I have 2 big sites and both of them have a wireless controller virtual, 1 having like 230 Ap's (Main Site) and other having 72 all using bridge at controller (except a 3rd small site with 3 APs using brige@AP). I use around 10 roles each ones with is own VNS using one SSID. All sites have their own internet connection for browsing and slower links for communication to main site.
I also have integrated extreme Control, and Extreme NAC solution to register user on network and also policy manager for manage controllers and switches.
A partner recommends me that would be great idea to consolidate these controllers on main Site and setting all AP VNS at Bridge@AP. but I have a lot of doubt about it
So What are Advantage and disadvange using Bridge@ap topolgy VS bridge@Contoller?
Something else to consider is what roaming functionality you want and the design of the network/VLANs. e.g. if you are bridging at the controller, no problem, the same lease continues throughout the wireless network during the roam. If you bridge at the AP, and the local vlan say in switch stack A is different to the local vlan in switch stack B as you wander down the corridor and connect from an AP that is patched to stack A to an AP that is patched to stack B, the client would perform a layer 3 roam, i.e. release and renew the DHCP lease for the new scope. Obviously if you have latency sensitive systems, VoWifi etc this is not good.
A way around this would be to span the same wireless VLANs to all edge switches that connect to the APs. Again depends on the size of the site, but based on your AP counts it sounds like a reasonable sized setup, so would advise against spanning the same VLAN to multiple edge locations as not best practice design.
Wow Thanks a lot as you stated roaming is a key point as on CAMPUS one each building has its own layer 3 router, could nos sparse vlan anyway, as also dchp would be also a problem. So i considering Bridge to controller on main Campus and Bridge@AP on the remote one as is much smaller and less dense. Ill Take the best to of two scenario.
policy manager and NAC has no direct impact to the topology mode (B@AP or B@EWC) you are using.
The authorization your NAC is sending back to the controller change the Role related to the policies.
With this role you can change the vlan the traffic contains to and thereby you can switch the topology. The vlan is the connection between Policy and Topology.