• United States
by Keerti Melkote

An overlay approach is better than using a unified WLAN

May 10, 20043 mins
Cellular NetworksNetwork SecuritySecurity

Two industry insiders debate whether Wi-Fi should be deployed as an extension to the wired LAN.

An overlay results in no logical or physical changes to the wired LAN and is more secure, less disruptive and more cost-effective than the unified access approach.

Wireless networks are completely different from their wired brethren and should be treated as such. Merely adding wireless as a feature to existing wired networks quickly turns into a security and management nightmare, for several reasons:

•  Wireless networks are inherently insecure. Radio frequency waves penetrate walls and flow into parking lots. Locking the RF environment is essential to maintaining the privacy of the enterprise network. That’s only the beginning. All integral components of a wireless network such as secure user authentication strong encryption, containing wireless intrusions and rogue transmissions, and stateful firewalling can’t be simply bolted onto the corporate intranet.

The other side by Vipin Jain

Face-off forum

Debate the issue with Jain and Melkote.

•  RF spectrum is shared and dynamic. Wi-Fi’s unlicensed spectrum is free to anyone for any application. Other radio frequency sources, such as neighboring access points and cordless phones, can cause interference problems. Constant real-time monitoring and radio frequency spectrum management is required to combat this reality. Self-calibrating wireless LAN (WLAN) capabilities also are mandatory for operating a wireless network, including dynamic channel allocation and automatic power assignment, interference detection and mitigation, self-healing and load balancing. Moreover, sharing the air requires the use of new quality-of-service (QoS) mechanisms for prioritizing access to the medium along with methods that minimize jitter and maximize battery power for handheld devices. Wired networks don’t know or care about any of these requirements. Trying to incrementally add them disrupts what already works.

•  Wireless networks require mobility. An enterprise Wi-Fi network is like a cellular network in that roaming and seamless handoffs are an implicit expectation. Like a cellular network that uses the IP network for transport, so should the WLAN. An enterprise Wi-Fi user can roam across multiple LAN ports and multiple wired LAN switches in the network while staying connected to the network. Ultimately, wired networks must aggregate user ports and deliver wire-speed transport for TCP/IP traffic. But Wi-Fi networks need to process and forward traffic based on user identity, location and presence while delivering security, mobility, RF spectrum management and QoS for emerging wireless applications.

Anchoring the wireless network to a wired switch artificially limits your ability to evolve the two networks independently. As wireless access points proliferate throughout the enterprise, an integrated approach requires that wired edge switches be upgraded throughout the network. This can be expensive compared with an overlay architecture that aggregates wireless intelligence at a centralized point with thin access points deployed at the edge. Thin access points tunnel wireless traffic transparently over the wired LAN and are centrally controlled by dedicated wireless switches. This results in no logical or physical changes to the wired LAN and is more secure, less disruptive and more cost-effective than the unified access approach.

Melkote is co-founder and vice president of product marketing at Aruba Wireless Networks. He can be reached at