Ask the Expert

Can you tell me about "thin" versus "fat" WLAN?

Do you have any thoughts regarding "thin" versus "fat" WLAN? As I understand it, "thin" APs pass authentication responsibility back to a central device, where a "fat" AP handles much of the authentication itself.

    Requires Free Membership to View

The terms thin and fat have been applied to WLAN access points (APs) in many different ways.
  • Some vendors use thin AP to refer to entry-level/residential-grade products with few advanced features, in comparison to fat APs rich with enterprise network features like VLAN tagging and SNMP-based management.

     

  • Some use thin AP to refer to products that can't be configured or used on their own, but instead are part of a WLAN switching system that governs both setup and operation. In this case, a fat AP is any stand-alone AP, no matter how extensive that AP's feature set.

     

  • Some use thin AP to refer to products that offload selected tasks to an upstream server -- for example, communicating with 802.1X Authentication Servers, generating encryption keys, acting as a VPN gateway, or re-routing traffic for cross-network mobility. In comparison, any of these tasks could be performed directly on a fat AP, without relying on an upstream server.

Obviously, there are many ways to combine and distribute AP features; no matter how you spin it, thin and fat are just labels for opposite ends of a complex spectrum. My advice is to look at the actual features of products that you may be considering, without getting too distracted by the thin and fat labels. For example, do you want to purchase all your APs from a single vendor, or must you use APs from several sources? Does your business really need VLAN tagging or SNMP management or VPN mobility in its WLAN?

When it comes to 802.1X, I agree there are advantages to distributing responsibility. For example, encryption keys that are generated and cached on an upstream server can reduce the handoff delay when stations roam between APs -- this is important for WLANs that support latency-sensitive video or voice applications. It can also be easier to harden and secure communication with one device (a server) than many devices (individual APs), so having the server be your 802.1X Authenticator (RADIUS client) is arguably safer. But, ultimately, you must weigh these benefits against costs to decide what's best for your WLAN.

This was first published in October 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: