A wireless LAN controller (WLC) is primarily used to handle client authentication and associations for large-scale wireless deployments. It acts as a centralized management appliance with the lightweight access points (LAPs) acting as the wireless interface to various clients. All management and data packets are tunneled from a lightweight access point to the WLC. Policy is enforced from the WLC onto the LAPs.
A WLC/NAC configuration could be effective for creating a secure conference room, especially in large wireless deployments. In such a scenario, the client would associate with a LAP and authenticate with the WLC. Once authentication was complete, the user traffic would go through the quarantine VLAN from the WLC to the NAC server. Then, after posture assessment was completed and any remediation (if required) was successful, the user VLAN would change from quarantine to access VLAN in the WLC, and the traffic would be allowed through the NAC (bypass).
This was first published in February 2011