08-26-2020 04:13 PM - edited 07-05-2021 12:27 PM
Hi,
I am after some advice. Can anyone tell me if there is any benefit of deploying the 9800 virtual WLC over running some EWC capable APs? I’m aware the max AP limit for EWC is fairly low, but assuming this isn’t an issue are there any performance benefits. The vWLC has a max throughput of a little over 2Gbps. In an EWC deployment does all client traffic go through the EWC AP? And if so would the EWC AP have throughput up its port speed, so potentially greater than vWLC?
Many thanks
08-26-2020 04:15 PM
08-26-2020 04:27 PM
08-27-2020 05:23 AM
Thank you for the responses.
Can you explain the benefit of having all traffic routed through a controller, to me it seems inefficient but I’m obviously missing something.
Also is it possible to have a deployment with 2 separate WLCs, with the AP’s configured to use one as it’s preferred and one and secondary, but only working in FlexConnect mode with one. So for example, if the primary became unavailable, it could do authentication with the secondary but would switch traffic locally.
Many thanks.
08-27-2020 06:42 AM
Can you explain the benefit of having all traffic routed through a controller, to me it seems inefficient but I’m obviously missing something?
It is the most common deployment type with Cisco AP (known as Local mode AP or Centralized Deployment). WLC won't be a real bottleneck, however, the traffic path is not optimized. The advantage is you can very easily manage & troubleshoot.
FlexConnect is the other mode that is common (also known as Distributed Deployment) where you have the option of locally terminate DATA traffic onto local switch where AP connect. If you have multiple locations where you do not want to put WLC in each of those locations (eg retail industry or multiple WAN locations), this kind of deployment makes more sense.
Challenge is you have to troubleshoot at the individual switch level. Also, a lot of MAC functions delegated to AP itself, so it is a bit of a burden to APs (comparing to local mode AP). There is a certain feature gap between Local mode vs FlexConnect as well.
Also is it possible to have a deployment with 2 separate WLCs, with the AP’s configured to use one as it’s preferred and one and secondary, but only working in FlexConnect mode with one? So for example, if the primary became unavailable, it could do authentication with the secondary but would switch traffic locally
Yes, this is standard N+1 high availability where you can configure primary, secondary & tertiary controller for your APs. If you use FlexConnect, then traffic will be locally switched irrespective of which WLC manages. In FlexConnect scenario, only CAPWAP control traffic is tunnel back to WLC, Data traffic you have the option of centrally or locally switch (most customers prefer to do local switching)
HTH
Rasika
**** Pls rate all useful responses ***
08-27-2020 07:12 AM
Hi Rasika,
Many thanks, really usefull.
Could you expand on what you mean by "WLC won't be a real bottleneck, however, the traffic path is not optimized". Surely it could be?
If I was concerned that the 2.1Gbps throughput limit of the vWLC was not enough, I could purchase WLC hardware, but would deploying all the AP's in FlexConnect mode be a viable second option to get around the bandwidth concerns, or not recommended?
Many thanks.
08-27-2020 08:53 AM
Could you expand on what you mean by "WLC won't be a real bottleneck, however, the traffic path is not optimized". Surely it could be?
This goes back to basics of BSS (wireless cell). Even though one would think AP can generate ~1Gbps throughput, it is not most of the case (even AP is 11ac). There is a lot of overhead (management frames & control frames) in a wireless cell where you get certain % of airtime (~40-60%) for data frame communication where it really needs to go to the wired side of AP
To get an understanding here is the stat of my campus environment where we got over 2500APs. You can see a combined total client traffic load peak around 1Gbps (with client count over 10k). I haven't seen more than 3Gbps in my environment at all.
So even we all think WLC bandwidth could be a bottleneck, due to the half-duplex nature and too much overhead in WiFi operation, you will not see WLC to become it a bottleneck in bandwidth perspective.
HTH
Rasika
08-27-2020 02:29 PM
Hi Rasika,
Really appreciate this info, very helpful thank you.
08-28-2020 01:18 AM
Can I just ask though Rasika, if this is the case, why do we now have single access points available to buy with 5Gbps ports, if the total load of a large network is unlikely to get to this let alone a single AP? Is this because of WiFi 6 and new optimisation technologies?
Many thanks
08-28-2020 02:12 AM
The reason is "sales".
08-28-2020 07:56 AM
Exceeding 1Gbps throughput from a given AP (ac or ax) has demonstrated in controlled lab setup (High-Density classroom setup) & not typical enterprise where you have mix client base. If you have such a use case where you can control your wireless client and wanted to achieve persistent high throughput you can play with it.
As Leo said, why AP comes with mGig (2.5G/5G) port is to create a demand for such switches that provide mGig. But when it comes to the ground-reality of WiFi, the need for such mGig port is a corner case from a Wireless perspective.
We all hope 802.11ax improves the overall performance of BSS when most of the client 802.11ax capable and helps to get higher throughput from overall BSS. However, it is also yet to proven 11ax delivers its promises with that respect in a typical enterprise environment.
HTH
Rasika
08-27-2020 07:39 AM
08-28-2020 07:35 AM
Reading up a bit about FlexConnect it seems you can still have the FlexConnect AP's do centralised authentication and switching. So is it possible to configure FlexConnect so it works this way when the controller is available, but if for example the controller failed, the AP's would switch locally, and authenticate the clients themselves, to a Radius server for example.
I guess what I'm really asking is if this is a viable alternative to having a backup controller?
Many thanks
08-28-2020 08:10 AM
In FlexConnect, you have two modes of operation
1. Connected mode (WLC is reachable)
2. Standalone (WLC is not reachable, still AP operate & client serve)
With FlexConnect, you can configure SSID for two different levels of switching
1. Central Switching (SSID traffic is going to WLC as CAPWAP data)
2. Local Switching (SSID traffic is locally terminate at AP/local switch)
Let's say you configure SSID for central switch. If AP in "Connected mode" everything works, however, if AP go to "Standalone mode" then it would break the connection & you can't locally switch in that scenario (as SSID switching method is fixed, it cannot switch between central vs local depend on the mode of operation).
Let's say you configure SSID for local switching. if AP in "Connected mode", traffic is switch locally at AP/switch. Even AP go to "standalone mode", still it works & no user disruption.
Depend on the Authentication method (central auth or local auth), you can allow a new client to authenticate (if you do local auth) during AP in "Standalone mode" of operation. If it is central auth, no new client able to authenticate when WLC is not reachable (ie when AP is in Standalone mode)
Hope that clear
Rasika
08-28-2020 08:35 AM
Thanks, that's cleared a lot up for me.
I guess my last question, which might be better for a Cisco rep perhaps. If I deploy the N+1 HA (not active/standby pair), can I use the AP licences on all controllers? I don't need to purchase multiple licence for each controller?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide