Netgear ME103 ProSafe Wireless Access Point

Model: ME103
Price: $169
Pros: 802.1x authentication, bridging (and soon repeater) functions, several antenna options
Cons: No syslog support, requires RADIUS server

The $169 Netgear ME103 ProSafe Wireless Access Point is the latest product in a trend to bring enterprise-oriented features to lower-priced WLAN devices. The ME103's major claim to fame is support for 802.1x authentication, but beyond that it's a well-rounded access point that would be a good fit for many corporate WLAN or public hotspot environments.

The TI ACX100 chip-based ME103 announces its corporate aspirations by residing within Netgear's trademark blue metal case rather than the more stylish plastic case that adorns some of Netgear's more recent and consumer-oriented products. Another hint: the ME103 is 802.11b-compliant only, and doesn't even support the TI chipset's 22 Mbps PBCC mode.

Standard with the ME103 are a pair of 2 dBi gain antennae on reverse-SMA connectors, but one of the strengths of the ME103 is the variety of antennae options that are available. Should the included dipoles prove insufficient, Netgear also offers a couple of external antennas--a 5dbi omni and an 18dBi directional-- that are compatible with the unit.

If it's additional power that's needed, Netgear has that covered too; in the form of a 500 mW power booster (Model ANT24BNA). The standard ME103 output power is 64mW. Although the booster is listed as a stand-alone product on Netgear's site, due to FCC regulations the power booster can only be sold together with the ME103, can't be offered separately, and is only available in the United States. Netgear offer an ME103 bundle which includes the power booster.

Incidentally, The ME103 can also support Power over Ethernet (PoE) via a separate module (the POE101).

In addition to functioning as a standard access point, the ME103 has two bridging modes--point-to-point and point-to-multipoint. When in either of these bridging modes, though, the ME103 can only communicate with other bridges--not with other WLAN clients.

The ME103 offers corporate users a wireless separation feature which automatically selects a radio frequency that doesnt overlap with other nearby access pointshandy when deploying multiple units in the same area.

As mentioned, 802.1X is available for client authentication with the ME103. In order to take advantage of 802.1X, you need to use an external RADIUS server to authenticate users. There's no provision to define user accounts directly within the access point, a capability that's found in the ZyAir B-1000, for example. Both approaches have pros and cons, but if you don't already have an authentication server, be sure to factor in the extra time and expense of one when considering the ME103.

The ME103 supports a variety of Extensible Authentication Protocols (EAP) for authentication--MD5, TLS, TTLS, and PEAP. All but MD5 support mutual authentication (authenticating the server to the client as well as vice-versa), which is a good way to help combat things like rogue access points. The downside is that all but MD5 also require a public keyinfrastructure (PKI) to issue certificates to servers and/or clients, which is something else to factor in, whether you run your own certificate server or use an outside vendor like Verisign.

MD5 is the easiest authentication method to implement, requiring only a user name and password. It's also the easiest one of the group to break, especially if passwords like dictionary words or proper names are allowed.

By default, the ME103 is configured as a DHCP client, which certainly facilitates initial set-up but this becomes inadvisable when the access point is using 802.1X and must be in communication with a RADIUS server, so you'll want to be sure to use a static IP after configuration.

An activity log monitors WLAN events like card associations and authentications. There's a button to save the log contents to a file, but when I tried it I was presented with an empty Notepad window and an error message saying the file could not be found. A feature that would be appreciated in this class of product but is unfortunately absent is syslog support.

If you don't immediately use 802.1X and fall back to MAC filtering for client authentication, a feature that will ease initial configuration is the ME103's ability to import a list of MAC addresses from a text file. If you were unlucky enough to have to enter a pile of MAC addresses manually, you can also export the list to a file to save you the trouble of having to go through that again.

The WLAN throughput of the ME103 was good, and certainly commensurate with any other 802.11b-based product I've tested. Using it with a Netgear WG511 b/g CardBus NIC yielded throughput of 5.11 Mbps starting at 10 feet. It remained steady in the mid-to-high 4 Mbps range some distance from the access point until dropping to 3.0 Mbps at 125 feet, the farthest I can get from the access point without leaving the building.

Enabling Wired Equivalent Privacy (WEP) encryption alone or in conjunction with 802.1X authentication did not inflict any meaningful performance penalty on throughput, and I successfully connected to the ME103 using a variety of b and b/g cards from Cisco, D-Link, and Buffalo.

As one might want or need, especially in a security-conscious corporate environment, the ME103 offers six configurable levels of power output (64, 50, 30, 20, 5, and 1mW). You can't kill the transmitter entirely, though the 1mW level will give the unit the range of a pea-shooter in most places.

Overall, the Netgear's few feature omissions are largely eclipsed by the products many pluses. The availability of 802.1X authentication, bridging modes, and a number of antenna options make the ME103 well suited for a variety of environments where a SOHO product might not cut it. The forthcoming addition of a repeater mode and WPA encryption will make the ME103 stronger still.