• United States
by Doug Klein

The enterprise is ready for end-to-end wireless LANs

Apr 07, 20033 mins
Cellular NetworksNetwork Security

The enterprise is ready for wireless LANs for three reasons: instant ROI, deployment solutions and current rollouts underway

The enterprise is ready for wireless LANs for three reasons: replacing cable with wireless gives companies an instant ROI; deployment issues have established solutions; and rollouts are well under way. One wireless access point typically saves a company significantly more than the labor cost of running wire. Multiply these savings by thousands of users, and it’s easy to see why access points are rapidly appearing across companies.

Although to some the phrase “enterprise wireless LAN” implies a network of hundreds of access points, most companies deploy tens of access points, not hundreds or thousands. A wireless LAN with 20 access points easily serves 1,000 users. So the most pressing deployment issues are not how to manage large numbers of devices, but how to manage the rights and services for hundreds or thousands of users.


Do you think enterprises are ready for end-to-end wireless LANs? Add your thoughts and debate the issue with Klein and Andrade.

The other side, by Merwyn Andrade

In an enterprise environment, the IT organization maps corporate policies onto the computing and network infrastructure. Users are granted access to resources based on their identity, role in the organization and other related factors.

In the wired LAN, these policies are applied to physical ports in the switching fabric – the ports where specific users connect. This model is completely flawed for wireless LANs, where radio signals bleed through walls, shared access points connect multiple users and mobility implies a mix of users at any access point.

The objective is to support user mobility while letting administrators apply network access policies appropriately. Administrators should be able to use the same policy servers for the wireless LAN as they do for the wired LAN. Ideally, a system should support multiple standard authentication mechanisms for maximum flexibility. Control must not rely on any physical device, but instead reflect the user’s identity, time of day and current location.

In addition to maintaining network security, the ideal approach assures the integrity of user data as it travels across the “open” radio network on its way to the wired LAN. The system needs to support the varying needs of data encryption, ranging from none (open, insecure access) to very high (VPN-level data security).

Network access policy and security requirements must survive in an environment where users are moving. Any system that requires user intervention (relogging on, reconfiguring devices) to fulfill the organization’s security requirements will fail. And as the network grows, the system must scale to supply consistent levels of mobility, security and control, as well as adapt to support new and evolving standards.

By implementing a wireless LAN with awareness of the issues and requirements for a secure network, IT organizations are embracing this technology, improving user services while delivering the security and integrity that modern network practices demand.

Klein is CTO for Vernier Networks, a developer of wireless network infrastructure systems. He can be reached at