Security standards aside, wireless gear vendors are peppering their products with other features that can help secure WLANs, including access controls, VPN technologies and tools to locate and lock out rogue users.

One of the most common security features of the access points tested was MAC-based access controls. 3Com, Actiontec, Airespace, Aruba, Buffalo, Cisco, HP, Netgear, Proxim, SMC and Trapeze all support this feature. To use these controls, you need to know the Ethernet address of every wireless card that will connect to your network. It might seem tedious, but it helps defend against casual attackers.

MAC-based access controls come in two flavors. Access points designed for home use force you to keep a static list of MAC addresses on the access point. This technique has become popular enough that access point and wireless switch vendors have scaled this technique so that multiple access points can look up the static MAC address in a RADIUS server to see if it's allowed on the network.

Access control of the second sort comes in built-in firewalls shipped as part of an access point. Some access points, such as 3Com's WL-450, do a very simple type of packet filtering, primarily designed to keep garbage such as IPX routing broadcasts off your WLAN. Others have a more sophisticated set of packet filters for access controls. For example, the Airespace switch and the Buffalo, Cisco, HP and Proxim access points all let you control access up to the IP level. For serious firewalling, Aruba packs a full, stateful firewall into its wireless switch equipment.

Trapeze's access controls apply to the actual authenticated user. Most products define controls based on which WLAN you are on, so all users on that LAN get the same access list. However, Trapeze actually ties the IP access list to authenticated users, so your access list is defined based on your authentication information. Airespace offers a similar feature as an option.  When using RADIUS for authentication, you can also send down an access control list name that will apply to that particular user.