Construction of wireless networks of all sizes based on TP-Link equipment
Quite often there is a situation when you want to organize a seamless coverage of a large area and to manage the wireless network with a large number of access points. Let's talk about how to optimally implement the project: where to start, what parameters to consider, how to adjust the equipment and where the trick can wait. As a living example, let's take our Auranet line, which includes enterprise-class access points and network controllers.
')
At the first stage, it is necessary to decide what equipment and in what quantity is needed to build the network. In this case, it is not only about controllers and access points. A wireless network cannot function without its wired infrastructure. Therefore, at this stage it is necessary to take into account the wire segments, since it is quite likely that they will have to be modernized.
How to determine if the existing wired infrastructure is suitable for your wireless network? First, there should be enough free ports on the access switches to connect wireless equipment. In addition, the modern IEEE 802.11N / AC standard network provides subscribers with quite high access speeds, which leads to tougher speed requirements for wired interfaces, as well as performance of the wired part of the network as a whole. For example, our ceiling access point CAP300 has a wired Fast Ethernet port (100 Mbps), while the CAP1750 model is equipped with a gigabit network interface. Below we will show what speeds can be available to users when connected to the access point CAP1750.
Gigabit dual-band Wi ‑ Fi ceiling access point, support 802.11ac, CAP series, Auranet
TP-Link CAP1750
Secondly, to optimize the power supply scheme, modern access points can be powered not only from an external source, but also through a network cable using PoE technology (IEEE 802.3af or 802.3at depending on the model) - but in order for this to work, access switches must also support this technology.
Thirdly, access switches must be managed and support work with virtual networks (VLANs), which is necessary when wireless equipment uses multiple SSIDs. Fortunately, almost all switches used in the corporate segment can do this. Finally, you may have to make changes to the SCS - it depends on the total number of access points and their installation sites.
But how to understand how many access points you need to install? At a minimum, to pay attention not only to the general plan of the premises, but also to places of mass gathering of users, as well as the number of people who can simultaneously use the connection in each of them. We have already talked about this before - in the material on building a wireless network in a hotel . At the same time, places of mass gathering are not only conference halls or workrooms of employees, but also shopping centers, educational institutions, hotel lounges, elevators, cafes and restaurants, patios, and other areas that are less obvious at first glance. In fact, here, competent radio frequency intelligence is indispensable. And here we have the opportunity to help our customers do radio planning and conduct radio frequency surveys, for which we have the appropriate hardware and software. However, a rough estimate of the number of access points depending on the density of users can be made immediately. The software limit for the CAP1750 access point is 200 wireless clients (100 for each radio band), but the recommended value is 50 wireless clients (25 for each radio band).
Do you need a controller if you have only a few access points? The answer to this question is a little more complicated than it might seem at first glance. The architecture of modern wireless networks has changed, and now a couple of access points will be enough only for a very small network. Previously, at each site of the network coverage was provided by one access point with a transmitter at maximum power. In modern networks it is recommended to make a distributed installation of two or more access points whose transmitters are not used at full capacity. This architecture allows you to fully utilize the wired infrastructure, as well as to achieve higher client connection speeds through the use of complex modulations, available only with close mutual location of the access point and the wireless client. The controller organizes a centralized control - and here we can not do without it.
The modern wireless network architecture also provides additional insurance in case of equipment breakdown: if one access point fails, its functions will temporarily be taken over by neighboring wireless devices, which would be impossible if it were alone responsible for the site.
Using the 5 GHz band allows you to unload the 2.4 GHz problem frequency, however, the higher frequency signal is absorbed more by various obstacles located between the receiver and transmitter, which in some cases significantly reduces the coverage area of ​​the network operating at 5 GHz, and again leads us to the need to increase the grouping of access points at the facility.
We will not describe in detail here all the features of all the menu items of the web interfaces of the TP-Link wireless controllers. Instead, we will go through the entire process of initial configuration of the AC500 model when adding a controller to an existing network.
TP-Link AC500 wireless network controller CAP series, Auranet line
For those who want to learn more about the features provided by the web interface of the controller, we recommend using the emulator available on our website .
The procedure for deploying a wireless network is quite transparent and consists of several simple steps. We should start with preparing the network infrastructure for the introduction of the wireless segment. For definiteness, we will assume that it is necessary to provide coverage with a wireless network on an object that is one building or a group of closely located buildings connected by a local area network. TP-Link wireless equipment has the ability to remotely connect access points to the controller, however, for simplicity, we assume that all connections are made within one local network.
We decided to somewhat complicate the task of pilot implementation and use the existing wired infrastructure built on the basis of equipment from another manufacturer, as well as to place the controller and access points in different subnets.
To connect the AC500 controller on the L3 switch, a virtual network VLAN 101 was created. The controller is connected via the fifth interface to the switch Gi0 / 6 port, which is configured in trunk mode. For routing, a virtual L3 interface (SVI) was created.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active Gi0 / 7
101 AC500 active
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
switch3560 # sho run int vla 101
Building configuration ...
Current configuration: 108 bytes
!
interface Vlan101
description TP-LINK AC500
ip address 192.168.1.1 255.255.255.0
load-interval 30
end
switch3560 # sho run int gi0 / 6
Building configuration ...
Current configuration: 164 bytes
!
interface GigabitEthernet0 / 6
description AC500
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
spanning-tree portfast trunk
end
Now you need to configure the wireless controller itself: also create VLAN 101 and configure the corresponding L3 interface. The fifth physical port of the controller should work in trunk mode.
In principle, the switch port for connecting the controller can be configured in access mode, but then the controller can only route (not switch) user traffic for those access points that transmit it through it to the “large network”. But more on that later.
To connect access points, we create VLAN 102 in which their management interfaces will be located. Switch ports are also configured in trunk mode.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active
101 AC500 active
102 CAP1750 active Gi0 / 7
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
switch3560 # sho run int gi0 / 7
Building configuration ...
Current configuration: 159 bytes
!
interface GigabitEthernet0 / 7
description TP-Link CAP1750
switchport access vlan 102
switchport trunk encapsulation dot1q
switchport trunk native vlan 102
switchport trunk allowed vlan 1,101-103
switchport mode trunk
load-interval 30
spanning-tree portfast trunk
end
It is probably worth pointing out that in the 802.1Q trunk between the access points and the switch, VLAN 102 was set as the native VLAN. This configuration is due to the fact that the access points send control frames to the network untagged. You also need to make sure (and disable, if necessary) that the switches do not tag frames for the native VLAN.
switch3560 (config) #no vlan dot1q tag native
switch3560 # sho vlan dot1q tag native
dot1q native vlan tagging is disabled
From the access point side, no special configuration is required, just switch the device to FIT mode (activated by default) and connect it to the corresponding switch port.
Configuring the L3 switch interface for the virtual network to which the access points are connected is similar to the one that has already been done for the controller's network.
switch3560 # sho run int vla 102
Building configuration ...
Current configuration: 141 bytes
!
interface Vlan102
description TP-LINK CAP1750
ip address 192.168.2.1 255.255.255.0
load-interval 30
end
We decided to place the DHCP server for the wireless network segment on the L3 switch. You can use any third-party DHCP servers that support options 60 and 138.
switch3560 # sho run | sec dhcp pool
ip dhcp pool tp-link
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8 8.8.4.4
option 60 ascii TP-LINK
option 138 ip 192.168.1.2
switch3560 # sho ip dhcp snooping binding
MacAddress IpAddress Lease (sec) Type VLAN Interface
- --------------- ---------- ------------- ---- ------- -------------
50: C7: BF: 85: E2: 30 192.168.2.2 86105 dhcp-snooping 102 GigabitEthernet0 / 7
Total number of bindings: 1
When placing access points and a controller in the same virtual network, a DHCP server built into the controller could be used.
It is good practice to associate each existing wireless network identifier with its own virtual network, that is, setting a one-to-one correspondence between SSID and VLAN. For simplicity, we will use only one SSID in this pilot project, so we will need to create only one more VLAN 103.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active
101 AC500 active
102 CAP1750 active
103 client active
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
After the virtual network for client traffic is created, you can proceed directly to creating a new wireless network and associating the SSID to the VLAN.
The basic setting of the new wireless network ends here, since even at this moment user devices can successfully connect to the network.
In addition to the basic parameters, the administrator is available for tweaking and a number of additional options. For example, you can change the parameters of balancing users between access points and their redistribution between frequency bands, as well as set the parameters of the wireless transmitters.
The wireless controller, together with access points, can not only request a secret key when connecting to the network, but also perform additional user authentication using a RADIUS server.
In addition, users connecting to all or some of the SSIDs and accessing certain virtual networks can be further authenticated based on MAC addresses, the web or Onekey.
Perhaps one of the most common ways of additional authentication is web authentication, when the user is redirected to a special web page where you need to enter your login and password.
TP-Link AC50 / 500 wireless controllers allow web authentication both on the basis of a local user list stored on the controller itself and using a remote RADIUS server.
It should be noted that the latest firmware version for the AC500 wireless controller now has the ability to authorize via Facebook (Facebook Wi-Fi), as well as SMS authorization using the twilio service.
Now we will consider the following models of wireless subscriber traffic in the wired part of the network.
Depending on the relative position and settings of the wireless controller, access points and the wired network segment, several typical patterns of user traffic are possible. They need to be considered when designing a wireless network to avoid overload in the wired segment. It is also worth noting that at the moment TP-Link wireless equipment does not encapsulate user data in the CAPWAP tunnel, that is, access points and controllers perform what is called local switching, which makes it necessary to either keep “stretched” VLANs on the network or use local VLAN with multiple IP subnets.
This model can usually be found in small wireless networks where the number of access points is relatively small. Access points can be connected either directly to the ports of the wireless controller or to auxiliary switches with or without PoE support.
Regardless of whether the controller performs the switching or routing of user traffic, the link between the switch and the controller (Fast Ethernet for model AC50 and Gigabit Ethernet for model AC500) may be a bottleneck.
This model does not regulate the mutual arrangement of the wireless controller and access points in the network. The fundamental fact is the configuration of network equipment and client devices, in which the controller acts as a default gateway for wireless clients. In this case, the link between the switch and the controller will also be overloaded.
This model is optimal from the point of view of performance, since the wireless controller is completely excluded from the path of transmission of user traffic. Access points essentially act as bridges, associating a wireless SSID with a VLAN in a wired segment. All further traffic processing is done by wired switches and routers.
Apply this scheme optimally in large distributed networks with a large number of access points and wireless clients. It is also worth noting that TP-Link wireless controllers support the N + N redundancy function, working in a fault-tolerant pair.
We decided to somewhat dilute the description of the controller's capabilities and how to connect it with a little testing in order to "live" show the operation of the device and access points.
The AC500 wireless controller is capable of routing traffic for two Gigabit Ethernet ports at the speed of the medium in Full Duplex mode, fully utilizing the resources of both processor cores. Thus, with the AC500 as a router, users will be able to get a total of 2 Gbps / s large packets in total.
It is impossible not to notice that the traffic switching is carried out by the AC500 controller practically without using the central processor, which allows using all five Gigabit Ethernet ports in L2 mode at the speed of the environment, while leaving the central processor resources free for other tasks.
The CAP1750 provides users with a maximum theoretical speed of 450 Mbps in the 2.4 GHz band and 1.3 Gbit / s in the 5 GHz band. In practice, when using the CAP1750 model in the 2.4 GHz band, the total speed of simultaneous transmission of user data in both directions is about 260 Mbps. For the 5 GHz band, this value is 620 Mbps. We decided to present the results in the form of a diagram.
Below are the main characteristics of the test bench that was used for measurements. All measurements were made for 15 simultaneous TCP connections. The access point and the wireless client were located in close proximity to each other.
Thus, in practice, one access point CAP1750 will be able to transmit about 900 Mbit / s of traffic to a wired network when wireless clients are connected to both frequency bands. These speeds must be considered when building or updating a wireless network, reducing the oversubscription in the wired segment whenever possible.
The wireless controller and access points are ready to work right out of the box, but we always strongly recommend updating the software pre-installed on the devices. The new firmware will not only fix the detected inaccuracies in the code, but also add new features. For example, one of the most interesting new products for our equipment will be cloud management support, which allows you to centrally manage multiple wireless controllers at once. This option will be in demand in the case of very large or distributed objects. We are also implementing IPv6 support, which will allow us to use our wireless equipment in new generation IP networks. For network administrators, we added support for the SNMP protocol, with the help of which it is possible to centrally manage devices and collect statistics on the use of the controller and access points. As well as command line support.
Software updates for any of our wireless controllers are done via the web interface. The whole process takes about five minutes and does not require any special knowledge from the user.
The way to replace the firmware on access points depends on the mode in which they operate: FIT or FAT. In FAT mode, the access point acts as a standalone device, so the firmware version is changed using the web interface of a specific device.
When building a wireless network on a large or complex site, you need a lot of wireless access points to provide a continuous coverage area. They are managed (in FIT mode) in this case using a wireless controller. To update their firmware it is also necessary to use a controller. A centralized change of firmware versions of access points is performed using the controller's web interface, where you need to download the file containing the new firmware version, as well as specify the start time for the update. Also here you can view a list of access points that it affects.
The ability to centrally update is especially useful for the AC500 wireless controller, since this model supports up to 500 access points at the same time, which makes manual replacement of firmware on a tracking object almost impossible.
Since our range of equipment is constantly updated, after the release of a new model (for example, CAP1200), it is necessary to update the database of supported devices on the controller in order to expand the list of controlled equipment.
As we showed above, installation and configuration of TP-Link equipment is extremely simple, and a large number of changeable parameters allows you to flexibly configure the network in accordance with all the wishes of the customer. Below we list the key features of our products that we consider the most popular and relevant when building large-scale networks:
')
Choice of equipment and topology
At the first stage, it is necessary to decide what equipment and in what quantity is needed to build the network. In this case, it is not only about controllers and access points. A wireless network cannot function without its wired infrastructure. Therefore, at this stage it is necessary to take into account the wire segments, since it is quite likely that they will have to be modernized.
How to determine if the existing wired infrastructure is suitable for your wireless network? First, there should be enough free ports on the access switches to connect wireless equipment. In addition, the modern IEEE 802.11N / AC standard network provides subscribers with quite high access speeds, which leads to tougher speed requirements for wired interfaces, as well as performance of the wired part of the network as a whole. For example, our ceiling access point CAP300 has a wired Fast Ethernet port (100 Mbps), while the CAP1750 model is equipped with a gigabit network interface. Below we will show what speeds can be available to users when connected to the access point CAP1750.
Gigabit dual-band Wi ‑ Fi ceiling access point, support 802.11ac, CAP series, Auranet
TP-Link CAP1750
Secondly, to optimize the power supply scheme, modern access points can be powered not only from an external source, but also through a network cable using PoE technology (IEEE 802.3af or 802.3at depending on the model) - but in order for this to work, access switches must also support this technology.
Thirdly, access switches must be managed and support work with virtual networks (VLANs), which is necessary when wireless equipment uses multiple SSIDs. Fortunately, almost all switches used in the corporate segment can do this. Finally, you may have to make changes to the SCS - it depends on the total number of access points and their installation sites.
But how to understand how many access points you need to install? At a minimum, to pay attention not only to the general plan of the premises, but also to places of mass gathering of users, as well as the number of people who can simultaneously use the connection in each of them. We have already talked about this before - in the material on building a wireless network in a hotel . At the same time, places of mass gathering are not only conference halls or workrooms of employees, but also shopping centers, educational institutions, hotel lounges, elevators, cafes and restaurants, patios, and other areas that are less obvious at first glance. In fact, here, competent radio frequency intelligence is indispensable. And here we have the opportunity to help our customers do radio planning and conduct radio frequency surveys, for which we have the appropriate hardware and software. However, a rough estimate of the number of access points depending on the density of users can be made immediately. The software limit for the CAP1750 access point is 200 wireless clients (100 for each radio band), but the recommended value is 50 wireless clients (25 for each radio band).
When need a controller
Do you need a controller if you have only a few access points? The answer to this question is a little more complicated than it might seem at first glance. The architecture of modern wireless networks has changed, and now a couple of access points will be enough only for a very small network. Previously, at each site of the network coverage was provided by one access point with a transmitter at maximum power. In modern networks it is recommended to make a distributed installation of two or more access points whose transmitters are not used at full capacity. This architecture allows you to fully utilize the wired infrastructure, as well as to achieve higher client connection speeds through the use of complex modulations, available only with close mutual location of the access point and the wireless client. The controller organizes a centralized control - and here we can not do without it.
The modern wireless network architecture also provides additional insurance in case of equipment breakdown: if one access point fails, its functions will temporarily be taken over by neighboring wireless devices, which would be impossible if it were alone responsible for the site.
Using the 5 GHz band allows you to unload the 2.4 GHz problem frequency, however, the higher frequency signal is absorbed more by various obstacles located between the receiver and transmitter, which in some cases significantly reduces the coverage area of ​​the network operating at 5 GHz, and again leads us to the need to increase the grouping of access points at the facility.
Controller Configuration
We will not describe in detail here all the features of all the menu items of the web interfaces of the TP-Link wireless controllers. Instead, we will go through the entire process of initial configuration of the AC500 model when adding a controller to an existing network.
TP-Link AC500 wireless network controller CAP series, Auranet line
For those who want to learn more about the features provided by the web interface of the controller, we recommend using the emulator available on our website .
The procedure for deploying a wireless network is quite transparent and consists of several simple steps. We should start with preparing the network infrastructure for the introduction of the wireless segment. For definiteness, we will assume that it is necessary to provide coverage with a wireless network on an object that is one building or a group of closely located buildings connected by a local area network. TP-Link wireless equipment has the ability to remotely connect access points to the controller, however, for simplicity, we assume that all connections are made within one local network.
We decided to somewhat complicate the task of pilot implementation and use the existing wired infrastructure built on the basis of equipment from another manufacturer, as well as to place the controller and access points in different subnets.
Pre-configuration of the wired part of the network (controller connection)
To connect the AC500 controller on the L3 switch, a virtual network VLAN 101 was created. The controller is connected via the fifth interface to the switch Gi0 / 6 port, which is configured in trunk mode. For routing, a virtual L3 interface (SVI) was created.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active Gi0 / 7
101 AC500 active
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
switch3560 # sho run int vla 101
Building configuration ...
Current configuration: 108 bytes
!
interface Vlan101
description TP-LINK AC500
ip address 192.168.1.1 255.255.255.0
load-interval 30
end
switch3560 # sho run int gi0 / 6
Building configuration ...
Current configuration: 164 bytes
!
interface GigabitEthernet0 / 6
description AC500
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
spanning-tree portfast trunk
end
Now you need to configure the wireless controller itself: also create VLAN 101 and configure the corresponding L3 interface. The fifth physical port of the controller should work in trunk mode.
In principle, the switch port for connecting the controller can be configured in access mode, but then the controller can only route (not switch) user traffic for those access points that transmit it through it to the “large network”. But more on that later.
Pre-configuration of the wired part of the network (connecting access points)
To connect access points, we create VLAN 102 in which their management interfaces will be located. Switch ports are also configured in trunk mode.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active
101 AC500 active
102 CAP1750 active Gi0 / 7
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
switch3560 # sho run int gi0 / 7
Building configuration ...
Current configuration: 159 bytes
!
interface GigabitEthernet0 / 7
description TP-Link CAP1750
switchport access vlan 102
switchport trunk encapsulation dot1q
switchport trunk native vlan 102
switchport trunk allowed vlan 1,101-103
switchport mode trunk
load-interval 30
spanning-tree portfast trunk
end
It is probably worth pointing out that in the 802.1Q trunk between the access points and the switch, VLAN 102 was set as the native VLAN. This configuration is due to the fact that the access points send control frames to the network untagged. You also need to make sure (and disable, if necessary) that the switches do not tag frames for the native VLAN.
switch3560 (config) #no vlan dot1q tag native
switch3560 # sho vlan dot1q tag native
dot1q native vlan tagging is disabled
From the access point side, no special configuration is required, just switch the device to FIT mode (activated by default) and connect it to the corresponding switch port.
Configuring the L3 switch interface for the virtual network to which the access points are connected is similar to the one that has already been done for the controller's network.
switch3560 # sho run int vla 102
Building configuration ...
Current configuration: 141 bytes
!
interface Vlan102
description TP-LINK CAP1750
ip address 192.168.2.1 255.255.255.0
load-interval 30
end
We decided to place the DHCP server for the wireless network segment on the L3 switch. You can use any third-party DHCP servers that support options 60 and 138.
switch3560 # sho run | sec dhcp pool
ip dhcp pool tp-link
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8 8.8.4.4
option 60 ascii TP-LINK
option 138 ip 192.168.1.2
switch3560 # sho ip dhcp snooping binding
MacAddress IpAddress Lease (sec) Type VLAN Interface
- --------------- ---------- ------------- ---- ------- -------------
50: C7: BF: 85: E2: 30 192.168.2.2 86105 dhcp-snooping 102 GigabitEthernet0 / 7
Total number of bindings: 1
When placing access points and a controller in the same virtual network, a DHCP server built into the controller could be used.
Wireless Identifier Management (SSID)
It is good practice to associate each existing wireless network identifier with its own virtual network, that is, setting a one-to-one correspondence between SSID and VLAN. For simplicity, we will use only one SSID in this pilot project, so we will need to create only one more VLAN 103.
switch3560 # sho vla bri
VLAN Name Status Ports
- - - - 1 default active
101 AC500 active
102 CAP1750 active
103 client active
1002 fddi-default act / unsup
1003 trcrf-default act / unsup
1004 fddinet-default act / unsup
1005 trbrf-default act / unsup
After the virtual network for client traffic is created, you can proceed directly to creating a new wireless network and associating the SSID to the VLAN.
The basic setting of the new wireless network ends here, since even at this moment user devices can successfully connect to the network.
Configuring auxiliary parameters of the wireless network
In addition to the basic parameters, the administrator is available for tweaking and a number of additional options. For example, you can change the parameters of balancing users between access points and their redistribution between frequency bands, as well as set the parameters of the wireless transmitters.
Authentication
The wireless controller, together with access points, can not only request a secret key when connecting to the network, but also perform additional user authentication using a RADIUS server.
In addition, users connecting to all or some of the SSIDs and accessing certain virtual networks can be further authenticated based on MAC addresses, the web or Onekey.
Perhaps one of the most common ways of additional authentication is web authentication, when the user is redirected to a special web page where you need to enter your login and password.
TP-Link AC50 / 500 wireless controllers allow web authentication both on the basis of a local user list stored on the controller itself and using a remote RADIUS server.
It should be noted that the latest firmware version for the AC500 wireless controller now has the ability to authorize via Facebook (Facebook Wi-Fi), as well as SMS authorization using the twilio service.
Now we will consider the following models of wireless subscriber traffic in the wired part of the network.
Network traffic patterns
Depending on the relative position and settings of the wireless controller, access points and the wired network segment, several typical patterns of user traffic are possible. They need to be considered when designing a wireless network to avoid overload in the wired segment. It is also worth noting that at the moment TP-Link wireless equipment does not encapsulate user data in the CAPWAP tunnel, that is, access points and controllers perform what is called local switching, which makes it necessary to either keep “stretched” VLANs on the network or use local VLAN with multiple IP subnets.
Access points connect directly to the wireless controller
This model can usually be found in small wireless networks where the number of access points is relatively small. Access points can be connected either directly to the ports of the wireless controller or to auxiliary switches with or without PoE support.
Regardless of whether the controller performs the switching or routing of user traffic, the link between the switch and the controller (Fast Ethernet for model AC50 and Gigabit Ethernet for model AC500) may be a bottleneck.
The controller acts as the default gateway for wireless networks.
This model does not regulate the mutual arrangement of the wireless controller and access points in the network. The fundamental fact is the configuration of network equipment and client devices, in which the controller acts as a default gateway for wireless clients. In this case, the link between the switch and the controller will also be overloaded.
The default gateway functions are assigned to a router or L3 switch.
This model is optimal from the point of view of performance, since the wireless controller is completely excluded from the path of transmission of user traffic. Access points essentially act as bridges, associating a wireless SSID with a VLAN in a wired segment. All further traffic processing is done by wired switches and routers.
Apply this scheme optimally in large distributed networks with a large number of access points and wireless clients. It is also worth noting that TP-Link wireless controllers support the N + N redundancy function, working in a fault-tolerant pair.
We decided to somewhat dilute the description of the controller's capabilities and how to connect it with a little testing in order to "live" show the operation of the device and access points.
The AC500 wireless controller is capable of routing traffic for two Gigabit Ethernet ports at the speed of the medium in Full Duplex mode, fully utilizing the resources of both processor cores. Thus, with the AC500 as a router, users will be able to get a total of 2 Gbps / s large packets in total.
It is impossible not to notice that the traffic switching is carried out by the AC500 controller practically without using the central processor, which allows using all five Gigabit Ethernet ports in L2 mode at the speed of the environment, while leaving the central processor resources free for other tasks.
The CAP1750 provides users with a maximum theoretical speed of 450 Mbps in the 2.4 GHz band and 1.3 Gbit / s in the 5 GHz band. In practice, when using the CAP1750 model in the 2.4 GHz band, the total speed of simultaneous transmission of user data in both directions is about 260 Mbps. For the 5 GHz band, this value is 620 Mbps. We decided to present the results in the form of a diagram.
Below are the main characteristics of the test bench that was used for measurements. All measurements were made for 15 simultaneous TCP connections. The access point and the wireless client were located in close proximity to each other.
| Component | PC | A laptop |
| Motherboard | ASUS Maximus VIII Extreme | ASUS M60J |
| CPU | Intel Core i7 7700K 4 GHz | Intel Core i7 720QM 1.6 GHz |
| RAM | DDR4-2133 Samsung 64 GB | DDR3 PC3-10700 SEC 16 GB |
| LAN card | ASUS PCE-AC88 | Atheros AR8131 |
| operating system | Windows 7 x64 SP1 | Windows 7 x64 SP1 |
| Measuring software | JPerf 2.0.2 | JPerf 2.0.2 |
Thus, in practice, one access point CAP1750 will be able to transmit about 900 Mbit / s of traffic to a wired network when wireless clients are connected to both frequency bands. These speeds must be considered when building or updating a wireless network, reducing the oversubscription in the wired segment whenever possible.
Firmware update
The wireless controller and access points are ready to work right out of the box, but we always strongly recommend updating the software pre-installed on the devices. The new firmware will not only fix the detected inaccuracies in the code, but also add new features. For example, one of the most interesting new products for our equipment will be cloud management support, which allows you to centrally manage multiple wireless controllers at once. This option will be in demand in the case of very large or distributed objects. We are also implementing IPv6 support, which will allow us to use our wireless equipment in new generation IP networks. For network administrators, we added support for the SNMP protocol, with the help of which it is possible to centrally manage devices and collect statistics on the use of the controller and access points. As well as command line support.
Software updates for any of our wireless controllers are done via the web interface. The whole process takes about five minutes and does not require any special knowledge from the user.
The way to replace the firmware on access points depends on the mode in which they operate: FIT or FAT. In FAT mode, the access point acts as a standalone device, so the firmware version is changed using the web interface of a specific device.
When building a wireless network on a large or complex site, you need a lot of wireless access points to provide a continuous coverage area. They are managed (in FIT mode) in this case using a wireless controller. To update their firmware it is also necessary to use a controller. A centralized change of firmware versions of access points is performed using the controller's web interface, where you need to download the file containing the new firmware version, as well as specify the start time for the update. Also here you can view a list of access points that it affects.
The ability to centrally update is especially useful for the AC500 wireless controller, since this model supports up to 500 access points at the same time, which makes manual replacement of firmware on a tracking object almost impossible.
Since our range of equipment is constantly updated, after the release of a new model (for example, CAP1200), it is necessary to update the database of supported devices on the controller in order to expand the list of controlled equipment.
In the dry residue
As we showed above, installation and configuration of TP-Link equipment is extremely simple, and a large number of changeable parameters allows you to flexibly configure the network in accordance with all the wishes of the customer. Below we list the key features of our products that we consider the most popular and relevant when building large-scale networks:
- automatic detection and centralized management of access points;
- the ability to locally and remotely locate access points;
- load balancing;
- support of local switching of user traffic by access points;
- unified customization;
- the possibility of hot backup wireless controller;
- PoE support;
- lack of moving parts for controllers and access points;
- support for multiple SSIDs;
- various user authentication methods;
- flexibility and scalability of the solution;
- 3 year warranty and technical support in Russian.
Source: https://habr.com/ru/post/335674/
All Articles