In a traditional WLAN design, "thick" wireless access points are connected to the corporate network via a separate Layer 3 virtual LAN. A VLAN delivered via trunking or by building a physically separate network can involve significant upfront configuration and equipment costs. A separate VLAN is desired for security concerns, and is often separated by the corporate network with a firewall and a VPN concentrator.

A centralized wireless deployment allows for the VLAN to be extended over the existing wired network. The access point creates a tunnel to the central manager, regardless of what VLAN it is placed on. In other words, one access point may be placed on the accounting VLAN, another on the sales VLAN, yet in both instances wireless clients would be on the wireless VLAN. This makes deployment of a wireless network where a wired infrastructure exists much easier.

The centralized model provides other attractive features as well. Configuration changes are applied at the management switch instead of at each access point. Since the access points are communicating with a central device, advanced capabilities, such as automatic channel and power configuration and rogue detection, are possible. In addition, each "thin" access point generally costs significantly less than its more feature rich cousin.

The downside to a centralized model is the upfront costs. The central management switch is usually expensive. However, if the deployment involves many access points, or wireless expansion is anticipated in the future, the upfront costs of a centrally managed application are often eclipsed by the benefits.

The bottom line