Understanding Wireless Architecture: How Wi-Fi Networks Work
PitsWireless networks have become an essential part of our daily lives, powering everything from smartphones and laptops to smart home devices. But have you ever wondered how these networks are structured and how data travels through them? That’s where wireless architecture comes in.
Wireless architecture is the framework that defines how wireless devices, access points, and network systems interact to provide reliable connectivity. Understanding this architecture helps you see how Wi-Fi networks are designed, how they handle multiple users, and how they stay secure. In this blog, we’ll break down the key components of wireless networks, the different types of service sets, and how distribution systems keep everything connected. Everything will be explained in a simple and clear way, so even if you’re new to networking, you’ll get a solid grasp of how wireless networks work.
802.11 Frame Format
When devices communicate over Wi-Fi, they exchange data using something called an 802.11 frame. Think of it like a letter sent through the post, where each part of the letter has a purpose to make sure it gets to the right place and is understood correctly. The 802.11 frame is the “envelope” that carries the data.
1. Frame Control
Purpose: Indicates the type of frame (data, control, or management) and specific flags for how the frame should be handled.
Size: 2 bytes
What it does: Helps devices understand what kind of message is being sent and how to process it.
2. Duration/ID
Purpose: Shows how long the medium (Wi-Fi channel) will be occupied by this frame.
Size: 2 bytes
What it does: Prevents collisions by letting other devices know when the channel will be busy.
3. Addresses
Wi-Fi frames can include up to four MAC addresses depending on the type of network (infrastructure or ad-hoc).
Address 1: Destination address – who the frame is for.
Address 2: Source address – who sent the frame.
Address 3: Typically the BSS (Basic Service Set) ID or the AP address.
Address 4: Only used in certain cases like wireless distribution systems.
Size: 6 bytes each
4. Sequence Control
Purpose: Tracks the order of frames and helps detect duplicates.
Size: 2 bytes
What it does: Ensures frames are received in the correct sequence.
5. Frame Body (Payload)
Purpose: Carries the actual data being sent (like your email, file, or web request).
Size: Up to 2304 bytes (depends on standard)
What it does: Contains the information that devices actually want to exchange.
6. FCS (Frame Check Sequence)
Purpose: Error-checking field
Size: 4 bytes
What it does: Allows the receiving device to verify if the frame was transmitted correctly. If an error is detected, the frame can be discarded or retransmitted.
This structure ensures Wi-Fi communication is reliable, organized, and efficient, even when multiple devices are using the same network.
802.11 Association Process
Before a device can send or receive data on a Wi-Fi network, it must associate with an access point (AP). This process ensures the device is recognized by the network and can communicate properly.
The association process has three main steps:
1. Scanning
The device looks for available networks (BSS – Basic Service Set) it can join. There are two ways a station can scan:
Passive Scanning:
The device listens for beacon frames sent periodically by APs.
No active transmission is needed from the device.
It takes a little longer because the device waits to hear from all APs.
Active Scanning:
The device sends probe requests to ask APs in range to respond.
APs reply with probe responses containing network information.
Faster than passive scanning because the device actively asks for AP details.
2. Authentication
After finding an AP, the device must authenticate.
Authentication can be open system (simple and immediate) or shared key/WPA/WPA2 (requires credentials).
Once authenticated, the device moves to the next step.
3. Association
The device sends an association request to the AP, which responds with an association response.
This step registers the device on the AP and allows it to exchange data.
The AP assigns an Association ID (AID) to identify the device on the network.
The scanning step is critical because it determines which network the device will join and how fast it can connect. Using active scanning is usually faster, but passive scanning helps the device discover all nearby networks without sending extra traffic.
802.11 Message Types
In Wi-Fi networks, devices communicate using different types of messages (or frames). These frames are part of the 802.11 standard and are divided into three main categories:
1. Management Frames
Purpose: Handle network setup, maintenance, and teardown.
Examples and What They Do:
Beacon Frames: Sent periodically by an AP to announce the network and provide information like SSID and capabilities.
Probe Request/Response: Used during scanning to discover networks (active scanning).
Authentication Frames: Begin the authentication process between a device and AP.
Association Request/Response: Complete the association so the device can join the network.
Disassociation/Deauthentication: Remove a device from the network when it leaves or is kicked off.
2. Control Frames
Purpose: Help manage access to the wireless medium and ensure reliable delivery of data.
Examples and What They Do:
RTS (Request to Send) / CTS (Clear to Send): Prevent collisions by coordinating transmissions.
ACK (Acknowledgment): Confirms that a frame was received successfully.
PS-Poll (Power Save Poll): Lets AP know the device is ready to receive buffered frames.
3. Data Frames
Purpose: Carry the actual user data across the network.
Examples and What They Do:
Data: Standard frame carrying payload (like web pages, emails, or files).
Data + CF-Ack / CF-Poll: Used in contention-free periods for acknowledgment or polling.
Null Data: Used when a device wants to remain connected but has no data to send, often for power-saving purposes.
These message types work together to make Wi-Fi communication smooth and reliable. Management frames set up the network, control frames keep transmissions orderly, and data frames deliver the information users care about.
Autonomous Access Points and Wireless Deployment Methods
Access Points (APs) are at the heart of a wireless network. They provide the bridge between wired and wireless devices, allowing users to connect without being tied to cables. But not all APs are managed the same way. Let’s start with autonomous APs before moving on to the common deployment methods.
Autonomous Access Points
An autonomous AP is also known as a standalone AP. It works independently and is managed individually. Each AP has its own configuration, so if you have multiple APs, you need to set up and manage them one by one. This works fine for small networks but becomes difficult to handle as the number of APs grows.
3 Main Wireless AP Deployment Methods
1. Autonomous (Standalone) Deployment
How it works: Each AP is configured separately and manages its own clients.
When it’s used: Small businesses, home networks, or environments with only a few APs.
Pros: Simple to set up, no extra controller required.
Cons: Hard to manage in larger networks since changes must be made on every AP.
2. Controller-Based Deployment
How it works: All APs connect to a central Wireless LAN Controller (WLC). The WLC manages configuration, security, and client policies for all APs.
When it’s used: Medium to large enterprises, campuses, or networks with many APs.
Pros: Centralized management, easier troubleshooting, consistent configuration.
Cons: Requires a controller, which adds cost.
3. Cloud-Based Deployment
How it works: APs are managed through a cloud dashboard provided by the vendor. Configuration and monitoring can be done remotely through the internet.
When it’s used: Businesses with multiple sites or organizations that prefer remote management.
Pros: Easy to manage from anywhere, no on-site controller needed, scalable.
Cons: Depends on internet connectivity and vendor’s cloud service.
These three deployment methods give flexibility depending on the size and needs of the network. Small setups can stick with autonomous APs, while larger and multi-site environments usually benefit from controller-based or cloud-managed systems.
Lightweight APs, WLC, and Split MAC Architecture
Now that we’ve covered autonomous APs, let’s look at another common approach: lightweight access points and how they work with a Wireless LAN Controller (WLC).
Lightweight Access Points (LWAPs)
Unlike autonomous APs, lightweight APs do not handle all the wireless functions on their own. Instead, they rely on a central controller (the WLC) to manage most of their operations. The AP still provides the wireless signal, but configuration, security, and advanced features come from the controller.
Benefit: Easier to manage large numbers of APs since everything is centralized.
Limitation: They cannot work without a controller.
Wireless LAN Controller (WLC)
A WLC is the brain of a controller-based wireless network. All lightweight APs connect back to the WLC, which:
Provides configuration and firmware updates
Handles client authentication and security policies
Monitors network performance and roaming
Centralizes management for all APs
This setup allows for consistent policies and simplified control, especially in large networks like schools, hospitals, or enterprise offices.
Split MAC Architecture
In a controller-based deployment, the tasks normally handled by an AP are divided between the lightweight AP and the WLC. This is called the Split MAC Architecture.
On the Lightweight AP:
- Real-time tasks that require low latency, such as sending and receiving wireless frames, beacon generation, and acknowledgments.
On the WLC:
- Management tasks like authentication, roaming decisions, security enforcement, and quality of service (QoS).
By splitting these responsibilities, the network combines the strengths of both devices: the AP handles fast, time-sensitive tasks close to the client, while the WLC takes care of centralized control and intelligence.
This model makes scaling a wireless network much easier. You don’t need to configure each AP manually; instead, the WLC pushes policies and updates to all APs at once, which is why it’s widely used in enterprise deployments.
CAPWAP (Control and Provisioning of Wireless Access Points)
When using lightweight APs and a WLC, there needs to be a way for them to communicate. That’s where CAPWAP comes in.
What is CAPWAP?
CAPWAP stands for Control and Provisioning of Wireless Access Points. It’s a protocol that allows the WLC to manage and control lightweight APs. Think of it as the “language” that APs and controllers use to talk to each other.
How CAPWAP Works
CAPWAP creates a tunnel between the AP and the WLC. This tunnel is used to carry two types of traffic:
Control Messages
Handle configuration, firmware updates, authentication, and management instructions.
Sent over a control tunnel, usually secured with DTLS (Datagram Transport Layer Security).
Data Messages
Carry the actual client data (like web browsing, email, or streaming).
Sent over a data tunnel between the AP and the WLC.
Why CAPWAP is Important
Centralized Management: APs don’t need to store their full configuration; they get it from the WLC.
Security: Communication between APs and the controller can be encrypted.
Scalability: Makes it easier to add or move APs without reconfiguring everything.
In short, CAPWAP is the backbone of controller-based wireless deployments. It ensures lightweight APs can stay simple while the WLC handles the intelligence. Without CAPWAP, the APs and controller wouldn’t be able to coordinate effectively.
CAPWAP Tunnels Between AP and WLC
When a lightweight AP connects to a Wireless LAN Controller (WLC), two tunnels are created. These tunnels separate management/control traffic from client/user data to make the network more efficient and secure.
1. Control Tunnel
Port Used: UDP 5246
Function:
Carries management and control messages between the AP and WLC.
Includes configuration updates, firmware downloads, keepalive messages, and security/authentication commands.
Often encrypted with DTLS (Datagram Transport Layer Security) to protect sensitive control information.
2. Data Tunnel
Port Used: UDP 5247
Function:
Carries the actual client data traffic (web browsing, emails, video, etc.) from the AP to the WLC.
The WLC can then apply policies like Quality of Service (QoS), security checks, or routing.
Depending on configuration, this tunnel can be encrypted for extra security.
So in short:
Control tunnel (UDP 5246): Management and configuration.
Data tunnel (UDP 5247): User/client data traffic.
This separation ensures that management instructions don’t get mixed with user traffic, keeping the network stable and secure.
Benefits of Split MAC Architecture
The Split MAC Architecture divides wireless tasks between the lightweight AP and the WLC. This design offers several advantages, especially in larger or enterprise networks. Here are the key benefits:
1. Centralized Management
All APs are managed from the WLC, so configuration, policies, and firmware updates can be applied in one place.
Saves time and reduces errors compared to configuring each AP individually.
2. Consistent Security Policies
Security features such as authentication, encryption, and access control are enforced by the WLC.
Ensures every AP in the network follows the same security rules.
3. Simplified Roaming
When clients move between APs, the WLC helps coordinate the handoff.
This results in smoother roaming, which is especially important for voice calls or video streaming.
4. Efficient Use of Resources
Real-time tasks (like beacons and acknowledgments) stay at the AP for speed.
Complex tasks (like QoS decisions, load balancing, or mobility management) are handled by the WLC.
This balance keeps performance high while still centralizing intelligence.
5. Scalability
Adding new APs is easier since they simply connect to the WLC and receive their configuration automatically.
Makes it possible to expand networks quickly without extra complexity.
6. Easier Troubleshooting and Monitoring
The WLC provides a central view of the entire wireless network, including connected clients and AP status.
Problems can be identified and fixed more quickly.
In short, split MAC makes wireless networks easier to manage, more secure, and better at handling mobility. It’s one of the main reasons why controller-based deployments are widely used in enterprises.
Lightweight AP Operation Modes
Lightweight Access Points can be configured to run in different modes depending on what the network needs. Each mode serves a specific purpose, from providing normal Wi-Fi service to monitoring or even bridging networks. Here are the common modes you’ll encounter:
1. Local Mode
What it does: The default mode for LWAPs. Provides normal Wi-Fi service to clients and forwards all traffic to the WLC through CAPWAP tunnels.
When used: Enterprise or campus networks where the APs and WLC are in the same site.
2. FlexConnect Mode
What it does: Allows APs to locally switch traffic without sending everything back to the WLC. Still receives configuration from the WLC.
When used: Remote or branch offices where the WLC is located at headquarters. Provides resiliency if the WAN link to the WLC goes down.
3. Sniffer Mode
What it does: The AP acts as a packet sniffer, capturing 802.11 wireless traffic and forwarding it to a remote analyzer like Wireshark.
When used: Troubleshooting or analyzing wireless traffic.
4. Monitor Mode
What it does: The AP does not serve clients. Instead, it listens to all channels, scanning for rogue APs, rogue clients, and other wireless threats.
When used: Wireless security monitoring.
5. Rogue Detector Mode
What it does: The AP connects only to the wired side of the network and looks for rogue devices. It listens for MAC addresses it hears on the wireless side and compares them to what exists on the wired side.
When used: Detecting rogue APs that might be plugged into your wired network.
6. SE-Connect Mode
What it does: Puts the AP into Spectrum Analyzer mode, allowing it to identify non-Wi-Fi interference (like microwave ovens or Bluetooth devices).
When used: Diagnosing RF interference and troubleshooting wireless performance issues.
7. Bridge / Mesh Mode
What it does: The AP acts as a wireless bridge, connecting two or more networks without cables. Mesh mode extends this by allowing APs to connect to each other wirelessly and extend coverage.
When used: Outdoor deployments or areas where running cables is not possible.
8. Flex+Bridge Mode
What it does: Combines FlexConnect and Bridge modes. The AP operates as a bridge but can also locally switch client traffic.
When used: Remote or branch deployments that also need bridging capabilities.
In summary:
Local and FlexConnect handle normal client traffic.
Sniffer, Monitor, Rogue Detector, SE-Connect focus on monitoring and troubleshooting.
Bridge/Mesh and Flex+Bridge extend wireless networks without physical cables.
Cloud-Based Access Points
So far, we’ve looked at autonomous and lightweight APs, where management happens either locally on the AP itself or through a WLC. But there’s another option that’s becoming more common today: cloud-based APs.
What are Cloud-Based APs?
Cloud-based APs are managed through a vendor’s cloud platform instead of a physical on-site controller. Each AP connects to the internet and communicates with the cloud dashboard, where administrators can configure settings, apply policies, and monitor performance.
How They Work
The AP establishes a secure connection to the vendor’s cloud service.
All configuration and monitoring are handled through a web-based dashboard.
Network administrators can manage multiple APs across different locations from a single portal.
Benefits of Cloud-Based APs
Remote Management: No need to be on-site; you can configure APs from anywhere.
Scalability: Easy to add or remove APs across branches or offices.
Automatic Updates: Firmware and feature updates are pushed directly from the cloud.
Centralized Monitoring: View client activity, network health, and security alerts in one place.
Limitations
Dependence on Internet: Management requires a working internet connection.
Vendor Lock-In: Usually tied to a specific vendor’s ecosystem.
Cost: Cloud subscriptions may add ongoing expenses.
Cloud-based APs are especially useful for businesses with multiple sites or for organizations without dedicated IT staff at every location. They simplify deployment and management while providing the flexibility to control the network from anywhere.
Cisco Meraki
When talking about cloud-based APs, one of the most well-known solutions is Cisco Meraki. It’s a line of networking products, including wireless access points, switches, and security appliances, that are all managed through the cloud.
What Makes Cisco Meraki Different?
Cisco Meraki APs don’t rely on a traditional on-site controller like a WLC. Instead, everything is managed from the Meraki Dashboard, a web-based interface hosted in the cloud. This makes it simple to deploy and control networks across multiple locations.
Key Features of Cisco Meraki APs
Cloud Management: Configure, monitor, and troubleshoot APs from a central dashboard accessible from anywhere.
Zero-Touch Provisioning: APs can be shipped to a site, plugged in, and automatically pull their configuration from the cloud.
Centralized Updates: Firmware and feature updates are handled automatically by Meraki, reducing maintenance effort.
Scalability: Adding new APs or new sites is straightforward since they all connect back to the same dashboard.
Built-In Security and Analytics: Includes features like intrusion detection, content filtering, and traffic analysis without needing extra hardware.
Benefits
Easy to deploy and manage, even for organizations without large IT teams.
Consistent configuration across multiple branches or offices.
Strong visibility into network usage and client activity.
Limitations
Requires an active internet connection to manage APs.
Comes with ongoing license costs for cloud management.
Tied to the Cisco Meraki ecosystem.
Cisco Meraki is a good example of how cloud-managed networking has become popular. Instead of focusing only on on-site controllers or manual AP configuration, it shifts network control to a simple, centralized, cloud-based platform.
WLC Deployments
When using lightweight APs, a Wireless LAN Controller (WLC) is at the center of the network. But the way the controller is deployed can vary depending on the size, design, and needs of the network. Let’s look at the four main WLC deployment models.
Four Main WLC Deployment Models
Unified Deployment Model
Description: Traditional model where a centralized WLC manages all APs.
AP Support: Can scale to up to 6,000 APs depending on the WLC model.
Best For: Large enterprises and campuses that require centralized management, policy enforcement, and scalability.
Cloud-Based Deployment Model
Description: APs connect directly to a cloud controller (e.g., Cisco Meraki Dashboard) instead of an on-prem WLC.
AP Support: Virtually unlimited scalability, since management is done in the cloud.
Best For: Organizations that want simplified management, less hardware, and easy scalability.
Embedded Deployment Model
Description: A small-scale model where a WLC is embedded within a switch or router (like Catalyst 9000 series).
AP Support: Supports up to 200 APs.
Best For: Branch offices or small to medium-sized networks that want integrated wireless and wired management.
Mobility Express Deployment Model
Description: A lightweight deployment where one AP acts as a virtual controller to manage other APs.
AP Support: Supports up to 100 APs.
Best For: Small businesses or remote sites that need enterprise-grade Wi-Fi without a dedicated WLC.
Summary
In this blog, we walked through some key concepts in wireless networking. We started with the tunnels that connect an Access Point (AP) to the Wireless LAN Controller (WLC); the Control and Provisioning of Wireless Access Points (CAPWAP) tunnels, which handle both control and data traffic. From there, we looked at the Split-MAC architecture, which distributes responsibilities between the AP and the WLC for efficiency and scalability.
We then discussed the different Lightweight AP modes such as Local, FlexConnect, Sniffer, Monitor, Rogue Detector, SE-Connect, Bridge/Mesh, and Flex+Bridge each designed for specific network needs. Afterward, we transitioned to Cloud-based APs, highlighting Cisco Meraki as a leading solution for cloud-managed wireless networks.
Finally, we explored the four main WLC deployment models:
Unified (supports thousands of APs, centralized control)
Cloud-Based (management from the cloud, scalability)
Embedded (up to 200 APs, built into a switch)
Mobility Express (up to 100 APs, with one AP acting as the controller)
Each model fits different environments, from small businesses to large enterprises, giving organizations flexibility in how they manage their wireless networks.
Wrap Up
Wireless networks today are more dynamic and flexible than ever. Whether you use a centralized WLC, a cloud solution like Cisco Meraki, or a smaller embedded option, there’s a deployment model that can match your business needs. Understanding AP modes, tunnels, and architectures like Split-MAC is crucial for designing a wireless setup that’s reliable, scalable, and secure.
If you’re studying for CCNA or working in networking, mastering these concepts will give you a strong foundation. Keep exploring, practice in labs, and try to visualize how these pieces connect in real-world deployments. It will make wireless networking much clearer and easier to apply.
Subscribe to my newsletter
Read articles from Pits directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by