and patches for security vulnerabilities.
Many centralized and distributed WLAN systems offer rolling automatic firmware update features, which allow you to install new firmware on access points throughout the day and intelligently roam clients to other access points nearby when installing the firmware. This is not possible with autonomous APs. Software has to be updated manually on these units one at a time.
Lastly, autonomous deployments rarely offer support for advanced wireless features that many enterprises use, including Real-Time Location System (RTLS). This system uses wireless access points deployed throughout medical or manufacturing/warehouse environments to track inventory and movement of objects in 3D space. This data can then be analyzed for accurate record-keeping, and ultimately, improved organizational efficiency.
Considering the type of WLAN architecture you should deploy ahead of time is vital to your success in dealing with wireless challenges. The right tool is the one that matches all of your requirements for the right cost. Autonomous WLAN architectures have their place in homes and small business offices.
If you need to scale your wireless deployment to meet the needs of your customer, you would benefit greatly from a centralized or distributed wireless system. Centralized and distributed systems save you time and headaches with policy-based configuration, real-time communication, and coordination with access points, and centralized reporting and management.