Symbol Technologies WS 2000 Wireless Switch is an easy-to-configure, capable wireless solution for small offices. However, it lacks many of the more intelligent RF (radio frequency) control capabilities and enterprise-grade management features that larger companies would want for branch offices.
Symbol continually beats its competition to market with new wireless switch products—for example, no other company had a small-business-oriented wireless switch for about six months after Symbol released the WS 2000. However, competing products from Trapeze Networks, Aruba Wireless Networks and Airespace Inc. have quickly surpassed the WS 2000s features with offerings such as dynamic radio cell configuration and channel allocation, integrated AAA (Authentication, Authorization and Accounting) services, rogue detection, and wireless intrusion prevention services.
We tested Version 1.5 of the WS 2000, which sells for $999 and began shipping in November. Version 1.5 includes enhancements to the switchs built-in firewall, IP Security tunneling capabilities to third-party concentrators, and AES support for compliance with WPA2 (Wi-Fi Protected Access 2) and IEEE 802.11i. Version 1.5 also gains support for IEEE 802.11a-enabled radios, such as Symbol a/b/g-compliant AP-300s, which sell for $349.
Ongoing management of the WS 2000 can be performed via the command line or a browser-based Java GUI. Oddly, WS 2000 Version 1.5 does not yet integrate with SEMM (Symbol Enterprise Mobility Manager), Symbols scalable wireless management platform. Each WS 2000, therefore, must be configured separately. Symbol representatives said SEMM support will be added to the WS 2000 by the end of March.
The WS 2000 can manage as many as six Access Ports, each of which can be directly connected to any of the WS 2000s four IEEE 802.3af-compliant POE (power over Ethernet) switch ports. The WS 2000 also easily accommodated Access Ports connected to a downstream POE-compliant switch through one of the WS 2000s other two LAN ports.
Unlike Trapezes MXR-2, the WS 2000 needs to be installed in the data path between the wired and wireless networks. Symbols Access Ports communicate with the WS 2000 via Layer 2, and IP traffic from clients is encapsulated in a Layer 2 frame between the Access Port and wireless switch.
With the built-in stateful inspection firewall, the WS 2000 could be deployed as an edge device, although Symbol representatives acknowledge a customer trend toward deploying the switch inside a pre-existing firewall. This reduces the need for the switchs new IPSec features, however.
The WS 2000 supports as many as four concurrent WLANs (wireless LANs), each of which can be configured with different wireless encryption rules. We could assign the WLANs, as well as the physical switch ports on the WS 2000, to individual NAT (Network Address Translation) subnets. (Up to four subnets are supported.) Each subnet can be configured with different firewall policies.
From the Java GUI, we easily configured an unencrypted public WLAN and two separate corporate LANs—one with 802.1x authentication and TKIP (Temporal Key Integrity Protocol) and the other with WPA-PSK (WPA-Pre-shared Key). The public WLAN had access only to Web, e-mail and DNS (Domain Name System) services on the Internet, while the corporate WLANs had full Internet access and could intercommunicate, as well .
The WS 2000 integrated seamlessly with our Funk Software Inc. Steel-Belted RADIUS Server to provide 802.1x authentication—a much more straightforward process than with the Trapeze product. However, because the WS 2000 is best suited at this time for stand-alone small offices, wed like to see Symbol integrate AAA services into the platform to provide strong wireless encryption for companies that may not otherwise run a RADIUS server.
The WS 2000s RF features are fairly rudimentary. Although channel allocation and signal strength can be assigned with a default policy, administrators must manually adjust each Access Port to avoid interference or to maximize coverage. Amazingly, the WS 2000 does not yet offer RF monitoring, so no wireless IDS—let alone rogue detection—is possible at this time.
Symbol officials said they expect to add many of these missing features in the next software release, due this summer.