Companies looking for an end-to-end Wi-Fi access, security and management solution will be hard-pressed to find a more complete, robust set of products than Airespace Inc.s Wireless Enterprise Platform suite.
eWEEK Labs tested the $12,000 Airespace 4024 WLAN Switch with an IP Security accelerator, as well as two Airespace 1200 access points, at $400 each, that support 802.11a, b and g. We also tested the new $750 1200R REAP(Remote Edge Access Point) and Version 2.0 of the companys ACS (Airespace Control System) software, which aggregates control and configuration of all switches and access points. ACS 2.0 is priced at $1,000 for 12 access points.
The ACS 2.0 software, which began shipping last month, includes improved location tracking for clients and rogue devices, expanded site survey and access point deployment capabilities, and improved VLAN (virtual LAN) support. The 1200R REAP, which also shipped last month, enables Layer 3-based functionality for branch offices, which obviates the expense of deploying WLAN Switches at every location.
Airespaces platform uses LWAPP (Light Weight Access Point Protocol), the companys proposed standard, to encapsulate communication between access points and switches.
Both the 16- and 24-port WLAN Switch devices offer in-line 802.3af-compliant POE (Power over Ethernet) capabilities to power the remote access point units. Therefore, companies that already have POE switches in the wiring closet may prefer the Airespace 4100 WLAN Appliance instead of the WLAN Switch models.
The Airespace products unrivaled RF (radio frequency) features set the platform apart in the increasingly crowded wireless switching marketplace. The Airewave Director control plane software provides radio scanning abilities for the Airewave 1200 and 1200R access points during normal operation. The 802.11 specification requires access points to have a quiet period after a broadcast, allowing other devices to use the network. Airewave Director uses this quiet period to switch to monitoring mode, enabling access points to covertly scan the airwaves for rogues, known devices and interference.
In tests, Airewave Director identified channel interference, then automatically adjusted channel and signal strength settings to optimize coverage and reliability. Using ACS, we identified a neighbors access point on 802.11b channel 11, then marked the unit as “known.” Airewave Director then automatically reconfigured the channel distribution on our test access points to minimize interference on channel 11.
The systems monitoring function provides effective intrusion protection against unknown access points or ad hoc networks. When a possible rogue is discovered, the access points attempt to join the rogue network to see if they can find their way back to the WLAN Switch over the wired network. This provides predictive analysis of the rogues threat.
Once ACS identifies a valid threat, administrators can use the softwares containment feature to lock down the airwaves. Airespace access points identify the clients involved and bombard them with signals to drop the radio connection, making it quite difficult to maintain state.
We found this feature to be very effective in tests, depending on the client hardware and drivers. Airespace constantly updates the containment feature to deal with new products and driver revisions, company officials said.
The handy Client Watch List feature allowed us to track and monitor specific users or hardware devices over time, sending alerts or traps if the client performance fell below a configurable threshold.
By default, ACS tracks clients and rogues by identifying the closest access point. Companies that need more accurate measurements can purchase the optional $4,000 advanced tracking module with RF fingerprinting. (We did not test this module.)
By customizing the media access control sublayer, Airespace achieves outstanding performance from its 1200 and 1200R REAP access points, averaging more than 6.8M-bps throughput in our 802.11b environment. However, when the rogue containment feature was enabled, we found it reduced performance by as much as 34 percent.
In ACS 2.0, Airespace has ditched its first-generation Java-based management console in favor of a slick Web-based interface. Using this revamped management dashboard, we easily imported our office floor plan and placed access points to predict coverage areas. It was a snap to then create access and security templates to apply to access points and switches.
The 1200R REAPs are remarkably easy to deploy. After briefly plugging a 1200R REAP into the 4024 switch, the REAP can be shipped to the branch office with the switch address embedded in memory. Additional 1200R REAPs dont ever need to be plugged into the switch—instead, these devices can locate the switch IP address via a wireless communication to the first 1200R REAP device.
All Airespace access points support 802.3af for POE or an individual power supply, making it simple to place the 1200R REAP in the most appropriate location.
When deployed at the remote site, the 1200R REAP utilizes a Layer 3-modified version of LWAPP to find the switch via the WAN and download the appropriate configuration and policy data. Network administrators should keep in mind, however, that they must maintain a VPN tunnel between sites or open User Datagram Protocol ports 12222 and 12223 on intermediary firewalls. For security purposes, we highly recommend using an intersite VPN.
Unlike the 1200 access points, the 1200R REAPs will continue to offer WLAN (wireless LAN) service if the link to the switch is temporarily lost.
With ACS 2.0, Airespace offers expanded VLAN support. Version 1.0 enabled administrators to tie wireless network names to specific VLANs. For Version 2.0, in contrast, Airespace took a page from Trapeze Networks Inc.s competing Mobility System, providing the ability to promote a single network name tied to multiple VLANs, depending on user credentials. Airespace supports Remote Authentication Dial-In User Service or an internal database for authentication.
The Airespace platform offers an impressive array of security options, including support for Wi-Fi Protected Access, 802.1x and Wired Equivalent Privacy for Layer 2 security, and an IPSec end point for Layer 3 encryption. In addition, company officials said Airespace will soon offer a version that supports the Federal Information Processing Standard.
ACS back-end database, which is based on Solid Information Technology Corp.s FlowEngine database, was a little troublesome in tests. ACS locked up several times, requiring us to restart services and the database, which can be an ordeal. Wed like to see Airespace allow customers to use existing Oracle Corp. or SQL database implementations in the future.
Discuss This in the eWEEK Forum
Technical Analyst Andrew Garcia can be reached at [email protected].