I get asked this question a lot….. “Can we have our wireless controller at the central office and APs at the other offices?”

The answer to this is usually “yes and no”. I know, helpful, right?

The first thing we have to understand before answering is- is this a completely light AP solution, or is it ‘semi-light’. These are my terms and each manufacturer has their own verbiage they’ll use, but the concepts are the same.

In a completely light AP product, the controller has the brains, and the APs are dumb. For all practical purposes here, the APs are just radio antennas. They know nothing, and every packet is sent back through the controller for processing. Generally a fully light AP will not even have an IP address.

With a semi-light AP product, the controller does most of the work (usually anything routed or not local) and the APs have enough sense to process local traffic.

Scenario. Imagine a controller at a central office, connected to a light AP at another location (across the WAN). If it’s a completely light AP, it will send every bit of traffic over the WAN, to the controller. Not a great idea if you have medium-heavy wireless usage and a small WAN pipe. You’ll find you can quickly eat your bandwidth with your wireless traffic. If it’s a semi-light solution, the AP can process local traffic, for example a wireless user that wants to send a print job locally.

Processing local requests at the AP cuts down on the amount of traffic that has to traverse the WAN and is generally the way to go if you want a single central controller and remote APs.

If you decide you just have to run a completely light AP solution across the WAN, be sure your pipe is big enough and your usage low enough to support that configuration. Note that ‘big enough’ and ‘low enough’ are always relative and you’ll need to do a little experimenting to get the right threshold for your environment.

# # #


Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts

1 comment

  • The answer is yes as long as the LWAP can ping the controller. Now the design on how to get a remote LWAP to ping a central controller brings us to a whole different discussion.