cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4438
Views
50
Helpful
15
Replies

EWC vs vWLC

DAVIES604
Level 1
Level 1

Hi,

 

I am after some advice. Can anyone tell me if there is any benefit of deploying the 9800  virtual WLC over running some EWC capable APs? I’m aware the max AP limit for EWC is fairly low, but assuming this isn’t an issue are there any performance benefits. The vWLC has a max throughput of a little over 2Gbps. In an EWC deployment does all client traffic go through the EWC AP? And if so would the EWC AP have throughput up its port speed, so potentially greater than vWLC?

 

Many thanks

15 Replies 15

Leo Laohoo
Hall of Fame
Hall of Fame
The 9800 is a full-blown WLC.
The embedded WLC (eWLC) in the AP is a "lite" version of it. It is not a full feature WLC found in a full blown WLC.

Scott Fella
Hall of Fame
Hall of Fame
Just to add.... the EWC AP is like FlexConnect. All traffic egress the switch it’s connected on. There is no tunneling to the master. The 9800-CL can have AP’s in local mode and or FlexConnect. You decisions should be based on your requirements and what works best.
-Scott
*** Please rate helpful posts ***

DAVIES604
Level 1
Level 1

Thank you for the responses. 

Can you explain the benefit of having all traffic routed through a controller, to me it seems inefficient but I’m obviously missing something. 

Also is it possible to have a deployment with 2 separate WLCs, with the AP’s configured to use one as it’s preferred and one and secondary, but only working in FlexConnect mode with one. So for example, if the primary became unavailable, it could do authentication with the secondary but would switch traffic locally.

 

Many thanks. 

Can you explain the benefit of having all traffic routed through a controller, to me it seems inefficient but I’m obviously missing something?

It is the most common deployment type with Cisco AP (known as Local mode AP or Centralized Deployment). WLC won't be a real bottleneck, however, the traffic path is not optimized. The advantage is you can very easily manage & troubleshoot.

 

FlexConnect is the other mode that is common (also known as Distributed Deployment) where you have the option of locally terminate DATA traffic onto local switch where AP connect. If you have multiple locations where you do not want to put WLC in each of those locations (eg retail industry or multiple WAN locations), this kind of deployment makes more sense.

 

Challenge is you have to troubleshoot at the individual switch level. Also, a lot of MAC functions delegated to AP itself, so it is a bit of a burden to APs (comparing to local mode AP). There is a certain feature gap between Local mode vs FlexConnect as well.

 

Also is it possible to have a deployment with 2 separate WLCs, with the AP’s configured to use one as it’s preferred and one and secondary, but only working in FlexConnect mode with one? So for example, if the primary became unavailable, it could do authentication with the secondary but would switch traffic locally

Yes, this is standard N+1 high availability where you can configure primary, secondary & tertiary controller for your APs. If you use FlexConnect, then traffic will be locally switched irrespective of which WLC manages. In FlexConnect scenario, only CAPWAP control traffic is tunnel back to WLC, Data traffic you have the option of centrally or locally switch (most customers prefer to do local switching)

 

HTH

Rasika

**** Pls rate all useful responses ***

 

Hi Rasika,

 

Many thanks, really usefull.

 

Could you expand on what you mean by "WLC won't be a real bottleneck, however, the traffic path is not optimized". Surely it could be?

If I was concerned that the 2.1Gbps throughput limit of the vWLC was not enough, I could purchase WLC hardware, but would deploying all the AP's in FlexConnect mode be a viable second option to get around the bandwidth concerns, or not recommended?

 

Many thanks.

Could you expand on what you mean by "WLC won't be a real bottleneck, however, the traffic path is not optimized". Surely it could be?

 

This goes back to basics of BSS (wireless cell). Even though one would think AP can generate ~1Gbps throughput, it is not most of the case (even AP is 11ac). There is a lot of overhead (management frames & control frames) in a wireless cell where you get certain % of airtime (~40-60%) for data frame communication where it really needs to go to the wired side of AP

 

To get an understanding here is the stat of my campus environment where we got over 2500APs. You can see a combined total client traffic load peak around 1Gbps (with client count over 10k). I haven't seen more than 3Gbps in my environment at all. 

WiFi_Client.PNG

 

So even we all think WLC bandwidth could be a bottleneck, due to the half-duplex nature and too much overhead in WiFi operation, you will not see WLC to become it a bottleneck in bandwidth perspective.

 

HTH

Rasika

 

Hi Rasika,

 

Really appreciate this info, very helpful thank you. 

 

Can I just ask though Rasika, if this is the case, why do we now have single access points available to buy with 5Gbps ports, if the total load of a large network is unlikely to get to this let alone a single AP? Is this because of WiFi 6 and new optimisation technologies?

 

Many thanks

The reason is "sales".

Exceeding 1Gbps throughput from a given AP (ac or ax) has demonstrated in controlled lab setup (High-Density classroom setup) & not typical enterprise where you have mix client base. If you have such a use case where you can control your wireless client and wanted to achieve persistent high throughput you can play with it.

 

As Leo said, why AP comes with mGig (2.5G/5G) port is to create a demand for such switches that provide mGig. But when it comes to the ground-reality of WiFi, the need for such mGig port is a corner case from a Wireless perspective.

 

We all hope 802.11ax improves the overall performance of BSS when most of the client 802.11ax capable and helps to get higher throughput from overall BSS. However, it is also yet to proven 11ax delivers its promises with that respect in a typical enterprise environment.

 

HTH

Rasika

 

 

No you can’t mix and match. I have run both setups and really it depends on how you want traffic to pass. Local mode is the most popular if the aps and controllers are in the same location/site. FlexConnect is more if you want to have a centrally managed system but have AP’s in multiple sites. That is the decision maker. With EWC access points, they will be trunked and every ap that is wave 2 can participate as a master so you can have many or all aps as backups. Your design will dictate really what you will use.
-Scott
*** Please rate helpful posts ***

Reading up a bit about FlexConnect it seems you can still have the FlexConnect AP's do centralised authentication and switching. So is it possible to configure FlexConnect so it works this way when the controller is available, but if for example the controller failed, the AP's would switch locally, and authenticate the clients themselves, to a Radius server for example.

I guess what I'm really asking is if this is a viable alternative to having a backup controller?

 

Many thanks

In FlexConnect, you have two modes of operation

 

1. Connected mode (WLC is reachable)

2. Standalone (WLC is not reachable, still AP operate & client serve)

 

With FlexConnect, you can configure SSID for two different levels of switching

 

1. Central Switching (SSID traffic is going to WLC as CAPWAP data)

2. Local Switching (SSID traffic is locally terminate at AP/local switch)

 

Let's say you configure SSID for central switch. If AP in "Connected mode" everything works, however, if AP go to "Standalone mode" then it would break the connection & you can't locally switch in that scenario (as SSID switching method is fixed, it cannot switch between central vs local depend on the mode of operation).

 

Let's say you configure SSID for local switching. if AP in "Connected mode", traffic is switch locally at AP/switch. Even AP go to "standalone mode", still it works & no user disruption.

 

Depend on the Authentication method (central auth or local auth), you can allow a new client to authenticate (if you do local auth) during AP in "Standalone mode" of operation. If it is central auth, no new client able to authenticate when WLC is not reachable (ie when AP is in Standalone mode)

 

Hope that clear

 

Rasika

Thanks, that's cleared a lot up for me.

 

I guess my last question, which might be better for a Cisco rep perhaps. If I deploy the N+1 HA (not active/standby pair), can I use the AP licences on all controllers? I don't need to purchase multiple licence for each controller?

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: