Cisco Wireless LAN Controller (WLC) Features with Lightweight-mode Access Points (LWAP)
When working with a Cisco Wireless LAN controller (WLC), you can manage autonomous-mode access points or lightweight-mode access points (LWAPs). Supporting autonomous-mode access points allows you to introduce a WLC into an existing Cisco wireless environment, but saves the initial cost of replacing all the existing access points with LWAPs. Although you do not need to convert your existing APs to LWAPs, some features work only when you use Lightweight Access Point Protocol (LWAPP).
Some features that are available to you when working with the WLC and LWAPP include
Controller port mirroring: Allows you to copy data on one port of your controller to another port for diagnostics.
Controller link aggregation (LAG): Allows you to bond multiple ports together on your controller to allow multiple physical ports to be treated as a single logical port. With LAG enabled, you can support 100 APs on a single 4404 WLC, which still follows the recommendation of 48 APs per port.
The 5508 WLC has no AP limit per port, but it does recommend using more than one gigabit port if supporting greater than 100 APs.
The more ports you load balance your traffic over, the fewer bottlenecks you will encounter from this link.
DHCP proxy allows you to forward DHCP requests to the normal DHCP servers existing on your network.
Aggressive load balancing: Distributes wireless clients between APs rather than waiting for clients to naturally migrate between APs. When a user travels through an office, her wireless signal on her connected AP reduces as she moves away from it.
Typically, the wireless client remains associated with its current AP as long as it can, and when the signal is very weak, it re-associates with a closer AP. In an ideal world, the client would always immediately associate with the closest AP.
Enabling Aggressive mode on the WLC causes the LWAP to force the client to a closer AP rather than waiting for the client to give up its existing AP, which ensures a stronger signal.
Aggressive load balancing provides better performance on the overall WLAN by ensuring that users are always on the closest AP.
Roaming support: Client roaming support between AP on the same ESS, and also between controllers and subnets, as well as Voice over IP telephone roaming.
Integrated security solutions: Security solutions built around 802.1x and AAA or RADIUS servers.
Cisco IDS and IPS support: Cisco provides a full range of intrusion detection systems (IDSs) and intrusion prevention systems (IPSs). LWAPs can be an integrated component of either system.
Internal DHCP server support: WLC supports an integrated DHCP server, or you can use the DHCP server on your corporate network. In addition, WLC can ensure that all clients on the network have DHCP-assigned IP addresses for additional security. People with static addresses can attempt to be another computer that has specific access to secured network resources. Forcing DHCP addresses to be used prevents this type of intrusion.
MAC filtering: Although MAC filtering is not a strong security feature, it does have features that many wireless network administrators demand. With WLC, you can specify that all MAC addresses be verified against registered addresses on AAA servers.
Dynamic transmit power control: Allows the radio strength to be tuned to allow for maximum coverage with minimal interference between APs.
Dynamic channel assignment: Allows for regular checks of RF channels in use in the area, and assigning channels that provide the least amount of interference or noise.
Coverage hole detection and correction: Allows for clients that are detected to be getting weak coverage to trigger a process that will re-evaluate the overall channel and signal strength on the network to correct the holes as part of an effective RRM strategy.
Rogue AP detection and rogue device management: Allows you to identify unmanaged APs in your area and determine whether they are actually on your local network. If they are on your local network, remedial action may be taken. When using rogue device management, unauthorized APs on your environment can have their wireless services interrupted.