Cisco Wireless Architecture Overview and Examples

We can use different Cisco wireless architectures in our network infrastructure to connect to a wired network and have a safe data transfer. Autonomous AP, Cloud-based, and Split-MAC wireless network architecture are the most common.

Autonomous AP Architecture

From the name itself, Autonomous Architecture means ‘in charge of everything.’ It is a standalone management Cisco Wireless Access Point architecture. The Autonomous AP handles all of the listed roles below:

  • Approval of association requests
  • Transmitter power management
  • Radio Frequency (RF) management
  • Basic Service Set (BSS) Management


You can see in the image below that there is a different VLAN running on the connections. Let us say VLAN A is for the office employees’ VLAN to connect to their company software. VLAN B is for guests that will have limited access. The Autonomous AP could broadcast two different SSIDs. With this setup, since the APs have all the tasks, you may need to log in to every AP to configure it, both on the initial design and every time you need to update the configuration, such as adding VLAN to support wireless clients.

Cisco Wireless Architecture


AP management becomes complex because of the tedious task of logging in individually on every AP. To make it easier, Cisco introduced centralized management software solutions, such as:

  • Cisco DNA (Digital Network Architecture) Center
  • Cisco Prime Infrastructure


The tasks are still heavy on the Access Points. The only difference is the easier wireless network management since the software is installed on one of the computers, ideally the server. You will have a dashboard for easier visibility of the current configuration of the APs.


Cloud-Based AP Architecture

Network scalability is one of the biggest concerns for wireless architecture when a company is growing. As for the Autonomous AP architecture, scaling is possible, although it is more complicated. Cisco saw this issue and now introduced a cloud-based wireless architecture called the Cisco Meraki, a Cisco unified wireless network solution. Here are the key characteristics of a Cloud-based AP architecture:

  • The software is not on the premise but in the server farms of the provider
  • Management task of the AP is moved to the Cloud
  • Only real-time data forwarding tasks are done by the AP


Cisco Wireless Architecture: Cloud-Based AP


Split-MAC Architectures

Cloud-based wireless architecture and centralized management solutions improve Cisco wireless systems. However, the Access Points remain Autonomous. This means your wireless clients’ portability cannot seamlessly transfer from one Access Point to another. They have an independent network and SSID. The goal is to make the wireless network have flexible client roaming.

There are many things to consider when deploying multiple Autonomous APs in one area. The administrator must manage the area by working the transmit power to avoid overlapping. Aside from this, it would help if you also control the channels to prevent channel interference.


Wireless LAN Controller (WLC)

With Split-MAC architecture, we will need a Wireless LAN Controller (WLC). This will enable users to roam freely from one access point to another without disconnecting. This architecture offers Extended Service Set (ESS).

By using Wireless LAN Controllers, all of the management functions of the APs will be moved and centralized on the WLC. How is this different from cloud-based? With cloud-based, the APs are still autonomous. Although you can configure the APs easier, it does not include the management processing of the APs, and it simply collates the settings, making a good dashboard for a more straightforward configuration.

The Access Points will be on Lightweight Access Point (LAP) mode. Lightweight Access Points are APs that depend on a WLC to process the management tasks. A Lightweight Access Point Protocol (LAPP) is used for management.


CAPWAP Tunnels

CAPWAP stands for Control and Provisioning of Wireless Access Points. Wireless networks of WLC going to a LAP will have two CAPWAP Tunnels. The minimum requirement to build this tunnel is for the wireless LAN controllers to ping the management IP address of the Lightweight AP.


The CAPWAP Control Tunnel is responsible for CAPWAP Control messages, which are data packets used to configure and manage its operation. Has data encryption so that the corresponding LAP will be the only one connecting to its respective WLC. This uses UDP port 5246.

Data traffic traveling to and from the wireless clients are transported to the CAPWAP Data Tunnel. The packets here are not encrypted but are still protected with Datagram Transport Layer Security (DLTS) to secure wireless connectivity for wireless users. UDP 5427 is the port that this tunnel use.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest-rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: