Access Points: A Complete Introduction

Imagine you have several wireless devices — laptops, tablets, and smartphones — that need to connect to a wired network with other devices, such as servers, scanners, and printers.

Traditionally, connecting all these required a lot of physical equipment and cables.

Today, however, instead of dealing with cables, you can use an access point to connect the devices wirelessly to the network. Once connected, they form a WLAN, with the access point as a central component. This article will explain this concept further.

What is an access point or wireless access point?

An access point (AP) is a networking device used for communication. Access points are essential to provide wireless network access to devices. Working the second layer (Data Link Layer) of the OSI model, APs help to:

• Connect wireless devices to a wired network using protocols like Wi-Fi.
• Help extend the network's range.

Sometimes known as “wireless access points”, APs can be standalone devices that can be moved anywhere or they may be a component of your router. They can act as transmitters and receivers of wireless radio signals to manage the flow of data within the network so that all the connected devices can properly communicate with each other.

Access points are useful in both small-scale and large-scale environments. Access points have advanced significantly over the past 25 years to meet diverse networking needs.  Initially, they simply connected wireless devices to wired networks, but today, their functionality extends far beyond that, as we’ll see in this article.

(Related reading: network architecture & endpoint monitoring.)

Where access points are used

Access points are heavily used in our day-to-day life.

• Offices and corporate organizations. APs are heavily used in corporate organizations. In most of these organizations, APs are connected to a traditional wired network to give wireless access.
• Educational institutes. Used to keep students and staff connected in classrooms, libraries, and common areas. Eg:- schools, universities, colleges
• Hospitals. Used to support wireless devices, and medical equipment, and provide internet access to patients and staff.
• Home networks. Wireless networks use wireless routers with modems to provide wireless access within a home.

Why we need access points

Access points are used for several purposes, including: 

• Used for signal transmission and reception. Access points have antennas that transmit and receive radio signals. It converts the data it receives from the wired network into wireless signals, and vice versa.
• Supports data processing and routing. Access points contain a small processor and memory to handle data packets. It processes the incoming data, determines the correct path, and routes it between the wireless devices and the wired network.
• Enables security enforcement. Access points manage security protocols such as encryption (e.g., WPA3) and authentication methods (e.g., WPA2-Enterprise). They allow only authorized devices to connect to the network and make data transmission secure.

Managing access points

The management of access points varies depending on their use case, whether in a home, business, or industrial setting.

Consumer access points which are commonly used in houses, are usually managed by your Internet Service Providers to keep households connected to the Internet.

In commercial and industrial settings, access points are managed and monitored by the company’s IT department — often from the NOC, or network operations center. In these environments, IT professionals often need to handle more complex tasks. For example, they might need to:

• Connect large numbers of users and devices.
• Install IoT gadgets on the network.

(Related reading: IoT monitoring & network monitoring.)

How do access points work?

An access point works by combining several key components to form wireless communication within a network. An AP has:

• One or more radios
• A computer
•  A wired network port(s)

The computer may use the radios to send and receive radio waves, following public standards like Wi-Fi. Using these standards, the AP can communicate with other devices that also use the same protocols and frequencies. The AP then connects this wireless network to one or multiple wired networks through its network ports.

Here’s an example: In most homes, the access point is usually the only available physical network device needed. That will be usually provided by your Internet Service Providers. They are designed for simplicity so that it's very easy for the users to use. These consumer-grade APs offer a range of features but are limited in handling large amounts of data or supporting many devices at once.

On the other hand, commercial or industrial APs are built for more demanding environments. They support additional antennas and more powerful processors to manage higher data throughput and more connected devices.

Technologies supported by access points

Modern access points are able to serve the increasing number of smart devices in homes and businesses. They support various wireless standards, such as:

• Wi-Fi
• Bluetooth
• IoT standards like Thread and Zigbee

As the role of access points expands, they are becoming central to managing local radio frequencies and securely connecting a wide array of wireless devices, which requires more powerful onboard computers and advanced software to handle these tasks effectively.

Moreover, these APs also have the capability to enhance network security by using artificial intelligence techniques to detect and address network issues and security threats.

Different modes of access points

Access points can operate in multiple modes targeting different scenarios. The modes they support can vary from model to model and brand to brand. Therefore, this article tries to cover as many as possible.

Local mode is the default setting. In local mode devices (laptops, smartphones, and tablets) can connect directly to the access point.

Root mode. In root mode, the access point serves as the main hub of the network. It links wireless devices to the wired network. Commonly used in homes and small businesses.

Mesh mode. In mesh mode, multiple access points collaborate to form a mesh network. This mode is ideal for providing extensive coverage in large homes, campuses, or outdoor areas.

Client mode. In client mode, an access point functions as a wireless adapter for devices that lack built-in wireless capabilities. Eg:- desktop computers, printers. The access point connects to another access point or wireless network on behalf of the device. This is useful for scenarios like extending a company’s internet from a remote access point.

Sniffer mode is used for troubleshooting and monitoring wireless networks. It allows the access point to passively capture and analyze wireless traffic using tools like Wireshark.

Repeater mode extends the range of an existing wireless network. The access point receives the signal from a root AP and retransmits it.

SE-Connect Mode or Spectrum Expert Connect Mode helps you gather information about the RF spectrum of your wireless network by connecting to Cisco's spectrum expert. The access point in SE-connect mode doesn’t broadcast an SSID and doesn’t serve WLAN clients. It’s solely used for troubleshooting.

Rogue detector mode is used to identify unauthorized devices on the network. The detection process relies on analyzing MAC addresses.

Flex-connect mode is ideal for situations where you don't want a wireless LAN controller at every branch. In this mode, the access point can continue to operate and switch traffic locally, even if the connection to the WLC is lost.

Bridge mode. In bridge mode, access points connect two separate networks. There are two sub-modes: point-to-point, which connects a router's LAN to a remote access point, and point-to-multipoint, which links two LANs with a single wireless link. This mode is often used to wirelessly connect two buildings or areas.

Monitor mode helps an access point to observe all traffic on a wireless channel without linking to any access point. The AP doesn’t serve clients and scans each configured channel every 12 seconds. Useful for troubleshooting and security audits.

Factors to consider when selecting an Access Point

Are you someone looking to purchase an access point? Then you may know that there are a lot of highly competitive brands available in the market. Among these brands, some of the famous ones are Cisco, Ubiquiti, Aruba, TP-Link, Netgear, and Ruckus. These brands offer a range of access points. With so many options, it's important to consider factors like the ones below to choose the most suitable model for your home or business.

• Coverage area. Evaluate the size and layout of the area that needs wireless coverage.
• Number of users. Consider the number of devices that will be connected simultaneously.
• Performance requirements. Look at the speed and bandwidth capabilities of the access point. For high-demand environments, select APs that support the latest Wi-Fi standards for faster speeds and better performance.
• Security features. Ensure the access point offers robust security protocols like WPA3 and supports secure authentication methods.
• Scalability. Consider whether the access point can be easily integrated into a larger network if needed in the future.
• Management & monitoring. Think about how the access points will be managed. For large deployments, choose APs that offer centralized management.
• Environment. If the AP will be used outdoors or in harsh conditions, select a model designed for rugged environments.
• Cost. Balance your budget with the features and performance needed.

Best practices to follow in wireless access point security

To secure a wireless network it's highly important to focus on access points in your network. Access points are the gateways through which all wireless devices connect to your network. Therefore to minimize risks like unauthorized access, and denial of service attacks, it’s important to follow best practices such as below.

Try to use lightweight access points, which are managed by a central Wireless LAN Controller, to enforce consistent security policies across your network. This setup minimizes the risk of misconfigurations and makes it easier to manage security protocols.

Push configurations from a central controller to reduce the chances of errors. Also, disable any unused physical ports on the access point to prevent unauthorized access and potential security breaches.

Support older devices by ensuring they are on separate VLANs and restrict their access to sensitive networks. Aim to upgrade to equipment that supports the latest security standards like WPA3.

Use 802.1X authentication for robust security, especially for employee networks. For guest access, implement a redirect to a terms and conditions page and enable Opportunistic Wireless Encryption to secure traffic on public Wi-Fi.

Regularly scan for unidentified or rogue access points that might have been connected without authorization. Configure some access points to monitor for interference or suspicious activity on the network.

Disable any unnecessary features on your access points and avoid default settings – instead, make sure to change default settings as appropriate to your environment. Keep your SSID visible in the beacon as hiding it does not provide additional security benefits.