A switch in time

Wireless LAN switches could drive 802.11 rollouts to the next level.

The wireless LAN switch is emerging as the missing piece that will let wireless networks scale beyond the small workgroup to full-blown enterprise implementations.

The wireless LAN switch is emerging as the missing piece that will let wireless networks scale beyond the small workgroup to full-blown enterprise implementations.

Until now, WLANs consisted of a client connecting to access points crammed full of securitymanagement and other intelligence required to control the wireless portion of the network. The problem is that managing multiple access points was an unwieldy prospect for enterprise deployments that could include hundreds or thousands of access points.

Furthermore, installing access points has been a headache. Many companies hire consultants to conduct site surveys and radio frequency planning to determine the best place for access points. That's expensive. Also, WLANs initially offered such poor security that some IT managers have outright banned them in their offices.

It all adds up to lots of interest and lots of pilot projects, but not very many enterprisewide rollouts. "Right now, it's really been mainly trial deployments," says Russ Craig, research director for Aberdeen Group.

An array of point products have hit the market over the past couple of years aimed at solving these problems. But that means if IT departments need more than one of those products to solve multiple problems, they have to become system integrators, something few departments have the budget or manpower to do.

Enter the WLAN switch. "The conclusion a bunch of folks came up with is that you make the access point a less intelligent device, and you enable a switch or a router to communicate with all the access points," Craig says. "That way you can manage them remotely and configure them from a central panel." Most new products also deliver power over Ethernet to the switches instead of requiring AC power.

Combined, these features will enable less expensive and easier deployments, which could provide a huge boost to the WLAN market. "The uptake is going to be significant," Craig says.

The term switch is a bit of a misnomer, because while the WLAN switch offers similar management and control functions as a wireline switch, it doesn't do so on a port-by-port basis and it doesn't provide dedicated bandwidth to an end user. An exact parallel essentially would require dedicating a single blast of wireless coverage per user. Until that happens, the term switch will have to suffice for the current generation of product.

Symbol switchStart-ups and old timers in the networking and wireless worlds are flocking to the wireless switching market. The list includes AireSpaceAruba Wireless NetworksNortelProximSymbol TechnologiesTrapeze Networks and Vivato. Although each aims to solve the same set of problems, they do so slightly differently, and while all but Vivato dumb down their access points, they do so to different degrees.

Dumbing down

"We're trying to drive the commoditization curve down so an access point becomes as cheap and mindless as an Ethernet port on your wall so you can put them wherever you need them," says David Callisch, marketing director for Aruba. Aruba's access point is light but not totally empty - it does air monitoring to watch for rogue access points.

Trapeze also doesn't completely strip all intelligence from the access point. "From a control and management aspect, we have a thin [access point]," says George Prodan, vice president of marketing for Trapeze. But Trapeze access points handle packet processing functions such as encryption/decryption and quality of service.

Symbol offers some of the most stripped down access points on the market, comprised of power over Ethernet capability, an omni-directional antenna and the 802.11b radio.

Trapeze switchVendors also are differentiating themselves by the degree to which they upset existing systems. The ideal solution integrates the WLAN with existing wired networks so companies can continue to take advantage of previous investments. All the vendors support that philosophy, but they ask for some level of upheaval. At the very least, they push customers to use their access points to get the best performance.

Standing out

With so many start-ups attacking the same market, the pressure to stand out from the crowd is intense. Aruba says it hopes its flexible architecture will attract customers. Users will have the option of placing the Aruba switch in the wiring closet with existing Layer 2 switches or centralizing the switch in the data center.

Where the WLAN switch sits might be a crucial selling point for many customers. Sarah Kim, an analyst for The Yankee Group, says that asking customers to replace an existing switch will be a tough sell. "There's no way anyone in this market will go to a prospective customer and say, 'Take this out of your closet,'" she says.

But Proxim does just that. Proxim's Maestro switch will replace an existing Layer 2 switch, handling wired and wireless switching in a single box. "Maestro is truly an Ethernet switch," says Georgeanne Benesch, vice president of product management at Proxim. "What we've done is added functionality to a switch to enhance it for wireless."

Still, Proxim says it thinks it has the lead on competitors because Maestro builds on the experience of Proxim's first-generation product, Harmony. Three years ago it started shipping Harmony, which centralized WLAN systems, but wasn't a full switch.

Each vendor has a heavy focus on security, offering solutions to address security at all layers. They all support 802.11 standard security mechanisms including Wi-Fi Protected Access and 802.1X, and multiple virtual LANs.

Trapeze is unique in that it doesn't support VPNs because it says the setup and tear down time is too long to allow quick enough handoffs to support voice services. Instead, Trapeze offers a variety of techniques that can encrypt transmissions over the air because the encryption happens at the access point. "It's much more powerful than a VPN termination in the switch, which leaves the rest of the connection in the clear," Prodan says. "Our wireless solution is more secure than the wired" network at most corporations, he says.

Aruba switch

Outing rogues

The way each company handles rogue access points also is worth looking at closely. Aruba's access points scan the air so that the switch can see illegal associations. The switch can send a message to a nearby authorized access point, which disconnects the client associating with the rogue access point.

Symbol's client devices look for unauthorized transmissions over the air, reporting that data back to the access points. "We make cooperation a whole solution, not just in the infrastructure," says Ray Martino, vice president and general manager at Symbol.

AirFlow's approach to rogue access points is unique because of the way it handles media access control (MAC) addresses. In a typical WLAN network, each access point has its own MAC that associates with the user's client. In an AirFlow network, the client associates with a single MAC that sits in the switch. The architecture makes roaming easy because reassociation isn't necessary when a user moves from one access point to the next because the MAC never changes. It also eliminates interference issues because each access point can operate on the same channel. "It's the networking effect as opposed to taking isolated environments and pulling them together," says President and CEO Robert Machlin.

Machlin says his competitors are providing a Band-Aid solution that connects isolated access points. Instead, Airflow redefines the shape of the network by centralizing the MAC function into the switch "so that the access points are nothing more than extension cords," he says.

One MAC address helps with security. Rogue access points can't connect to the network because they won't have the same MAC address as the rest of the WLAN network.

Customers could use different channels with AirFlow's solution, but they would do so to serve their own purposes. For example, they might want to tune the access points that serve one department to a different channel than the one next door.

AireSpace, which has deployed its platform at the Duke University Medical Center in Durham, N.C., and the University of California at Berkeley school of electrical engineering and computer science, focuses on ease of setup and operation, as well as security.

"We put a lot of energy into building a system that mediates the [radio frequency] environment automatically," says Alan Cohen, vice president of marketing for AireSpace. The system includes tools for load balancing, interference management and dealing with rogue access points.

Vivato switch

Going outdoors

Vivato has created a buzz with an unusual approach that puts it in a category of its own. Vivato's offering uses smart antenna technology to address the radio frequency shortcomings of current Wi-Fi systems. Instead of spewing radio signals out over 360 degrees, Vivato antennas focus three parallel narrow beams on clients that are using the connection. Because it focuses on narrow areas, power is concentrated and the beam can cover a greater distance than traditional access points. Even though the Vivato system complies with the 802.11 standard, the antenna can reach as far as 900 feet, replacing eight to 12 access points, Vivato's Phil Belanger says.

Still, Vivato's switches, which usually are located on each floor of an office building, must each be updated individually because all the intelligence is in the same box as the antenna and radio. Vivato has introduced an auxiliary product that ties each switch to a single management point.

Vivato also is unique in that it is selling an outdoor switch that can beam 802.11b signals over distances of up to 3,200 feet. This switch could be used on a college campus, in a downtown area or even to blast wireless connectivity from one building to another without having to install access points inside.

Nortel switchThe WLAN switch space isn't just for start-ups, however. Nortel recently jumped in the game with a product it refers to as a security switch. Nortel's main goal with the switch is to let customers administer one security policy that operates across wired and wireless networks.

"You can get to one security manager and define a policy and apply on all subsystems in a consistent and easy fashion," says Atul Bhatnager, general manager for Nortel's Ethernet switching business.

Another category of vendors makes hubs that they say can perform all the same functions as WLAN switches. Vernier Networks offers a hub connecting access points from any vendor. Bluesocket and ReefEdge fall into the same category. Bluesocket also has announced a "switch wireless gateway" that combines its existing gateway functionality with switching.

Each player in the WLAN switch space brings a slew of capabilities that each thinks will be most important to customers. But the introduction of products is really just an opening salvo. "WLAN is a relatively immature technology," Symbol's Martino notes. "The feature battle will go on forever."

Even after this story went into production, two more vendors came to our attention:

Legra Systems announced what it calls the first "wireless operating system," a Linux-based operating system that's part of its forthcoming wireless LAN switches.

Chantry Networks is touting a family of access points and Layer 3 routers. Chantry says Layer 3 functionality allows for centralized management and for the creation of virtual wireless LAN segments.

And Network World reported last week that HP is entering the market.

Learn more about this topic

Gohring is a freelance writer. She can be reached at nangohring@yahoo.com.

HP to enter crowded field with WLAN gear

HP next week will announce products for boosting wireless LAN security and management while reducing the cost and complexity of rolling out access points, according to industry sources. In doing so, HP will become the latest of several companies - both established vendors and newcomers - to introduce what are becoming known as WLAN switches. Network World, 05/12/03.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2003 IDG Communications, Inc.

IT Salary Survey: The results are in