WLAN security shootout
WLAN switches have deposed the intelligent access points of yesteryear. Are they really better? And which WLAN switch is best?
Follow @infoworldThree years ago, when we launched the Advanced Network Computing Laboratory (ANCL) for wireless connectivity, there were no architecture choices. The intelligent AP (access point) was all that was available, so that's what we used in our own facility. In fact, up until 24 months ago, AP vendors such as Cisco and Enterasys were the only proven choices for the enterprise.
For those with big budgets, the intelligent AP was a viable alternative, but it incurred high costs beyond the hefty initial hardware investment. In this deployment model, every AP manages security and authentication locally, making each AP not only a management requirement but a potential security hole as well. Considering the world lacked centralized AP-management tools, this meant quite a bit work for administrators managing WLANs of more than 50 access points.
Today, wireless architecture has evolved to fit better with enterprise network management. The WLAN switch takes the burden of security off tiny, sweating CPUs in access points and places it squarely on burly, dedicated CPUs within centralized, rack-based devices. Using technologies such as 802.1x, WPA (Wi-Fi Protected Access), RADIUS servers, and Kerberos, WLAN switches do an excellent job at keeping hackers off your network, segmenting wireless users effectively within the network while increasing reliability and mobility in the bargain.
Because our ANCL testing facility at the University of Hawaii was in need of a WLAN infrastructure upgrade anyway, we decided to haul some WLAN switches into the lab and put them through their paces. Initially, we invited Airespace, Aruba, Extreme Networks, Symbol Technologies, and Trapeze Networks. We wanted to run tests that the other magazines hadn't run, including tests that concentrated on advanced security and active roaming. Further, instead of positioning this review as a product-against-product competition, we made sure the vendors knew we were comparing their WLAN solutions against thick AP architectures as well as against each other.
Perhaps that angle bothered some vendors. In any event, we were shocked that only two invitees, Aruba and Trapeze, decided to play after viewing our test plan. As it turned out, the low turnout was only the first in a long line of unexpected results.
The Switch to Better WLAN Management
Before examining those results, it's worth reviewing WLAN switch architecture. First and foremost, it takes the brains out of the access point. APs are simply transceivers that lead back to one place: the WLAN switch. All the intelligence is centralized in the switch, beefed up with CPU muscle and optimized for 802.11 packet processing, mobility management, and -- above all -- security. APs simply move radio waves and connect back to the WLAN switch at layer 2 and layer 3.
Centralized intelligence in a WLAN architecture enables faster deployment of advanced security and management, partly by virtue of sheer muscle. Thick access points, no matter how thick they get, are still anemic when compared to a rack-mounted box.
Supporting 802.11 at layer 2 and IP traffic at layer 3, WLAN switches are further optimized to manage WLAN air-based traffic, administrate remote AP devices, and provide high-grade, 802.1x-based authentication either within the chassis or by linking back to a RADIUS server already in place on the network.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 25% | 20% | 15% | 15% | 15% | 10% | ||
| Aruba 2400 Wireless LAN Switching System | 9 | 8 | 8 | 7 | 8 | 9 |
8.2
Very Good
|
| 25% | 20% | 15% | 15% | 15% | 10% | ||
| Trapeze MX-20 Mobility System | 8 | 9 | 9 | 9 | 9 | 8 |
8.7
Very Good
|
