A wireless local area network (WLAN) links two or more devices using some wireless distribution method, and usually provides a connection through an access point (AP) to other networks. A wireless access point (or access point) is a device that allows wired communication devices (e.g., network devices, such as routers, firewalls, switches, or gateways, which transfer or switch data, such as packets) to connect to a wireless network (e.g., a WLAN). The access point may relay data between wireless devices (e.g., client devices, such as personal computers, laptop computers, printers, smart phones, etc.) in the wireless network and another network. In one example, an access point may include a wireless network device, such as a wireless router.
A typical corporate use of access points involves attaching several access points to a wired network (e.g., a corporate intranet that includes one or more network devices) and providing wireless access to client devices located, for example, in a building. The access points may form a WLAN for the client devices, and may be managed by a WLAN controller. The WLAN controller may handle automatic adjustments to radio frequency (RF) power, channels, authentication, and/or security associated with the access points. The WLAN controller may communicate with an aggregation network (e.g., that includes an aggregation device), and the aggregation network may communicate with multiple access networks (e.g., that include access devices). The access points may communicate with one or more access networks.
Most current WLAN architectures are centralized, where the access points and the WLAN controller are deployed as an overlay over a wired network (e.g., a wired enterprise network). However, the centralized WLAN architecture is not scalable since all data traffic is communicated through the WLAN controller. A manually-deployed distributed WLAN architecture is one alternative to the centralized WLAN architecture. With the distributed WLAN architecture, control traffic may be tunneled to the WLAN controller, and data traffic may be tunneled to an access layer or an aggregation layer. However, creating such tunnels requires significant manual configuration overhead, especially for larger architectures.
The centralized and distributed WLAN architectures may need to provide secure control traffic between access points and the WLAN controller. Some centralized and distributed WLAN architectures may also need to establish secure data tunnels before data traffic can be forwarded. However, to implement end-to-end tunnel security between an access point and other WLAN devices (e.g., access devices, aggregation devices, etc.) requires providing enhanced forwarding chip hardware functionality, as well as a new board layout, in the access point and the other WLAN devices. Such hardware changes are both expensive and time consuming.