• United States
by Merwyn Andrade

Security and deployment obstacles to enterprisewide WLANs

Apr 07, 20033 mins
Cellular NetworksNetwork Security

Until tools are available that will let network managers effectively deploy, secure and manage wireless LANs, 802.11 technology will continue to languish in the enterprise. Without a structured architectural blueprint by which companies can operate and scale wireless LANs, extending them across the campus will be more complex and costly than using current technology.

Two huge obstacles are stifling enterprisewide adoption of wireless LANs: mobile security and deployment. With wireless LANs, your network is now in the air. Consequently, it’s essential to have a clear view and complete control of the airspace.Not only must you be able to identify malicious users and rogue access points, but also take action automatically against unauthorized activity.


Do you think enterprises are ready for end-to-end wireless LANs? Add your thoughts and debate the issue with Klein and Andrade.

The other side, by Doug Klein

Today’s wireless LAN appliances are point products that address only a one aspect of the security problem. To deploy a secure wireless LAN with these products, an appliance is needed that detects rogue access points, another that does user authentication and access control, and yet another that terminates VPNs. Network managers cannot live with such a disjointed approach to wireless LAN security. An approach that addresses all aspects of security and lets network managers quickly enact changes across the wireless LAN is key to enterprise wireless LAN deployment.

In today’s wireless LAN model, security and wireless intelligence are largely distributed in access points – which is difficult to manage and a nightmare to upgrade. This leads to the second obstacle: large-scale deployment. Simply put, given the limitations of wireless LAN technology, companies have found it next to impossible to deploy wireless LANs beyond small pockets.

Clearly missing is the ability for network managers to capture 802.11 packets out of the air and process those packets centrally. This is essential to troubleshooting wireless LANs, monitoring station-to-access point associations, evaluating traffic flows, load balancing traffic, automating around failures or changing channel and coverage settings when traffic patterns change. Without such capabilities, network managers cannot build and manage large wireless infrastructures.

But new wireless LAN switching technology has emerged to give network managers a centralized model and the tools necessary to deploy, scale and secure enterprise wireless LANs. A centralized switch in the wiring closet or data center controls and coordinates access points that provide user access and air monitoring. All changes to and control of the wireless LAN is streamlined and automated. This lowers operational management costs, solves the security upgrade problem and radically simplifies deployment – leaving users unplugged but well-connected.

Andrade is director of technology at Aruba Wireless Networks and is a contributor to the IEEE 802.11i security specification. He can be reached at