Access Controllers are Key to WLAN Deployment

By Jim Geier

http://www.wi-fiplanet.com/tutorials/article.php/1380911/Access-Controllers-are-Key-to-WLAN-Deployment.htm (Back to article)

In the absence of adequate 802.11 security, quality of service, and roaming mechanisms, companies such as ReefEdge, Bluesocket, and Nomadix offer access control solutions to strengthen wireless LAN systems. The key component to these solutions is an access controller: hardware that resides on the wired portion of the network between the 802.11 access points and the protected side of the network. Access controllers provide centralized intelligence behind the access points to regulate traffic between the relatively open wireless LAN and important network resources.

Access controllers apply to a wide range of wireless LAN applications. In a public wireless LAN, an access controller regulates access to the Internet by authenticating and authorizing users based on a subscription plan. A corporation can implement an access controller to avoid a hacker sitting in the company's parking lot from getting entry to sensitive data and applications.

Benefits worth considering

The use of an access controller reduces the need for "smart" access points, which are relatively expensive and include many non-802.11 features. Generally, vendors refer to these smarter access points as being "enterprise-grade" components. Proponents of access controllers, however, argue that 802.11 access points should focus on RF excellence and low cost and centralize access control functions in an access controller that can serve all access points. These "thin" 802.11 access points primarily implement the 802.11 standard and not much more.

When using an access controller with "thin" access points, you can realize the following benefits:

Important features

Access controllers generally provide port-based access control. When a user attempts to utilize a network-based application, such as a Web site via a Web browser, the access controller blocks access and redirects the user's browser to a login-in page. The user can then enter their user name and password, and the access controller will authenticate the user via an authentication server. The network application could, as an alternative, use digital certificates for authentication purposes. The authentication server provides authentication and authorization information that the access controller uses as a basis to regulate the user's access to the protected network. The user will have authorization to use specific port addresses, such as "port 80" for Internet browsing.

When shopping for an access controller, assess the following features:

Access controllers aren't always the best solution for wireless LAN applications. If you're implementing a smaller network for a home or small office, then there may not be enough benefit to offset the thousands of dollars for an access controller. With only one or two access points, the more cost effective solution is generally to use a "smart" access point to provide enhancements to the network. Or, you might only need to deploy "thin" access points alone if security is not of major concern and you have a limited number of users.

Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs (SAMs, 2001), and regularly instructs workshops on wireless LANs.

Got a comment or question? Discuss it in the 802.11 Planet Forums