• United States

How we did it

Sep 22, 20032 mins
Network Security

How we tested the various WLAN switches.

We asked wireless LAN switch providers to supply two switches and at least four 802.11b access points for this evaluation. We assessed products in terms of provisioning, management, security and performance.

For the provisioning and management tests, we created a “mini-RFP” for a fictional company. Embedded within the mini-RFP were numerous questions regarding WLAN provisioning and management. Each vendor gave us an in-person demonstration of their response to the mini-RFP, and we created a features comparison from the results of the demonstrations.

We also conducted tests of 802.1x authentication and roaming. For these, we used IBM Thinkpad R40s as clients and Microsoft Windows 2000 Advanced Server’s Internet Authentication Server as a Protected Extensible Authentication Protocol server.

To verify the authentication exchanges (and for general troubleshooting), we used the Airopeek NX wireless protocol analyzer and RFGrabber remote wireless probe, both from WildPackets.

For the security tests, we ran overnight tests using FakeAP, an open source penetration test tool that broadcasts beacon messages from four unique rogue access points per second. We looked for two things in the security test: Whether switches or APs would stay up despite the barrage of beacons from FakeAP, and whether the switches would detect and report the FakeAP attack.

For performance testing, we used four Netwarrior traffic generator/analyzer units from Qosmetrix. One unit served as a traffic generator on the wired Ethernet side, while three other units acted as wireless clients (see the figure). The wired Netwarrior offered frames to each wireless client at a fixed rate – either 500 or 1,000 frames per second. Because the Netwarriors use GPS timestamps, we could measure not only transmission rates but also delay and jitter with 40-nanosecond precision. We conducted tests with both 1464- and 132-byte UDP/IP packets (with lengths as measured on the wireless side).

Back to review: Wireless LAN switches