• United States
Neal Weinberg
Contributing writer, Foundry


Oct 30, 20033 mins
Network SecurityNetwork SwitchesWi-Fi

* The Reviewmeister continues his tour of WLAN switches

Aruba is strong on security, and it offers the best combination of features.

Aruba’s 5000 switch is a modular design that supports Layer 3 forwarding, letting it route traffic between IP subnets, while other vendors’ switches are fixed-port Layer 2 devices.

Aruba’s provisioning software accepts GIF and JPEG images, but not CADs. It also takes multiple floors into account in planning access point placement. Once the plans are drawn, Aruba monitors production networks and alerts network managers of discrepancies between the plans and the actual radio frequency environment. 

In our tests, Aruba didn’t factor for the existence of a weak signal from an access point in a neighboring office, but it dynamically adjusted access point signal strength for optimal performance.

In comparing average delays across all tests with long frames, Aruba’s system held up packets the least – by an average of 32.7 millisec. That’s not enough to degrade performance for most applications, but it’s still well above the 2.5-millisec best-case delay Aruba delivered in the baseline test.

One likely explanation for the big jumps in delay is the queuing and retransmission that takes place when WLANs are overloaded.

Aruba uses standard Ethernet framing to move traffic between switches, but uses a proprietary tunneling method for controlling traffic.

Aruba’s switch offers a neat twist on rogue containment: It can distinguish between access points inside and outside a corporation. This is helpful if network managers want to disable rogues within a company but leave WLAN-enabled neighbors alone.

As for securing user traffic, all switches support the 802.1x specification for user authentication. We successfully authenticated WLAN clients through all four systems using Protected Extensible Authentication Protocol (PEAP). In all cases, the switches acted as authenticators, ferrying messages between the client and a RADIUS/PEAP server.

Aruba’s switch is also a stateful firewall, a unique offering in this test lineup. All switches offer simple packet filtering using access control lists based on a variety of Layer 2, 3 and 4 criteria.

Aruba’s security offerings were the most compelling, from its own VPN client, to the stateful firewall on its switch, to its ability to allocate bandwidth on a per-user basis. Airespace also had a strong security story with its IPSec capabilities and support for SNMP Version 3. The Symbol and Trapeze switches offered good access controls, but lacked some of the more advanced features of the Aruba or Airespace devices.

For the full report go to