WLAN Switches: Time to Add-on

By Eric Griffith

October 20, 2003

It might seem like just yesterday that the first round of switches arrived, but startup companies like Aruba and Vivato are already releasing sequel products to keep their offerings of interest to enterprises.

Is the success of the wireless LAN switch market in question? You wouldn't think so when you talk to the companies involved. The money keeps flowing in (Vivato alone got $44.5 million from investors like Intel this year; Airespace got $22 million in series C funding in July; last month, Aruba Networks got $20 million in its second round) and now some of these startups are releasing sequels to their initial products.

Vivato's much vaunted switch, which keeps all the smarts at in a wall-mounted panel, today announced details on its dual-radio Vivato Wi-Fi Bridge/Router. Inside are two 200mW radios, one for point-to-point bridging via Wireless Distribution System (WDS), the other working as a straight-up access point to Wi-FI clients. Of course this product isn't meant to replace the Indoor switch, but compliment it. The unit can receive backhaul directly from a full Vivato Indoor or Outdoor switch. This product will be Vivato's most affordable yet -- only $495 (compare to the 2.4GHz Indoor switch which goes for $8,995).

A product also meant to compliment the original is the Aruba 800. This is a full-fledged switch, the size of an appliance, from Aruba Networks. The 800's claims to fame, according to Aruba co-founder and vice president of product management marketing Keerti Melkote, include a lower cost ($2,995) than the existing modular Aruba 5000, and a new WLAN multiplexing ability, which they call Wi-Fi Mux.

The Mux function is targeted at "customers who have legacy access points, to see how they could integrate our wireless LAN architecture," says Melkote. The 800 sits in-between the main switch (the 5000) at the network center and the "fat APs" on the network edge, creating an IP tunnel between the two -- effectively turning the legacy access point into a "thin AP." This would work primarily for a campus or large building setting; in a disconnected branch office the 800 would work as a switch.

Craig Mathias, principal at the Farpoint Group, says of the Mux feature, "It's a very interesting approach, essentially an entry-level WLAN switch that can then serve in a hierarchical configuration as the network grows. I expect this implementation to become quite common over time."

Third party access points connected to the 800 get not only 802.3af Power over Ethernet (PoE) but the stackable 800 has serial capability on each port as well for administrators to use in controlling AP settings.

Unlike the Aruba 5000, which is modular and can have any piece swapped in and out, the 800 can only change its uplike (either Ethernet or Fiber). Otherwise, its a standalone, fixed function unit.

In addition to releasing the 800, Aruba has also upgrade the software behind the switches, called AirOS. The 2.0 version includes what Melkote calls some new "plumbing features" such as "CrytpoVLAN" which lets you separate users using wired equivalent privacy (WEP) encryption from those using Wi-Fi Protected Access (WPA) -- preventing the latter from being dummied-down to the former. The need to keep up with changes on a network, especially using virtual LANs (VLANs) to segment traffic, such as enterprise and guest users, causes what he calls "a VLAN explosion."

The major upgrade is the addition of a full intrusion detection system (IDS).

The Aruba IDS works with Aruba's own air monitor hardware to do more than just detect rogue APs, but also detect penetration attacks from people using products like NetStumbler. It also identifies Denial of Service attacks and even handles the latest, the ASLEAP attack, a "dictionary attack" targeting passwords on systems using Cisco Systems Inc.'s Lightweight Extensible Authentication Protocol (LEAP). All such attacks will be reacted to in real-time and prevented by the system.

"When a new attack emerges, a customer can program the signature of the attack with upgrading the firmware of the switch," says Melkote. This lets you react in time." Such signatures and tools are also made available for download by Aruba.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.