There is no minimum.
You can have a controller act as an endpoint for the lwapp tunnel. by doing this, the wlan traffic is encrypted from the AP trough the 1st controller and down to the other controller where the traffic can then be dumped out into a dmz or elsewhere. The APs will register with 1 or more controllers and then those controllers can pass the traffic to the other. This is more of an advanced topic though
There is no hard and fast rule as to the number of AP's installed in relation to using the WLC and LWAPP infrastructure. This is more of a "Managability" type question. Different versions of the Controller support from 6 AP's up to thousands of AP's. You can run many many AP's in Autonomous mode but the Management of these (Radio,RF,Channel Assignment etc.) can become rather time consuming and repetitive, this is where the WLC can come into play as well as implementing Security features etc. Here are some the different WLC Model/Versions;
By managing all access points as a complete wireless LAN system, Cisco wireless LAN controllers provide maximum scalability, performance, and wireless LAN control. In addition, all Cisco wireless LAN controllers can be deployed in an N+1 configuration for cost-effective, system-level resiliency. Cisco wireless LAN controllers come equipped with embedded software with Radio Resource Management (RRM) algorithms to detect and adapt to changes in the air space in real time-creating a self-configuring, self-optimizing, and self-correcting wireless LAN environment. These adjustments create the optimal topology for wireless networking in much the same way that routing protocols compute the best possible topology for IP networks.
Cisco Systems currently offers Cisco 2000 Series and 4400 Series wireless LAN controllers. Additionally, Cisco offers the Catalyst 6500 Series Wireless Services Modules (WiSM, the Cisco Catalyst 3750G Series Integrated Wireless LAN Controller and the Cisco Wireless LAN Controller Module for Cisco Integrated Services Routers (ISR).
The Cisco 2000 Series Wireless LAN Controller supports up to six lightweight access points, making it ideal for small and medium-sized enterprise facilities, such as branch offices.
The Cisco 4400 Series is available in two models-the 4402 with two Gigabit Ethernet ports comes in configurations that support 12, 25 and 50 lightweight access points, and the 4404 with four Gigabit Ethernet ports supports up to 100 lightweight access points. The 4402 provides one expansion slot and the 4404 provides two expansion slots that can be used to add enhanced functionality. The 4400 WLAN Controller supports an optional redundant power supply to ensure maximum availability. This unique combination of capabilities makes the Cisco WLAN system uniquely suited for large-scale WLAN deployments.
The Cisco WiSM smoothly integrates into existing Cisco Catalyst 6500 Series enterprise networks. It communicates using the emerging Lightweight Access Point Protocol (LWAPP) standard to establish secure connectivity between access points and modules across Layer 3 networks. The Cisco WiSM scales to deliver secure, enterprise wireless access to main, branch, and remote campuses. It is designed for medium-sized and large enterprise facilities with clustering capabilities of up to 3600 lightweight access points per roaming domain. It scales to 300 lightweight access points per module with support for 10,000+ wireless client devices. For even greater scalability, the Cisco WiSM can be deployed in conjunction with other Cisco wireless LAN controllers.
The Cisco Catalyst 3750G Integrated Wireless LAN Controller integrates wireless LAN controller functions into the highest-resiliency stackable Cisco Catalyst 3750G Series Switches and delivers improved operating efficiency and unparalleled WLAN security, mobility and ease of use for business-critical wireless LANs.
The Cisco Wireless LAN Controller Module manages up to six Cisco Aironet lightweight access points and is supported on Cisco 2800 and 3800 Series Integrated Services Routers and Cisco 3700 Series routers.
From this doc;
Hope this helps!
EDIT: Eric, you are too fast for my worthless typing skills :)
From your experience with WiSMs, or from what you have heard, what would be the Best Practice with regards to number of APs per SSID? I could see the ease of management in having 75 APs per controller in a 1:1 redundancy scenario and spreading the CPU load among numerous controllers so as to implement one SSID for upwards of hundreds of APs.
Now just because I can imagine it doesn't mean it will work. I read the Best Practice to be 25 to 60 APs per SSID because of load on the WLC CPU. Any idea if the WiSM controllers can take more than what they state in the Cisco Best Practice? Please correct me if I am wrong in my calculations or if I am not making myself clear by my question.
Thanks in advance!
With 5 WiSM's split between a 6509/6513 we run over 900 AP's with the same SSID. CPU load never goes much higher than 20-30% with around 3500 clients.
The WCS is not a must for running LWAPP with the WLC. It can be ordered with "Location" that adds some nice funtionality. The WCS does help with Management and Reporting type functions especially with multiple WLC's.
The WLSE is the Autonomous deployment management tool. The WLSE has not been completly "End of Life" although I think its safe to say that Cisco is really promoting the change to LWAPP. They even have a migration path from the WLSE to WCS in place. There are many Autonomous AP's that can be converted to LWAPP as well. Have a look;
CiscoWorks Wireless LAN Solution Engine (WLSE)
End-of-Life and End-of-Sale Notices
From this doc;
WLSE 2.11 End of Support April 19, 2010 (So if WLSE 2.13 has not yet been EOL then it is safe to say it will be sometime after this date)
Guidelines and Tools for Migrating to the Cisco Unified Wireless Network
CiscoWorks WLSE Migration to Cisco WCS
Conversion of a WLSE Autonomous Deployment to a WCS Controller Deployment
Autonomous Access Points Convertible to LWAPP
The following autonomous AP models can be converted to a WCS controller deployment.
Cisco Aironet 1230AG Series Access Point (AP 1232AG AP)
Cisco Aironet 1240AG Series Access Point (AP 1240AG AP)
Cisco Aironet 1200 Series Access Point (AP 1200)
Cisco Aironet 1100AG Series Access Points (AP 1131AG,AP 1121)
Cisco Aironet 1310AG Series Access Point (AP 1310AG AP)
Hope this helps! We bit the bullet last summer and switched from Autonomous (WLSE) to LWAPP (WLC & WCS) and it has been a good change :)
We do not use WISM's so I can't give you any practical advice here. We will have to defer to Seth's great info. That being said, I have spoken to some peers running large LWAPP deployments (500 AP's and up) that do carry the same SSID throughout (again, as noted by Seth) without issues that relate to this model.