• United States

Virtual APs solve contention, security problems

Jun 07, 20042 mins
Cellular NetworksNetwork Security

* Multiple MACs in one AP come in handy

The networking community seems to be regularly trying to “fix” converged networks to make them work more like their circuit-switched predecessors.

For example, we need to somehow make IP networks prioritize traffic. Or segregate it. Or to just perform better when multiple apps are mixed together.

In the case of wireless LANs (WLAN), a nifty concept known as the “virtual access point (AP)” has emerged to help out on this score. Virtual APs support different services or service classes in a single infrastructure radio. Among the vendors offering this capability are Aruba Wireless Networks, Colubris Networks and Symbol Technologies.

Meru Networks runs what it calls a virtual AP architecture, too, but it uses the terminology a bit differently.

This newsletter will describe the first type of virtual AP, which involves splitting a single physical AP into multiple 802.11 MACs or basic service set identifiers (BSSID). The idea is that you can basically multiply the number of APs in your radio-frequency footprint using the virtual technology. This can come in quite handy.

Colubris first got into the act for a very practical reason: the need for overlapping wireless ISPs in public venues to share infrastructure but segregate their services and back-end systems. It can be bad for branding and billing if existing subscribers get confused figuring out whose network to connect to when in a hot spot.

Virtual APs can also be helpful for enforcing different quality-of-service levels and security schemes throughout enterprises.

For example, most 802.11 phones today support the older Wired Equivalent Privacy (WEP) form of security, not the more robust Wi-Fi Protected Access (WPA). In a mixed WEP/WPA WLAN, security falls back to the lowest common denominator, thus degrading the security of the overall WLAN to WEP.

(Side note: Wireless voice company SpectraLink says its 802.11 handsets will support WPA this year “sooner rather than later.”)

In a virtual AP environment from the likes of Aruba, Colubris and Symbol, however, WEP and WPA communities can co-reside within a common physical AP to avoid this problem.

In addition to security and hot spot applications, voice or other types of traffic tagged with particular priority can be segregated using virtual APs.

All the companies mentioned support 16 virtual APs. There must be some mathematical reason. But let’s just take it at face value for now.