Cisco Wireless Access Point (AP) Modes Explained

A lightweight Access Point (AP) can be configured to operate in one of the several different wireless network AP modes from the Wireless LAN Controller (WLC). The AP modes can either be client-serving or are used for network management. The following modes are the supported Cisco AP modes.


Client-Serving Cisco AP Modes

The client-serving AP modes enable the Cisco access points to provide network services to its wireless clients.

Local Mode

Local mode is the default mode for lightweight APs. It provides the BSSs and allows client devices to be associated with the wireless LANs. When the AP is not transmitting wireless client frames, it scans other channels to measure the noise and interference, discover rogue devices, and match against Intrusion Detection System (IDS) events.


FlexConnect Mode

FlexConnect AP mode enables switching traffic between an SSID and a VLAN locally if the CAPWAP to the WLC is down, even when the AP is at a remote site. It can also be configured to egress at the access point’s LAN port.


Bridge Mode or Mesh Mode

An AP in bridge mode becomes a dedicated point-to-point or point-to-multipoint bridge between networks. Two bridge mode wireless access points can be used to link two remote locations. Multiple bridge mode access points are used to form indoor or outdoor mesh wireless network deployments.


Flex+Bridge Mode

The Flex+Bridge AP mode combines the FlexConnect and the Bridge access point modes. It enables FlexConnect features on mesh AP mode access points.


Network Management Cisco AP Modes

The network management access point modes enable the Cisco access points to operate as a dedicated network management tool.

Monitor Mode

The monitor AP mode doesn’t transmit at all. It doesn’t broadcast an SSID. However, it acts as a dedicated sensor to monitor and detect the WiFi channel for IDS events, rogue access points, and it also determines the position of wireless stations via location-based services.


Rogue Detector Mode

A rogue detector AP is dedicated to detecting rogue devices on wired and wireless networks. It correlates MAC addresses on the wired network with those on wireless, and the rogue devices appear on both networks. With rogue detector AP mode, the AP can broadcast SSID, so it can still serve its clients, and the clients can still have a wireless connection to the access point.


SE-Connect Mode

SE-Connect mode enables an access point to dedicate a connection to Cisco CleanAir technology for spectrum analysis. This is utilized by PC software, such as Cisco Spectrum Expert and MetaGeek Chanalyzer, which can be remotely connected to the access point. The spectrum analysis data is collected and analyzed on all wireless channels to discover the sources of interference.


Sniffer Mode

Access points in sniffer AP mode act as a dedicated 802.11 wireless traffic receiver. The traffic is then forwarded to a machine running a network analyzer software such as Wireshark or OmniPeek for storage and further analysis. Sniffer AP mode won’t broadcast an SSID, and clients can’t connect to it, but it is helpful in troubleshooting on remote sites.


Not all Cisco access point models support all of the listed AP modes.


Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: