Controllerless Networks

Occasional Contributor I




I am searching for an overview with the pro's and contra's for what an IAP and a CAP access point can do.

I am looking for a comparison what a CAP can and not a IAP and vice versa.


because with the IAP92-93 it is simple. When you need more then 16 IAP, you need a controller.

Now with the IAP105,.... the limitation is not valid more. SO you can build a WLAN network with 20,30 ,40 IAP. But when it is better to choose for a controller based solution?





Trusted Contributor I


look a bit further back here and you will find some more threads about this.


by now the IAPs have caught up rather well with the controler based solution, still the advise is not more then 1024 or such users on a cluster i believe, some of the most clear elements it is lacking:

- no centralized traffic handling, all traffic exits at the AP (can be seen as a pro or a con)

- very limited guest portal (no guest admin user)

- one more i can't recall now



The line b/w controllers and iap's is getting razor thin. What many of my clients seem to struggle with is the precedent of using controllers as either a CAP or RAP termination poiint and having that centralized model of control for auth, cp etc. There is still merit in using controllers in campus environments where the AP's will only ever be connected on an L2 or a branch office where you need an all in one type platform to terminate the AP's, provide PoE to the AP's, firewall, 3/4G backup etc.


That said you can also now leverage the best of IAP with the best of the controller for a small incremental cost. If you setup your IAP's in your cluster and enable VPN to head-end anchor controller sized appropitatly to handle the inbound L3/IPSec connections - you need not license the controler for AP's, PEFNG or even RFProtect.


You leverage the inherent capability (and zero licensing cost!) of the IAP to provide these services, but anchor your VC to a controller that in this case is acting like a VPN concentrator. Beauty of this is the controller can be bare-bones from a licensing perspective as VPN services is included in the base ArubaOS.


While RAP's are great, its always been a pain if you loose the head end tether to the controller or need to add more coverage/capacity to a single location. With IAP, this all goes survivability, ability to add IAP's to the custer, L3 roaming, HS2.0 etc but still provides that central architecture via the anchor controller(s).



| Adam Kennedy, Systems Engineer -

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy


So it seems that the only big argument for CAP/Controller based designs is scale then?


I'm building a warehouse with 160 access points. My users expect smooth roaming from either end of the building to the middle, so even if I split the facility in half I'd still need 80 per side, more than the recommended max for iAP clusters (64 I believe).


Any advice for a large roaming area using the iAP tunnel to controller plan?


if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it


If this is for a single physical location with an AP count as cited, think I'd still lead with instant and enable the L3 roaming between your IAP VC's. QA and Dev are working to expand the recommended max IAP cluster size, but remains presently at 64 as you cited.


You can't beat the cost structure of IAP and I don't see any reason why you'd need a tunnel back to a controller for this. Airwave will give you that centralized view of the entire network as well as the configuration ability. In AMP 7.7, you'll actually be able to access the IAP VC WebUI for configuration.


L3 Mobility is covered in the IAP user guide (3.2 version) in chapter 8 found here:


Cheers, Adam

| Adam Kennedy, Systems Engineer -

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy
Contributor I


akennedy wrote: In AMP 7.7, you'll actually be able to access the IAP VC WebUI for configuration.

This is the best news i've heard all day. I have no problems recommending IAP for CAP from now on. The config management capabilities of AirWave for IAP has been painfull.





Search Airheads
Showing results for 
Search instead for 
Did you mean: