In our last newsletter we talked about whether wired and wireless LAN devices in a small-business environment should be converged or separate. Clearly, allowing both types of devices to use the same Internet connection is generally good. But should both be on the same network? It depends.
We came up with this question when testing an Intertex IX-66 router. As explained last time, the default setting for this device is to have the wired and wireless LAN devices use separate sets of IP Class-C addresses. But if you want to have both wired and wireless connections treated as a single network, a few mouse clicks change the configuration so the connections are bridged.
From our perspective, it really is a matter of personal choice, and the flexibility to support both types of configurations is a plus.
The separate-nets approach provides a measure of security since the two networks are connected through the router. As our fellow analyst Joanie Wexler, who authors the Network World Wireless in the Enterprise newsletter, explains, "You would, indeed, want to keep your wireless and wired traffic in separate subnets (or virtual LANs) if you were an enterprise. Wireless networks usually have different access rights associated with them than wired nets. They are usually treated as an ‘untrusted’ network, much like the public Internet. And, within wireless networks, wireless phones often are on their own subnet/VLAN with even a lower level of access rights associated with them, because most support [Wired Equivalent Privacy] at best, bringing the WLAN security down to an even lower common denominator. Soon, wireless phones will support [the more sophisticated Wi-Fi Protected Access], so that distinction might soon go away.”
For small businesses, this is less clear of a call. If the office is supporting both wireless and wired devices for typical small office and branch office tasks such as Windows-based file and printer sharing, then having both types of devices using the same address space is much easier.
Further, the IX66 has an option to allow only devices with known, predefined MAC addresses to connect to the network, adding a fairly significant measure of security. On the other hand, a branch office that has only permanent wired connections might choose to use separate network address spaces so visitors could have wireless access Internet access without having access to the corporate information.