WLAN Switching: Managing Wireless Access Points
The number of wireless local area network (WLAN) users in North America is growing at a rapid rate, according to Gartner—from less than 5 million in 2003 to more than 30 million in 2007. This isn’t making things easy for network administrators who have to deal with the challenges raised by WLANs, such as rogue access points and careless users. With the introduction of the “wireless switch,” network administrators will be able to scale up their WLANs, while at the same time handling issues around security, management, cost, reliability and mobility.
The problem with WLANs that don’t use WLAN switches is that too much intelligence resides at the access point, which means each access point must be managed separately. In addition, each access point offers a potential doorway into the network for hackers and other miscreants. WLAN switches take the intelligence from the access point and bring it to the switch. In addition to allowing more centralized management of the WLAN, this architecture can also help network administrators cope with rogue access points, even allowing them to disconnect the problem users from a central location.
Switch vendors have a relatively long history, and the regular players there also play in this market. Alcatel’s OmniAccess 4000 WLAN Switch is a part of Alcatel’s wireless enterprise solution, which coordinates security, radio frequency (RF) management, intrusion detection, quality of service and mobility functions across the WLAN. Working with other products from Alcatel and third-party access points, this switch comes in two models, delivers wire-speed switching and can be deployed without modifying existing routing and switching infrastructures and without touching access points. It includes detection, location and containment of rogue access points, as well as VPN termination and more.
No story about switching would be complete without Cisco Systems. The Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) is part of the Catalyst 6500 Series of multilayer switches. This is more than a simple switch: It is an enterprise-class wireless and wireline switching system that allows network administrators to securely and easily manage WLANs. It allows for secure Layer 3 roaming, segmentation and individual authentication, access control, VPN services and network-based intrusion detection. It provides a single point of entry for wireless traffic and can support up to 300 Cisco Aironet Series access points and 6,000 users in any existing Catalyst 6500 Series switch that is running a Supervisor Engine 720.
Nortel Networks WLAN Security Switch 2250 provides security to the entire WLAN from a central point, including VPN encryption, firewalls, global filters and mobile adaptive tunneling. The switch allows wireless sessions to continue as users move across IP subnets, and it detects rogue access points and notifies the network administrator via the GUI.
HP has also gotten into the wireless switch space with the HP ProCurve Access Controller 720wl, part of the ProCurve 700wl Secure Access Series, which provides campus-wide security and supports seamless roaming. Access is controlled by user, location and time of day. Simple and centralized management helps network administrators apply access policies.
A Layer 3 solution, Extreme Networks Summit 300-24 WLAN switch offers power over Ethernet on 24 ports. Access points can be deployed and managed throughout the building, supporting multiple data and voice applications, both wired and wireless. It provides a single authentication infrastructure for wired and wireless systems, helping network administrators to ensure consistency. It also includes hardware-accelerated advanced encryption services and RC4 encryption. It detects and reports rogue access points and can be managed and monitored from a central location with the EPICenter management platform or any other SNMP-based product.
Symbol Technologies offers two wireless switches: WS 5000 and WS 2000. The WS 5000 uses a media-independent access port architecture and supports 802.11a, 802.11b and 802.11g, as well as legacy access points, and it is upgradeable to future 802.11 standards. It includes access control, authentication and encryption, and provides support for access control lists, Kerberos and certificate-based public key infrastructure (PKI). The WS 2000 offers similar functionality, but is designed and priced for smaller organizations.
Other vendors offering wireless LAN switch solutions include Trapeze Networks (Trapeze MX-20 Mobility System and Trapeze Mobility Exchange), Airespace (AS4024), Aruba Wireless Networks (2400 Wireless LAN Switching System, 5000 Switch) and more. Chantry Networks offers similar functionality, using a routing architecture, rather than a switching solution. Of course, the key to choosing the right vendor is first making sure that the product satisfies your organization’s requirements for security, management, mobility and cost, and then making sure the vendor you’re dealing with is likely to be around for the long haul.
Emily Hollis is managing editor for Certification Magazine. She can be reached at firstname.lastname@example.org.