Showing results for 
Search instead for 
Did you mean: 

Bridge at AP VS Bridge at Controller Advantage and disadvantage

Bridge at AP VS Bridge at Controller Advantage and disadvantage

New Contributor
Hi colleages:
I have 2 big sites and both of them have a wireless controller virtual, 1 having like 230 Ap's (Main Site) and other having 72 all using bridge at controller (except a 3rd small site with 3 APs using brige@AP). I use around 10 roles each ones with is own VNS using one SSID. All sites have their own internet connection for browsing and slower links for communication to main site.

I also have integrated extreme Control, and Extreme NAC solution to register user on network and also policy manager for manage controllers and switches.

A partner recommends me that would be great idea to consolidate these controllers on main Site and setting all AP VNS at Bridge@AP. but I have a lot of doubt about it

So What are Advantage and disadvange using Bridge@ap topolgy VS bridge@Contoller?

is better Bridge@AP scenario? and Why?

New Contributor
Something else to consider is what roaming functionality you want and the design of the network/VLANs. e.g. if you are bridging at the controller, no problem, the same lease continues throughout the wireless network during the roam. If you bridge at the AP, and the local vlan say in switch stack A is different to the local vlan in switch stack B as you wander down the corridor and connect from an AP that is patched to stack A to an AP that is patched to stack B, the client would perform a layer 3 roam, i.e. release and renew the DHCP lease for the new scope. Obviously if you have latency sensitive systems, VoWifi etc this is not good.

A way around this would be to span the same wireless VLANs to all edge switches that connect to the APs. Again depends on the size of the site, but based on your AP counts it sounds like a reasonable sized setup, so would advise against spanning the same VLAN to multiple edge locations as not best practice design.

Wow Thanks a lot as you stated roaming is a key point as on CAMPUS one each building has its own layer 3 router, could nos sparse vlan anyway, as also dchp would be also a problem. So i considering Bridge to controller on main Campus and Bridge@AP on the remote one as is much smaller and less dense. Ill Take the best to of two scenario.

Valued Contributor III
Hello Eddgar,

policy manager and NAC has no direct impact to the topology mode (B@AP or B@EWC) you are using.

The authorization your NAC is sending back to the controller change the Role related to the policies.
With this role you can change the vlan the traffic contains to and thereby you can switch the topology. The vlan is the connection between Policy and Topology.

Best regards
Regards Stephan

New Contributor
Thanks for the response, now i am a bit clear, i enforce the policies by Policy Manager and also use NAC, B@AP and B@controller does affect how policy manger an NAC is used?