Review: ZyXEL NWA-3166 Convertible 11n AP/Controller - Page 2
June 25, 2010
Stepping Up to Managed Mode
We appreciate features like RADIUS and load balancing in a modestly-priced AP, but a WLAN does not have to grow very large before stand-alone pitfalls become apparent. The nicest thing about the NWA-3166 is that you don't have to buy a dedicated controller to try managed mode, just turn one of your APs into a controller/AP with the click of a button. Yes, conversion really is that easy, but don't click without considering consequences.
First, you must give the device to be converted to a controller/AP a static IP. By default, managed APs in the same subnet auto-discover nearby controllers using CAPWAP. However, managed APs in different subnets must be configured with the controller's IP or get it via DHCP.
Second, only one active controller/AP can exist in each broadcast domain (LAN/VLAN). However, another NWA-3166 in the same domain can be set to serve as a secondary (hot standby) controller/AP by specifying its (static) IP. If the primary goes down or loses LAN connectivity, associations are unaffected and the secondary carries out future controller duties (e.g., authenticating users or caching keys).
Unmanaged APs quickly start appearing on a converted controller's AP List, identified by IP/MAC and model (below). To manage any AP, check the box and click "Add." Although the managed AP's status turns green its radio stays off until edited. When we turned an 11n AP into a controller, this triggered error messages on our 11bg APs. These were easily corrected by defining a new "bg" profile for those APs. An option to auto-add/enable unmanaged APs would be nice.
Figure 3. AP Status
Even though conversion required this bit of assistance, the result was a centrally-managed WLAN which preserved our previously-defined SSIDs and security/QoS settings, without requiring additional hardware purchase or installation. All WLAN tweaks could now be made once, at the primary controller/AP, and WLAN status could now be viewed on a single screen.
However, if you experiment with controller conversion off-hours, beware that reverting to stand-alone AP requires much more than a button click. You must delete each managed AP from the controller's list, reset APs to factory default, reinitialize them in stand-alone mode, and then import config files saved prior to conversion. This is an unpleasant surprise if you haven't planned ahead; a warning in the user guide would be helpful.
Appreciating Controller Benefits and Limitations
Even when the NWA-3166 operates as a controller, it does not participate in data plane tasks carried out by other managed APs. The controller is only responsible for centralized configuration and monitoring tasks, such as pushing configuration edits to managed APs (including any secondary controller/AP), logging AP events, and displaying AP status.
Such centralized management capabilities can reduce maintenance and trouble-shooting effort. But keep in mind that the NWA-3166 is designed for SMBs; it centralizes and carries out common management tasks without offering a lot of detail or granular control. For example:
New firmware installed on the controller is immediately pushed to every managed AP. You cannot control or defer firmware installation each managed AP. And while radio profiles can be edited for each AP, you cannot schedule when those updates (or any updates that impact the entire WLAN) will take effect.
3000-series APs support dynamic channel selection (at 2.4 GHz) and dynamic frequency selection (at 5 GHz), but the controller does not seem to optimize DCS. When we had 3 APs active at 2.4 GHz, two were auto-assigned channel 1, the other 6, even though channel 11 was wide open. And don't expect this controller to auto-adjust transmit power to fill coverage gaps, etc. Think automated configuration, not real-time optimization.
If a managed AP in the same subnet goes down, the controller reliably notices within 10-20 seconds. Unfortunately, the down AP just disappears from the controller's AP Status list. The only visual hint that something is amiss is an Offline AP Count on the controller's main page.
This controller delivers at-a-glance WLAN monitoring, but details are basic. You can very easily see SSIDs, channels, and VLANs currently used by each AP, along with total station count. What you cannot easily see is how well each AP/SSID is performing, how much traffic they are carrying, or which stations are associated with each AP.
Our secondary controller took over quickly (~20 seconds) when our primary went down, with no impact on existing associations. But don't make the mistake of entering configuration updates into a secondary controller, they'll be accepted but over-ridden by the primary's configuration, which automatically resumes its role when it returns.
Figure 4. Controller Failover
Running a secondary controller is highly advisable, with ZyXEL's approach, another NWA-3166 can do this without extra cost. But why bother if the controller doesn't lie in the data path? APs depend on the controller for other functions. Notably, PSK-authenticated associations can be established while the controller is down, but not 802.1X associations. We also found that managed APs that go down while the controller is down also cannot resume operation until a controller is available. Designating a secondary controller easily avoids both problems.
All in all, we found the ZyXEL NWA-3166 easy to use, with a wealth of features not ordinarily found in a stand-alone SOHO AP. Although we did not focus on QoS, VLAN, or L2 isolation in this review, the NWA-3166 offers surprisingly rich and granular knobs to meet these business networking needs. Toss in load balancing, embedded RADIUS, centralized configuration with fail-over, and centralized (albeit basic) monitoring, and the NWA-3166 earns its price-tag.
Where the NWA-3166 disappointed us was trouble-shooting support, displaying incorrect channels, limited visibility into performance or user activity, and forcing us to connect to an AP's serial port if we needed more. (Although stand-alone APs can be accessed remotely via telnet or snmp, managed APs cannot.)
Larger businesses with multi-site WLAN or sites that contain more than a dozen APs might look at the NWA-3166 for small offices but shouldn't expect this simplified, inexpensive solution to scale. But SMBs on a tight budget that are chafing under the limitations and inefficiencies of stand-alone consumer or SOHO APs should consider the NWA-3166.
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A frequent contributor to Wi-Fi Planet, Lisa has tested 802.11 wireless access points, gateways, and controllers for nearly 10 years.