Smarter Integrated Wired and Wireless Network Management Solution

Introduction

Today, enterprises are accelerating digital transformation and business expansion. This places significant pressure on campus networks.

A growing number of endpoints connect to the network at the same time, which increases the risk of congestion. Applications such as video conferencing and large-scale data transfer require much higher bandwidth. During mobile office scenarios, wireless roaming performance is often unstable. Users may experience packet loss, session drops, or high latency. Network operations and maintenance are also becoming more complex.

Traditional network architectures can no longer meet enterprise requirements for high performance, high availability, and simplified management. As a result, the Integrated Wired and Wireless Network Solution has emerged.

This solution is built on a Spine-Leaf architecture and leverages Anycast technology. It enables enterprises to build an open network designed for ubiquitous compute resources. The architecture addresses scalability, reliability, and operational challenges in modern enterprise networks.

Four Core Challenges in Traditional Enterprise Networks

During enterprise digital transformation, the upgrade of endpoints and business applications continues to increase network load. The limitations of traditional network architectures are becoming more apparent. These challenges are mainly reflected in four areas:

1. High-density access congestion: An average of two to three endpoints per user has become common. In centralized access scenarios, network congestion is severe. Traditional architectures lack sufficient forwarding capacity.
2. Surging bandwidth demand: High-traffic applications such as video streaming, online collaboration, live broadcasting, and large-scale data transfer are widely deployed. Enterprise bandwidth requirements are increasing rapidly.
3. Roaming and coverage issues: In complex environments, signal interference is frequent. Roaming convergence latency is high, and session drops occur regularly. Wireless user experience is significantly degraded, which impacts mobile productivity.
4. Complex operations and maintenance: Multiple dormitory buildings, a large number of APs, and dynamic user environments increase the difficulty of configuration, monitoring, and troubleshooting. OPEX remains high.

To address these challenges, the Integrated Wired and Wireless Network Solution is built on a Spine-Leaf architecture. It integrates switching infrastructure and intelligent control technologies to enable deep convergence of wired and wireless networks. The solution delivers end-to-end connectivity across diverse enterprise scenarios.

Integrated Wired and Wireless Network Management Solution

This solution adopts a fully Layer 3 campus architecture. It enables elastic resource scheduling and efficient integrated wired and wireless network management. The hardware portfolio consists of three core product categories, forming an end-to-end infrastructure from control to access:

1. CX-M Series Spine-Leaf Campus Switches: Deployed at the Spine and Leaf layers, these switches support 25G, 10G, and 100G interfaces. They deliver high bandwidth and high availability for both access and backbone networks. The design fits user zones and server zones with different topology requirements.
2. Wireless Access Points: Based on the IEEE 802.11ax standard, these dual-band APs support high-density user access. A single AP can serve more than 40 concurrent users. Intelligent channel optimization improves RF performance and coverage quality.
3. Asteria OpenWiFi Controller: The controller functions as the central management plane of the campus network. It provides unified management for both wired and wireless devices. It supports configuration, monitoring, operations, and troubleshooting across the full lifecycle.

The three product categories work together to build an integrated “Controller + Switch + AP” architecture. This design ensures high-performance network operation. It adapts to diverse deployment scenarios. It also interoperates with legacy networks through standard protocols such as eBGP, static routing, and MC-LAG.

Key Technologies to Build a Highly Available Enterprise Network

The core advantage of the integrated wired and wireless architecture relies on multiple industry-proven technologies. These technologies optimize roaming performance, channel utilization, traffic forwarding, and security enforcement. The goal is to enhance the integrated wired and wireless network performance and user experience.

1. Leading 10 ms Roaming Latency

To address roaming challenges, the solution integrates IEEE 802.11k, IEEE 802.11v, and IEEE 802.11r fast roaming mechanisms. It is combined with a distributed gateway architecture. Users can transition between APs without noticeable interruption.

• 802.11k: Enables the client to make optimized roaming decisions before handoff, reducing blind scanning time and improving transition efficiency.

• 802.11v: The AP proactively monitors client RSSI and local load conditions. It steers clients with weak signal quality to a better candidate AP by sending a BSS transition request.

• 802.11r: Pre-establishes encryption keys so that full authentication is not required when roaming to a new AP. This significantly reduces handoff latency (typically ≤10 ms) and ensures uninterrupted real-time services.

• Distributed Gateway: Gateway functions are deployed on each Leaf switch, improving stability and supporting concurrent roaming across the integrated wired and wireless network. This achieves an average handoff latency ≤10 ms, with zero packet loss, providing seamless connectivity during client mobility.

The solution also applies device-specific optimizations for Apple, Android, and Windows endpoints. It tunes roaming thresholds and scan timing to precisely accommodate different client types, ensuring an optimal roaming experience in multi-device enterprise environments.

2. Always Keep Clients on the Optimal Channel

The solution uses intelligent channel optimization to plan and dynamically adjust wireless channels, minimizing interference at the source:

• Optimization Timing: Automatic tuning when an AP first comes online, scheduled tuning at 3 AM daily (configurable), and manual tuning by administrators.
• Optimization Logic: The system scans channels and monitors AP load to automatically select idle channels. APs switch in real time to the optimal channel, ensuring stable wireless signals and consistent coverage.

3. Broadcast/Multicast-to-Unicast Conversion

To address the impact of low-rate broadcast and multicast traffic on wireless channel efficiency, the solution implements broadcast/multicast-to-unicast conversion:

• Encapsulates traditional broadcast and multicast frames into unicast frames, reducing AP air interface resource usage.
• Sends unicast packets at the optimal rate based on each client’s signal quality, significantly improving wireless throughput and mitigating latency or stuttering in high-traffic applications.

4. High-Reliability Networking and Traffic Forwarding

• BGP EVPN: Enables Layer 3 dynamic routing and full-network ECMP load balancing. Routes are quickly withdrawn after client roaming, ensuring routing stability.
• MC-LAG Support: Provides cross-device link aggregation. In server zones, dual-homed MC-LAG uplinks ensure no single point of failure for critical traffic.
• Forwarding Optimization: Features such as VLAN broadcast suppression, strict AP forwarding, and ARP proxy reduce unnecessary traffic and improve forwarding efficiency.

5. Multi-Layer Security Protection

The solution establishes an end-to-end security framework, covering access security, user-based controls, and network segmentation:

• Access Security: Implements IPSG, DAI, DHCP Snooping, and 802.1X to ensure only legitimate devices can connect.
• Access Control: ACL policies can be configured on Spine and Leaf nodes to control user or subnet permissions, e.g., restricting certain users from accessing the server zone.
• Network Segmentation: Guest networks are isolated in separate VLANs. ACL policies ensure guests can access only the Internet, without reaching internal core resources.
• Distributed Gateway Security: Different service zones—user, server, and administrative networks—are finely segmented. Each zone has dedicated gateways and subnet masks, isolating traffic at the source.

Multi-Scenario Deployment Best Practices

This solution has been deployed and validated in an enterprise office environment, achieving 384 days of stable operation. The overall integrated wired and wireless network design addresses the distinct requirements of user and server zones, while enabling multi-floor interconnection and unified management. Key deployment highlights include:

1. Network Architecture: The user zone uses a full Layer 3 Spine-Leaf design. The server zone adopts dual-homed MC-LAG uplinks. Server traffic bypasses the firewall for full-line-rate forwarding, improving data transfer efficiency.
2. Wireless Deployment: APs are deployed in a W-shaped pattern across office areas. Each floor has 21 APs spaced approximately 10 m apart. Transmit power is set to 8 dBm, combined with automatic channel planning, ensuring seamless high-quality coverage.
3. Multi-Floor Interconnection: Floors are connected via 10 G fiber links. eBGP routing and VRRP virtual IPs are used to enable efficient cross-floor traffic forwarding. For example, traffic from the 6th floor can reach the Internet via the 18th-floor gateway, with flexible bandwidth allocation.
4. Device Specifications: Hardware selection is based on enterprise scale. CX308P-48Y-M-H serves as the Spine switch, CX204Y-48GT-M-SWP4 as the User-Leaf switch, and AP6020 as the wireless access point. This ensures a balance between performance and cost-effectiveness.
5. Scalability: The user network supports up to 2 Spine switches connecting 48 Leaf switches, accommodating up to 96,000 endpoints. The server network supports up to 2,304 endpoints, allowing flexible adaptation to enterprise growth.

Operations and Management

One of the core advantages of this solution is simplified operations and management. Leveraging the Asterai OpenWiFi Controller as the campus network management platform, it provides unified management of wired and wireless devices, visual monitoring, and intelligent troubleshooting. This shifts enterprise network operations from a “reactive firefighting” approach to “proactive anticipation.”

1. Centralized Unified Management

All network devices, including gateways, switches, and wireless APs, are centrally managed by the OpenWiFi Controller. It supports add, delete, modify, and query operations for single or multiple devices simultaneously, eliminating per-device manual configuration and significantly improving deployment efficiency.

2. Comprehensive Network Visibility

Provides full-dimensional visualization of device status, traffic data, and client access:

• Device Monitoring: Real-time visibility into CPU, memory, hardware health, PoE status, and interface traffic. Generates an overall device health score.
• Traffic Monitoring: Visualizes uplink and downlink traffic across the network, high-bandwidth users, and per-interface data transfer.
• Client Monitoring: Real-time view of wired and wireless client counts, connection types, vendor information, online status, and negotiated speeds.

3. Granular Endpoint Operations and Troubleshooting

Provides full-lifecycle management for each connected endpoint, allowing real-time visibility into the client’s network stage:

• Endpoint Identification: Accurately identifies device type, vendor, and model, distinguishing Apple, Android, Windows, and other endpoints.
• Link Tracking: Tracks the client’s key network path, identifying the connected AP, Leaf, and Spine devices.
• Event Logging: Records critical events such as DHCP requests, authentication, association, roaming, and disconnection, enabling root-cause analysis.
• Quality Analysis: Evaluates metrics like SNR, signal strength, throughput, and packet loss to pinpoint causes of poor wireless performance.

4. Automated Inspection and Alerting

• Automated Inspection: Supports scheduled inspection tasks (e.g., every 24 hours) covering devices, interfaces, services, and wireless networks. Inspection reports are generated automatically.
• Comprehensive Alerts: Configurable alert rules for interface status, CPU/memory usage, bandwidth utilization, BGP state, and wireless air interface load. Alerts are triggered in real time when anomalies occur.
• Proactive Prediction: By combining inspections and alerts, potential network issues—such as excessive interface errors, high AP air interface utilization, or power failures—can be detected and addressed in advance, reducing the risk of network downtime.

Build an Intelligent Integrated Wired and Wireless Network for Enterprises

The Enterprise Integrated Wired and Wireless Network Management Solution combines a Spine-Leaf architecture, advanced technologies, and intelligent operations to deliver four core values for enterprises:

1. High Performance: Supports high-density endpoint access and high-traffic applications. Wireless roaming achieves zero packet loss and low latency. Wired and wireless bandwidth can be scaled on demand to match the rapid growth of digital business.
2. High Reliability: Distributed gateways, MC-LAG link aggregation, and BGP EVPN routing eliminate single points of failure. Devices maintain stable operation for over 380 days, ensuring uninterrupted enterprise services.
3. Ease of Management: Unified management of wired and wireless devices, comprehensive visual monitoring, and intelligent automated troubleshooting significantly reduce operational complexity and cost.
4. Enhanced Security: End-to-end security is provided, covering access authentication, access control, and subnet isolation, preventing unauthorized access and protecting internal enterprise data.

In the era of ubiquitous computing, a stable network is key to digital transformation. This integrated wired and wireless solution, based on an open Spine-Leaf architecture and deployed with CX-M Series switches, AP Series access points, and the Asteria OpenWiFi Controller, delivers capabilities such as seamless roaming within 10 ms, automatic channel optimization, and broadcast/multicast-to-unicast conversion. Combined with unified management, full-dimensional monitoring, and intelligent automated troubleshooting, it builds a high-performance, highly reliable, and easily managed intelligent network.

The solution has been stably deployed in an enterprise office environment for 384 days, effectively supporting high-density endpoint access and high-traffic data transmission, helping enterprises improve operational efficiency and maintain innovation agility.

Have a project in mind? Request a proposal from our sales team at bd@cloudswit.ch

Contact US !

• To request a proposal, send an E-Mail to bd@cloudswit.ch
• To receive timely and relevant information from Asterfusion, sign up at AsterNOS Community Portal
• To submit a case, visit Support Portal
• To find user manuals for a specific command or scenario, access AsterNOS Documentation
• To find a product or product family, visit Asterfusion-cloudswit.ch