Managing 200 access points individually is impossible. Architecture solves this.
Your campus has 200 access points. Managing each one individually means 200 logins, 200 firmware updates,
200 channel plans, and no central visibility. Wireless architecture determines how APs are managed at scale.
Get this wrong and your wireless network manages you.
Autonomous: a channel change to every 2.4 GHz AP requires 200 individual logins.
A new SSID requires 200 manual configurations. A firmware vulnerability requires 200 updates.
Lightweight with a WLC: all of the above take under 5 minutes from a single dashboard.
Slide 3 of 8
Wireless LAN Controller & CAPWAP
CAPWAP is the tunnel that carries all AP traffic — both management and client data — back to the WLC.
Client Device
Laptop / Phone
Associates to SSID
802.11 RF
Lightweight AP
Thin AP
RF termination only
CAPWAP Tunnel UDP 5246 / 5247
Controller
WLC
Policy / auth / routing
Wired uplink
Core Network
Internet / LAN
Traffic destination
CAPWAP Control Channel — UDP 5246
Carries management traffic: configuration, firmware, AP health monitoring, and authentication decisions.
Encrypted with DTLS (Datagram TLS).
CAPWAP Data Channel — UDP 5247
Carries client traffic encapsulated in the tunnel from the AP to the WLC.
The WLC decapsulates it and forwards to the destination network.
Can also be configured for local switching at the AP (local mode).
Campus scenario: all 200 APs connect to the WLC via CAPWAP. From the WLC you see all APs, all clients,
all SSIDs, and all roaming events on one screen. No individual AP logins required.
Slide 4 of 8
Wireless Network Modes
The operating mode determines how devices communicate — with an AP, directly with each other, or across a mesh backhaul.
Most common enterprise
Infrastructure Mode
All wireless clients communicate through a central access point.
The AP is the hub — devices do not connect directly to each other.
Supports roaming, QoS, authentication, and centralized management.
This is the default mode for any business deployment.
Peer-to-peer, no AP
Ad Hoc (IBSS) Mode
Devices communicate directly with each other without an AP.
Independent Basic Service Set (IBSS). No central management.
Limited range and security. Used for temporary device-to-device transfers.
Wi-Fi Direct is the modern consumer equivalent.
Not suitable for enterprise use.
Self-healing backhaul
Mesh Mode
APs connect to each other wirelessly, forming a self-healing backhaul network.
Only one AP needs a wired uplink (the root AP). All others backhaul through neighboring APs.
Ideal for warehouses, campuses, and areas where wired runs are impractical.
Each wireless hop introduces latency and reduces throughput.
Exam Trap
Ad hoc mode creates a network with no AP at all. Infrastructure mode requires an AP.
The exam often presents scenarios asking which mode applies — the key differentiator is whether an AP is present.
Campus of 200 APs: infrastructure mode, all APs reporting to the WLC. The parking garage with no cable runs uses mesh mode — one wired root AP, the rest backhaul wirelessly.
Slide 5 of 8
SSID, BSSID, and ESSID
These three identifiers describe the same wireless network at different scopes. Know the distinction.
Identifier
Full Name
Example Value
Scope
Purpose
SSID
Service Set Identifier
CorpWireless
Network name
The human-readable network name. Up to 32 characters. Broadcast in beacon frames unless hidden.
BSSID
Basic Service Set Identifier
AA:BB:CC:11:22:33
Single AP radio
The MAC address of a specific AP radio. Each radio (2.4 GHz and 5 GHz) has its own BSSID even if they share an SSID.
ESSID
Extended Service Set Identifier
CorpWireless
Multi-AP network
The SSID shared across multiple APs managed by a WLC. Clients roam between APs while staying connected to the same ESSID.
SSID Hiding — Security Reality
Disabling SSID broadcast hides the network from casual scanning.
The SSID still appears in probe request/response frames when clients connect.
Tools like Wireshark capture it instantly. Hiding is not a security control — it is a nuisance at best.
Use WPA3 authentication. Do not rely on SSID hiding.
Multiple SSIDs on One AP
A single AP can broadcast multiple SSIDs simultaneously — commonly used to separate
Corp, Guest, and IoT traffic onto different VLANs without deploying multiple APs.
Each SSID gets a unique BSSID (the AP increments its MAC address).
More SSIDs increase beacon overhead — stay under 4 SSIDs per radio.
Slide 6 of 8
Roaming & Band Steering
Roaming keeps users connected as they move. Band steering keeps capable clients off the congested 2.4 GHz band.
Layer 2 Roaming — Same Subnet
1
Client moves — signal from current AP weakens below threshold (typically -70 dBm)
2
Client probes — sends probe requests; neighboring APs respond with signal strength
3
Client reassociates — connects to the stronger AP on the same ESSID
4
WLC coordinates — client context (auth state, keys) transferred between APs; IP address unchanged
5
Session continues — VoIP call, video stream, and active downloads are uninterrupted
Sticky client problem: some devices hold their current AP association even when signal is poor.
WLC can force deassociation below a minimum RSSI threshold to force a roam.
Band Steering
Problem: Dual-band clients often default to 2.4 GHz because it is listed first or has stronger RSSI through walls.
Mechanism: WLC monitors probe requests. If the client supports 5 GHz, the AP delays its 2.4 GHz probe response, steering the client to associate on 5 GHz instead.
Result: 2.4 GHz is reserved for legacy and IoT devices. High-bandwidth clients operate on 5 GHz with less co-channel interference.
Consideration: Aggressive band steering can cause association failures. Tune the delay threshold carefully in dense environments.
Slide 7 of 8
Antenna Types & AP Placement
The antenna determines the shape of the RF coverage cell. Choosing the wrong type leaves gaps or creates interference.
Omnidirectional
360 degree — donut pattern
Radiates equally in all horizontal directions. Standard ceiling-mount AP antenna.
Best for open office spaces and hallways where coverage in all directions is needed.
Gain is typically 2–5 dBi.
Directional
Focused — sector pattern
Focuses energy in one direction, increasing range at the cost of coverage angle.
Used for point-to-point building-to-building links or to cover a specific corridor.
Reduces interference from other directions.
Yagi
High gain — narrow beam
Directional antenna with high gain (10–17 dBi). Used for long-distance
point-to-point links between buildings. Very narrow beam — precise alignment required.
Common in outdoor campus bridging scenarios.
Patch
Flat — hemispherical pattern
Wall-mounted, low-profile directional antenna. Covers a half-sphere in front of it.
Used in stadiums, convention centers, and warehouses where coverage in one
direction from a wall or pillar is needed.
AP Placement Rules
Overlap coverage cells by 15–20% for seamless roaming. Avoid placing APs near metal objects,
elevator shafts, and microwave rooms. Mount at ceiling height — obstacles at desk height attenuate the signal.
Use lower transmit power in dense deployments to tighten cells and reduce co-channel interference.
Heat Maps
A heat map visualizes signal strength as a color gradient overlaid on a floor plan.
Red/green = strong signal. Blue/gray = weak coverage.
Generated from site survey tools (Ekahau, Cisco WCS) after AP deployment.
Identify dead zones and overlap areas before users call the help desk.
Slide 8 of 8 | N10-009 Obj 2.4
200 APs — Under Control
The campus deploys 200 lightweight APs all managed through a single WLC.
CAPWAP tunnels on UDP 5246 and 5247 carry control and data traffic back to the controller.
All APs broadcast the same ESSID. As users walk the campus, the WLC coordinates seamless Layer 2 roaming —
no re-authentication, no dropped calls. Band steering pushes laptops to 5 GHz.
Ceiling omnidirectional antennas cover open floors. Yagi antennas bridge the remote parking structure.
A firmware update takes 4 minutes from the WLC dashboard. Every AP is updated simultaneously.
6 Facts to Carry Out of This Presentation
1Lightweight APs require a WLC. Autonomous APs are self-contained. At 200 APs, lightweight wins by an order of magnitude.
2CAPWAP uses UDP 5246 (control) and UDP 5247 (data). All AP-to-WLC traffic travels through this tunnel.
3BSSID is the MAC of a specific AP radio. SSID is the human name. ESSID is that SSID shared across multiple APs for roaming.
4Infrastructure mode = clients through an AP. Ad hoc = clients direct, no AP. Mesh = APs backhaul wirelessly to each other.