Vernier WLAN Device Secures More APs

But IS6500p lacks traffic management.

Vernier Networks Inc.s IS6500p offers a flexible, robust appliance that capably handles the security vulnerabilities of todays 802.11 WLANs. With the power-over-Ethernet capabilities added to this edition, the IS6500p can ease the task of wireless LAN deployments in small businesses and departmental offices.

The IS6500p (the IS stands for Integrated System) is the first WLAN security appliance eWEEK Labs has seen that offers built-in POE support for APs (access points). POE provides power directly from one devices Ethernet port to the end devices port over Category 5 cable. Vendors including Cisco Systems Inc., 3Com Corp. and Intel Corp. offer POE APs.

APs equipped with POE capabilities can help IT managers save time and installation costs during WLAN deployment by allowing them to place APs in locations that would otherwise be inaccessible because of the prohibitive cost of installing power cables and outlets. IT managers can extend the WLAN infrastructure in more flexible configurations to cover larger areas without having to worry about the cost of installing power outlets.

The only drawback is that not all APs on the market support POE, thus limiting IT managers to those WLAN vendors that do. Typically, lower-end products, such as those from Linksys Group Inc. and D-Link Systems Inc., do not support POE. In addition, there are two POE standards vying for dominance: the IEEEs 802.3af POE standard and Ciscos proprietary POE implementation.

The IS6500p worked with both standards in our tests. We tested the appliance with 3Coms AP 8000 (which supports the IEEE POE edition) and Ciscos Aironet 1100 Series APs (which, not surprisingly, support Ciscos approach). The IP6500p also works with APs from Cisco, Intel, Avaya Inc., 3Com and Lucent Technologies Inc.s Orinoco division, Vernier officials said.

The IS6500p shipped this month with a starting price of $8,995, which includes four 10/100M-bps POE Ethernet ports. The appliance has a compact 2U (3.5-inch) form factor and can be upgraded with as many as 12 ports to support 12 POE-enabled APs.

The IS6500p can be upgraded with an optional hardware encryption acceleration card, priced at $1,895, to improve IP Security performance. Each appliance can hold one card.

Vernier also sells a distributed setup. The AM6500 with POE support, which lists for $4,945, comprises a Central Server 6500 appliance managing multiple Access Manager 6500 WLAN appliances. The CS6500 provides a central point for managing user accounts and access policies. The AS6500 appliances are deployed at the edge of the network where the WLAN APs reside and can control user authentication and secure wireless sessions using IPSec technology.

POE support aside, Verniers IS6500p is very similar to comparably priced systems from ReefEdge Inc., SMC Networks Inc. and Bluesocket Inc.

Like ReefEdges Connect Server, the IS6500p works well in Windows shops to secure 802.11a, b and g WLANs. (See eWeek Labs review of ReefEdges Connect System 3.1.)

However, in non-Windows environments, IT managers will need to install third-party IPSec clients to reap the full benefits. This will be of greater concern at larger WLAN deployments in heterogeneous networks.

Although the IS6500p provides central management of WLAN segments connected to the appliance, it lacks the traffic management features found in ReefEdges Connect and other competing systems.

Bluesocket, for example, went the extra mile with its Wireless Gateway products, which include COS (Class of Service) ability to throttle client bandwidth usage. Bluesockets systems might therefore be a better choice for sites supporting many users via a single appliance.

Support for COS capabilities is in the works and will be available in the summer, according to Vernier officials.

Even though the IS6500p doesnt offer traffic management capabilities, its the only WLAN security appliance option for sites that want the flexibility that comes with POE APs.

We were disappointed that the IS6500p doesnt have hardware redundancy. The POE ports can be replaced by changing out the cards, but if the power supply fails, the entire system will be out of commission. A high-availability configuration is under development and will be available this summer, company officials said.

For sites that put top priority on WLAN security, employing a high-availability failover appliance pair will help eliminate downtime during hardware and power failures.

Quick Setup

The IS6500p was easy to set up in tests, and we had test clients up and running with Internet access in a matter of minutes. The Web GUI provides an easy-to-use interface for configuration tasks such as setting POE port power configurations (see screen).

We configured the IS6500p on our test network and connected a Cisco Aironet 1100 Series AP and a 3Com AP 8000 to two of the POE-enabled ports. We gave the IS6500p a static IP address and connected the uplink port to the wired network. We used the IS6500p to give our clients Dynamic Host Configuration Protocol addresses and run Network Address Translation to mask our clients IP addresses from the LAN.

Technical Analyst Francis Chu can be contacted at