- Some vendors use thin AP to refer to entry-level/residential-grade products with few
advanced features, in comparison to fat APs rich with enterprise network features like VLAN
tagging and SNMP-based management.
- Some use thin AP to refer to products that can't be configured or used on their own, but
instead are part of a WLAN switching system that governs both setup and operation. In this case, a
fat AP is any stand-alone AP, no matter how extensive that AP's feature set.
- Some use thin AP to refer to products that offload selected tasks to an upstream server -- for example, communicating with 802.1X Authentication Servers, generating encryption keys, acting as a VPN gateway, or re-routing traffic for cross-network mobility. In comparison, any of these tasks could be performed directly on a fat AP, without relying on an upstream server.
Obviously, there are many ways to combine and distribute AP features; no matter how you spin it, thin and fat are just labels for opposite ends of a complex spectrum. My advice is to look at the actual features of products that you may be considering, without getting too distracted by the thin and fat labels. For example, do you want to purchase all your APs from a single vendor, or must you use APs from several sources? Does your business really need VLAN tagging or SNMP management or VPN mobility in its WLAN?
When it comes to 802.1X, I agree there are advantages to distributing responsibility. For example, encryption keys that are generated and cached on an upstream server can reduce the handoff delay when stations roam between APs -- this is important for WLANs that support latency-sensitive video or voice applications. It can also be easier to harden and secure communication with one device (a server) than many devices (individual APs), so having the server be your 802.1X Authenticator (RADIUS client) is arguably safer. But, ultimately, you must weigh these benefits against costs to decide what's best for your WLAN.
This was first published in October 2004