We have a combination of lightweight access points (LWAPs) supported by centrallized controllers. Currently we're getting logs from both the controllers and the LWAPs sent to enVision. This causes some challenges as the LWAPs are DHCP addressed and pop up and down in a somewhat chaotic fashion, causing our device list to expand quite a bit and our license to be depleted. Looking at the logs generated, most of the security elements that I'm interested in (primarily authentication info) looks to come from the controller, with little of value from the LWAPs themselves (primarily Cisco, but some other vendors as well). I'm considering having the LWAPs stop feeding into enVision and concentrate only on the controllers.
Have others tackled enterprise wireless deployments of this sort? Have you come to the same (or different) conclusions?