With the rapid proliferation of centralized wireless LAN solutions geared toward smaller networks (and priced accordingly), eWEEK Labs expects that more small businesses and remote offices will turn to the wireless switch platform and its “thin” access points.
Despite recent contractions in the marketplace, wireless switches are an extremely attractive alternative to “thick,” or intelligent, access points for enterprises of all sizes. Many of the early wireless switch systems were targeted at midsize and larger networks, but the combination of services that newer devices deliver is just as compelling for smaller networks, given the right price point and port density.
Last years ratification of the IEEE 802.11i security standard and the resulting WPA2 (Wi-Fi Protected Access 2) certification program have solved the encryption problems that plagued early WLANs and allowed businesses of all sizes to begin seriously considering adoption of wireless technology. But taking advantage of 802.11i means replacing devices that cant support the standards AES (Advanced Encryption Standard).
Implementing the strongest WLAN security—AES with 802.1x port-based authentication can be a complicated undertaking for companies that lack appropriate AAA (Authentication, Authorization and Accounting) services on their networks. Some wireless switch vendors are bridging this gap by integrating AAA services, eliminating the need for customers to install and maintain a separate RADIUS server just for the wireless network.
Wireless switches require only a single point of configuration to control the entire network, including security, RF (radio frequency) management, monitoring and software version control.
In addition to the gains wireless switches represent for security and management of WLANs, these devices also provide 802.3af-compliant POE (power over Ethernet) to power access points. This means that companies only need to pull Ethernet cable to deploy access points.
The best branch-office wireless switches will also provide some measure of wireless intrusion detection capabilities, helping detect and locate wireless attacks, such as man-in-middle or DoS (denial of service), without requiring separate overlay defensive networks.
Detection of rogue access points is fairly common in this class of products. Administrators should also expect intelligence that can detect whether a rogue is connected to the protected network and to be able to send deauthorization signals that deny access to an intruder and help locate the device quickly.
Technical Analyst Andrew Garcia can be reached at [email protected].