Centralized wireless network management with WLC controllers

Scheme of centralized management of corporate Wi-Fi using WLC and vWLC controllers

Description

Wireless networks are a vital element of IT infrastructure that requires regular monitoring, upgrades and scaling. As a company expands, so does the number of users, devices and requirements for rapid customization of the data environment.

We are consistently developing our Wi-Fi equipment line and offer new approaches for tasks of any complexity – from local networks to distributed architectures with thousands of clients. One of the universal solutions is building a network based on hardware WLC and software vWLC controllers. They are designed for wireless infrastructure deployment, centralized management of access points, as well as for their monitoring and updating. More details are given below.

Solution composition

WLC hardware controllers

WLC hardware controllers are the devices for building Wi-Fi infrastructure. The line includes WLC-15, WLC-30 and WLC-3200 models. They are compatible with Eltex Wi-Fi 5 and Wi-Fi 6 access points. Wi-Fi 7 standard will also be supported.

vWLC software controller

vWLC is a virtual Wi-fi controller designed for deployment in virtualizarion environments and hardware servers with х86-64 architecture. It replaces the functionality of hardware WLC, but allows more flexible performance scaling by allocating more hardware resources.

WLC and vWLC functionality

WLC controllers provide flexible and reliable tools for organizing access to corporate Wi-Fi network. They significantly simplify the work of IT specialists: they automate routine operations, speed up network deployment and reduce the risk of errors at the configuration stage.

One of the key advantages of controllers is centralized management. It includes:

mass configuration of access points according to templates;
centralized firmware and configuration updates;
remote network monitoring and diagnostics;
flexible differentiation of rights and policies for different segments.

Authentication and authorization are based on RADIUS protocols via login/password and TLS certificates. Modern encryption standards WPA2/WPA3 (Personal and Enterprise) are supported.

The model range is equipped with Airtune service. It provides intelligent wireless network optimization and simplifies access point management through automatic selection of optimal transmission channels, load balancing and seamless roaming.

In addition, both hardware and software controllers route and protect traffic at the enterprise network level. All models support static and dynamic routing IPv4/IPv6, including protocols such as OSPF, BGP, IS-IS and RIP. Policy-based routing (PBR) and virtual route separation (VRF) are also supported. For filtering and security, built-in L2–L4 firewalls are provided, with support for trust zones and application-by-application traffic analysis. IDS/IPS intrusion detection and prevention system is also available under license.

Eltex Access Points

WLC and vWLC controllers are designed to work in conjunction with Eltex access points. We manufacture a wide range of models for indoor and outdoor deployment:

WEP – for indoor installation;
WOP – for outdoor installation.

The access points support Wi-Fi 5 and 6 standards; devices that support Wi-Fi 7 are in development and are scheduled for release in Q4-2025.

The models provide high throughput of up to 1.7 Gbps, operates in the bands 2.4 GHz, 5 GHz and 6 GHz (implementation in Q4-2025) and are designed for simultaneous connection of 40 to 100 real (which sends traffic) clients. Power is supplied via PoE/PoE+ technologies. The devices are equipped with the latest authentication and traffic security features, including WPA2/WPA3 (Personal and Enterprise), as well as OWE.

ECCM management system

To simplify work with a large number of network devices, including controllers, we have developed ECCM (Eltex Cloud Configuration Manager) which is a centralized infrastructure management platform that allows administrators to see the entire network. This solution saves time, reduces scaling risks and makes administration more predictable and convenient.

ECCM enables rapid onboarding of new equipment as the network expands with automatic discovery, inventory and application of baseline settings (ZTP support). Administrators have access to centralized management of software updates and deployment templates, and mass configuration of device by groups. In case of incidents, the system sends notifications to e-mail and Telegram.

General solution scheme

scheme-2-construction-of-a-centrally-managed-wireless-network-for-distributed-infrastructure

Scheme 1. Standard way of Wi-Fi network construction using WLC/vWLC

The scheme describes simple scenario of building a wireless network using one hardware or software controller. This scheme is universal for small and medium-sized objects where centralized management and stable operation of the entire infrastructure are required.

Eltex access points are connected to MES switch via PoE technology, which in turn is connected to a hardware WLC or virtual vWLC. This architecture is convenient, for example, for organizing an office network with several segments: separate SSIDs are created for employees, guests and IoT equipment with binding to different VLANs. Personnel are authenticated using RADIUS and TLS certificates, while guest access is speed-limited, filtered by traffic type and completely isolated from the internal network.

If necessary, a fault-tolerant cluster of two controllers can be realized (support for a scheme with several redundant controllers is under development). The devices work according to the Active-Stanby (in hot standby mode), when one of them fails, the second one instantly takes over its tasks, preserving the network continuity.

The controllers support two ways of traffic processing:

Centralized Forwarding – when client traffic is terminated at the controller, and both automatic tunneling over the enterprise L3 network and VLANs can be used.
Local Switching – when client traffic can be switched and routed without controller involvement.

In this scenario, the IT department’s resources are significantly saved, as adding new access points is easier and the Airtune system automatically distributes access points across channels and balances the load between them.

Scheme 2. Construction of a centrally managed wireless network for distributed infrastructure

The second architecture is for companies with branch structure, where it is necessary to manage the network in several geographically remote sites at once. The centralized WLC (or vWLC) controllers and servers are located in the head office. Due to the built-in router, WLC is able to serve not only local but also remote access points located in the branches.

Connection takes place over encrypted channels. For this purpose, L3 connectivity is required between the WLC and access points. L3 connectivity can be realized using a secure tunnel or the company’s own communication channels.

When using the vWLC virtual controller, the deployment of the solution becomes more flexible in administration, as the vWLC can act as a border router for building secure tunnels between the controller and routers in remote location.

In a second scenario, a branch office network can be built with different requirements: one office prioritizes VoIP traffic, another office restricts access to local resources, and a third office monitors the activity of IoT devices. The complex of devices in this architecture is managed through the ECCM system. The software organizes a single administration center: it distributes security policies, monitors the network status and allows to quickly respond to incidents. If suspicious activity is detected, such as attempts to scan the network or unauthorized client connecting, WIDS and WIPS modules automatically react: isolate the source of the threat and notify the administrator.

With ECCM it is also possible, for example, to detect a new access point in a branch office, automatically apply a basic configuration to it and include it in a given network segment. At the same time, the network topology is virtualized: the administrator in the head office can see the actual location of equipment, connections between devices and the current load.