Wireless access points (APs or WAPs) are communication devices on wireless local area networks (WLANs).  They act as a central transmitter and receiver of wireless radio signals. Mainstream wireless APs support Wi-Fi and are most commonly used to support public Internet hotspots and other business networks where larger buildings and spaces need wireless coverage. Access points enable so-called Wi-Fi infrastructure mode networking. Modern access points support up to 255 clients. AP hardware consists of radio transceivers, antennas and device firmware.

General Classification:

  1. Controller based Access points.
  2. Stand Alone Access points (SAAP) or SOHO (small office, home office).

Controller based Access points are more suitable for large enterprises and have more features as compared to SAAP & SOHO. They are more expensive though. Controller based access points feature centralized management, configuration, encryption, updates and policy settings through a centralized controller.

Stand Alone Access points are for small to medium enterprises and home offices.

The following points should act as a guidance only.

Comparison:Controller based Access points and Stand Alone Access points.

Controller Based Stand Alone
Encryption

Can encrypt the entire line – PC to access points to controller. WPA2, which is the latest encryption standard and would be supported by most of the controllers.

Can encrypt the communication between themselves and the laptop/PC. Some SAAP use WEP or its equivalents, which are weaker. A SAAP may store encryption keys, and if they are stolen, those keys could be retrieved.

 

Authentication: Supports MAC authentication as well as 802.1x authentication through a Radius server or both, and in addition say for guest access, there is a separate captive portal that can be integrated in to the controller to authenticate the guests and keep them on a separate network (different from the internal network) without having to create a profile for them or making any changes on the Radius server. A SAAS only supports MAC authentication as well as 802.1x authentication through a Radius server or both.
Security: Can identify a rogue access point and provide complex IDS functions like dedicate a radio (or whole access points) for wireless intrusion detection and monitor the network for wireless threats like MAC spoofing, honey pot attacks, Denial of Service attacks, Ad-hoc networks etc. Can identify a rogue access point and provide some basic IDS functions.
Network Access Control Can control the network access on a per user basis. For example, individual user/group could be denied access to use certain applications like internet/SAP or any other service. Basically policies could be set in the controller to restrict them to certain applications only. The users could also be integrated with the existing NAC policies of the wired network Many stand-alone access points cannot do this.
Redundancy The controller is a single point of failure and the access points attached to it may not work if the controller is down hence the one reason why the High Availability mode always has a backup controller, sitting passively. If any access points attached to this controller fails, the clients are automatically forwarded to the nearest access point without a disconnect. If a SAAS fails, the users could still connect to the neighbouring access point (provided there is one in the vicinity) but only after the current session is terminated and after re-authentication and sometimes an administrator may need to give permission in the ACL of that access point.
Bandwidth/ Load balancing Some controller based access points can limit the maximum bandwidth that can be used by individual station/ group to make sure that one station/group would not overload the whole network.

Controller based access points can also balance the load across the access points in that area.

SAAS cannot do this.
Group configuration Group configuration and centralized management, updates of firmware is easier with controller based access points. Very few SAAS can also do this by the process of “Clustering” or “Grouping” where there is a master access point which intimates all the slave access points if any changes in configuration are made But the number of such access points that can group together is limited.
Radio Management/ Channel Management Can provide very good radio management via the controller by making sure no two neighbouring access points are transmitting in the same channel (frequency) as that might result in interference Can also monitor the neighbouring access points by themselves to ensure this automatically. Like the controller based access points, the stand alone ones can also reduce power levels dynamically in order to reduce interference in some situations.
Quality of Service Can support prioritization of data packets based on applications/protocols like voice, video etc. to ensure that the delay sensitive voice/video packets are processed before the data traffic like mails etc. according to the IEEE WMM – Wireless Multimedia Standard.

Can give true roaming by handing over the voice sessions between the access points for the Wi-Fi voice clients.

 

Can support prioritization of data packets based on applications/protocols like voice, video etc.
Mesh Networking Can support mesh networking – the connectivity between two or more access points through wireless mode (in addition to the connectivity to the laptops/stations).

Normally all the access points are connected in the back end through a wire, but they can also connect to one another using dedicated radios with dual radio access points. Mesh networking might be required where data cables cannot be taken or taking them becomes very expensive. However, mesh networks reduce the amount of bandwidth supported with each hop.

Can support mesh networking – the connectivity between two or more access points through wireless mode (in addition to the connectivity to the laptops/stations)
Live monitoring of Wireless network and location based services: Can allow floor plans (of the area covered with Wi-Fi) to be integrated with the controller and the power levels (signal strength) of the Wi-Fi network at different places can be viewed Live (pictorially with different colour levels indicating different signal strengths) for network and performance monitoring.

Can also integrate location based services which can identify any active wireless client in the floor plan (through its MAC address, for example) within a range of 3-5 meters.

SAAS cannot do this.
SSID/VLAN With controller based access points, there could be just one SSID and separate wireless VLAN’s under it, which is totally independent of the wired VLAN settings. The controller acts as a layer 3 device and hence is able to by-pass the layer 2 VLAN settings of the switch. There can be a number of SSID’s and VLAN’s in SAAS for grouping the number of users, generally the wired VLAN needs to be extended over the wireless too, and the VLAN settings depend on the wired VLAN parameters

How to Buy an Access Point (AP):

Watch out for these features when sourcing AP’s.

  • Gen an AP that Supports either 802.11n or 802.11ac
  • Ensure that it is Dual-band (supports both 2.4 and 5 GHz)
  • The more spatial streams, the better (2×2 or 3×3 spatial streams)
  • Appropriate SOHO or Enterprise. SOHO are appropriate for small enterprises, Enterprise AP are great for large enterprises.

802.11n or 802.11ac Support

802.11n debuted in 2009, and 802.11ac in 2014

One should prioritize design and understanding over spending extra money on an 802.11ac network. 802.11ac access points have more functionality for getting faster speeds but does this only when conditions are absolutely perfect, that is;

  • You have room for 802.11ac’s super wide channels
  • You have 802.11ac devices
  • Devices will be very close (20 or 30 feet) to the access point

Dual-Band Support

The 2.4 GHz band is becoming increasingly crowded and less functional. It is recommended to purchase a dual-band access point that supports both 2.4 and 5 GHz so as to provide for compatibility with older devices(2.4GHz)  and newer ones too(5GHz). Although 802.11n is a 2.4 and 5 GHz standard, many 802.11n devices support 2.4 GHz only. When looking at the specifications for the AP, look for one of the 5 GHz standards to ensure that it supports both bands.

802.11b/g/n All 2.4 GHz standards, so it supports 2.4 GHz only
802.11a/b/g/n 802.11a is a 5 GHz-only standard, so it supports 5 GHz
802.11a/b/g/n/ac  802.11ac is a 5 GHz-only standard, so it supports 5 GHz
Watch for 802.11a and 802.11ac support on the WiFi certification logo

More Spatial Streams

802.11n introduced MIMO (multiple in, multiple out). MIMO means that we get multiple radio chains and antennas to transmit and receive with. The more radio chains, the more sensitive the WiFi radio is, which makes it better at accurately sending and receiving. This gets us more reliability and speed.

Most small devices like cell phones and tablets have a 1×1 radio (1 radio chain) to conserve space and power. Laptops generally have either a 2×2 radio (2 radio chains) or 3×3 radio (3 radio chains).

On an access point, one ought to go with at least a 2×2 radio, but 3×3 is best. This will yield the best speed and performance, even if you have many 1×1 and 2×2 clients.

SOHO or Enterprise?

Detailed comparison has been done above. Here is a summary of the same.

Small Office/Home Office Enterprise
~25 client Max 100’s of clients (you run into channel limitations before AP limitations)
$30-100 each $400-1000 each
Poor roaming performance (users might have to toggle WiFi off and back on) Better roaming performance
No band steering (users have to manually select the 5 GHz network) Proper band steering (users are automatically put on the best band)
Few configuration options Highly configurable for specific, high-performance network designs
Combines modem, switch, AP, and router functions AP only
Usually requires a controller or cloud management
Share This