? WHY NOT CISCO Ethernet is holding its ground, for now, by virtue of being fast, cheap and relatively secure. But wireless will eventually become the default method of connecting to enterprise networks, and Ethernet will assume a secondary role as a distribution, rather than an access, technology. SOONER OR LATER, A PERVASIVE, MANAGEABLE, SECURE WIRELESS LAN WILL BE TABLE STAKES FOR ENTERPRISES. WHO YA GONNA CALL TO MAKE IT HAPPEN? BY DAVE MOLTA MAY 11, 2006 I WWW.NWC.COM
Transcript
?WHY NOT CISCO
Ethernet is holding its ground, for now, by virtueof being fast, cheap and relatively secure. Butwireless will eventually become the defaultmethod of connecting to enterprise networks,and Ethernet will assume a secondary role as adistribution, rather than an access, technology.
SOONER OR LATER, A PERVASIVE,MANAGEABLE, SECURE WIRELESSLAN WILL BE TABLE STAKES FORENTERPRISES. WHO YA GONNA CALLTO MAKE IT HAPPEN? BY DAVE MOLTA
MAY 11, 2006 I WWW.NWC.COM
IMPACT ASSESSMENT: ENTERPRISE WIRELESS LANS
You can spend a lot of time developing ROI models to justify an enterpriseWLAN, but why bother? This is just something you have to do, unless yourshop is hyper-security-sensitive or plans to defy the trends toward increas-ingly mobile work patterns and notebook computer use. Wi-Fi is built intonotebooks, employees have wireless at home, and they want it at work, too.And so do your visitors. Spend your time figuring out how to do it right, withrock-solid security, efficient manageability and capacity for growth.
BOTTOM LINE
IT ORGANIZATION
BUSINESSORGANIZATION
BUSINESSCOMPETITIVENESS
The holy grail of Wi-Fi as the default networkconnection has the potential to cut cablingcosts, and IT staff access to Wi-Fi services canpositively impact operational effectiveness.Security features required for wireless can beleveraged to enhance wired network security.
Wireless networks introduce significant secu-rity risks, their implementation often requiresreallocation of IT resources, and rapid evolu-tion of standards means short technology-refresh windows. Still, a failure to implementsecure Wi-Fi services leaves the door open torogues.
Benefits of Wi-Fi vary significantly, based prima-rily on the degree to which internal operationalefficiency can be enhanced through mobile infor-mation access. Vertical industries can oftendemonstrate clear ROI; value in carpeted enter-prise is generally softer.
Employees will balk at a decision not to deployWi-Fi services. Attempts to bypass IT policiesby implementing personal or departmental Wi-Fi systems introduce significant informationsecurity risks.
In business sectors such as retail, health careand education, wireless is essential to competi-tiveness. In other businesses, it's all aboutenhancing personal productivity and shrinkingdecision windows.
Mobile information access can transform busi-ness processes in some industries, so ignoringit may not be an option. However, leveragingWi-Fi for competitive advantage is not easybecause the highest return often comes from apervasive deployment.
When that happens, will Aruba, Symbol, 3Com or anyother WLAN player be able to keep Cisco from extend-ing its wireline dominance to wireless?
That depends on whether enterprise IT pros seegoing with a smaller vendor as a gamble or a smart bet.We have time to contemplate this scenario, of course—the wireless play won’t happen overnight. In fact, inour reader poll for this article, only about 8 percent ofrespondents saw Wi-Fi displacing Ethernet as the mostcommon form of network access during the next threeyears. But a wise strategist plans five or 10 years ahead,and by then a new generation of Wi-Fi gear will bebroadly available, offering 10, even 100 times the per-formance of today’s technologies.
Lots of No-ShowsAlthough we track developments continually, NETWORK
COMPUTING takes an in-depth look at the enterpriseWLAN space about once a year. Our evaluation in Feb-ruary 2005 proved interesting because we tested Ciscoand Airespace gear side by side and concluded thatAirespace had the better offering. Unbeknownst to us,Cisco was performing the same evaluation and agreed
with our assessment. By the time our review went topress, Cisco had announced its acquisition of Aire-space. Since then, the company has been busy doingwhat it does best: assimilating superior technology.
When we first embarked on our latest in-depthanalysis, we worked with enterprise wireless networkmanagers, vendors, analysts and test-tool makersAzimuth and VeriWave to develop a test plan that cov-ered the full range of issues IT confronts, includingproduct architecture, security, deployment, manage-ment, performance and cost. We asked for a significantcommitment from vendors in both equipment andsupport staff. Of the 17 invited to participate, onlytwo—Cisco and Bluesocket—took us up on our offer.Although excuses ran the gamut from a lack of inter-nal resources to concerns that our test plan was toocomplex, not to mention a little too risky in light ofthe test platforms’ relative immaturity, we concludedthat most enterprise WLAN vendors don’t want to par-ticipate in in-depth product reviews unless they canwrite the test plan.
Cisco’s decision to buck that trend is notablebecause it has the most to lose from a critical review.
BENEFIT RISK
Performance andscalability
Planning anddeployment
Monitoring andmanagement
Security andavailability
AP capabilities
Pricing
Industry penetration
Strengths
Weaknesses
Controllers range from 8 to 100 APs, providing flexible deployment sizes
Partnered with Motorola/Wireless Valley for its planning tool; management system provides RF coverage heat maps
Controller and management system provide two levels of monitoring, with roles determining levels of access; reports can be exported in a variety of formats and run automatically
Controllers support standard 802.11i security mechanisms, the ability to terminate VPN connections, a variety of authentication methods and wireless access policies; partnered with Check Point Software Technologies for integrated, clientless endpoint scanning; controllers offer stateful failover and load-sharing
APs feature dual radios and internal or external antennas; management system can configure and support autonomous APs from vendors such as 3Com, Cisco and Proxim
APs, $450; controllers start at $1,695 for 8 APs and $12,995 for 50 APs; management system, $9,995
Achieved significant early market penetration, particularly in education, government and health care, by providing flexible security gateways with mobility-enhanced capabilities; has added integrated APs and associated AP management capabilities to that platform
Has several years' experience providing secure mobile identity-based WLAN services on large networks, providing it with a large customer base and an understanding of enterprise wireless issues; with its roots as a security-oriented company, Bluesocket has already solved the most difficult problems, but now needs to establish market identity as a total enterprise Wi-Fi system provider
Transforming itself from a security gateway company to a full integrated WLAN system provider will be challenging, as will hanging on to its existing customers (especially Cisco shops) that now have a broader range of options for deploying a secure enterprise WLAN
For our analysis of RFI responses from Aruba Networks, Bluesocket, Colubris Networks, Extreme Networks, Extricom, Meru Networks, Proxim Wireless, Siemens AG, Symbol Technologies, 3Com and Xirrus, go to networkcomputing.com/go/1709rd1.jhtml. Full RFIs are available at networkcomputing.com/go/1709rd2.jhtml. For a list of questions we asked WLAN vendors, go tonetworkcomputing.com/go/1709rd3/jhtml.
RFI Synopsis: Bluesocket
After all, it dominates the WLAN market with morethan 50 percent share, according to both SynergyResearch and Gartner. That got us thinking that maybethe real theme of this article should be, Can anyonebeat Cisco? It’s a fair question, and one that’s on manyIT pros’ minds. Yes, there are enough ABC (“anybodybut Cisco”) shops out there to keep at least a few com-petitors in business, but Cisco’s decision to send us acrate full of gear to test shows the company is willingto go head-to-head with any rival, not on the basis ofits name, but on its product’s merit. Cisco engineersspent several days in our Syracuse University Real-World Labs®, helping us gain a better understanding ofits broad and increasingly complex array of WLANofferings. After they left, we spent about four weekspressing as many buttons as we could and running abattery of tests. We also appreciate Bluesocket agreeingto participate; we’re in the process of testing its gear.
We circled back with vendors that declined to partic-ipate and asked them—as well as Bluesocket—to com-plete an RFI that posed a dozen questions of interest toIT pros and spend a day with us demonstrating theirofferings. Aruba Networks, Bluesocket, Colubris Net-works, Extreme Networks, Extricom, Meru Networks,Proxim Wireless, Siemens AG, Symbol Technologies,3Com and Xirrus returned RFIs describing their overallarchitectural approaches to enterprise WLANs and dis-cussing such ideas as whether enterprises should focuson a single vendor for their wired and wireless net-works; use of WPA2, authentication, authorization,monitoring, mobility and endpoint security; guest
access; performance and scalability; and cost. Bluesock-et, Extricom, Extreme, Meru and Xirrus paid visits tothe lab. Our summarized analysis of Bluesocket’sresponse is below. Amazingly, some notable players,including Enterasys Networks, Foundry Networks, Nor-tel Networks and Trapeze Networks, didn’t take thetime to respond.
‘Marketectural’ TrendsIt’s never easy to mark generational shifts in technol-ogy, but it’s important to understand WLAN evolutionbecause each successive generation addresses funda-mental architectural limitations of the products thatcame before.
We think in terms of three distinct eras. EarlyWLANs, both proprietary and 802.11, were sold prima-rily into vertical markets like retail, supply chain,health care, manufacturing and education. TheseWLANs were expensive and, by today’s standards, fea-ture-limited. Because the applications didn’t requiresubstantial bandwidth, the design goal was to maxi-mize the coverage area of each access point. The num-ber of APs and clients was limited, so management wassimple. Some of these legacy systems have beenupgraded, and many more will require overhauls incoming years as vendors gradually announce many
Full Force: Large enterprises are more likelyto have implemented WLANs than smaller
companies: 31 percent of enterprises with more than20,000 employees have fully deployed WLANs, comparedwith 22 percent that have 1,000 to 4,999 employees,according to Forrester.
FYI
components’ end of life.Second-generation enterprise WLANs supported
newer access protocols (802.11a, b and g) on more pow-erful APs and provided significant func-tional improvements over first-generationofferings, at a lower cost. But inherentarchitectural deficiencies prompted theemergence of third-party tools for sitedesign (Ekahau and Wireless Valley, nowowned by Motorola) and management(AirWave and Wavelink), as well as securitygateways (Bluesocket and AirFortress) andwireless IDSs (AirDefense and AirMagnet).
Third-generation enterprise WLANs arebest represented by the Big 3 start-ups—Airespace, Aruba and Trapeze—all ofwhich made market splashes in 2003.Their architectures applied client-serverdistributed processing principles to wire-less LANs, combining so-called “thin” APsand centralized controllers glued togetherwith proprietary protocols that effectivelylocked customers into using APs and controllers from asingle vendor. Initial product offerings were creative butcomplex, often requiring that APs attach directly tocontrollers (then called wireless switches) installed atthe network edge. By 2004, version 2.x offeringsaddressed many of the performance, reliabilty, security,
integration and management deficiencies plaguing ini-tial products. Cisco took significant steps to add con-troller capabilities to its highly successful Aironet wire-
less offerings, while established wirelesscompetitors, like Bluesocket and Colu-bris, enhanced their systems to competewith the Big 3.
Meanwhile, network gear vendors—namely, Alcatel, Enterasys, Extreme,Foundry, Nortel and 3Com—developedOEM relationships to provide their cus-tomer bases with wireless solutions.These were largely me-too offerings thatleveraged the channels of establishednetwork vendors, but such an approachis much less risky than internal develop-ment. And for providers like Trapeze,the OEM channel was a lifesaver, a wayto remain profitable in an increasinglycompetitive market dominated byCisco. The OEM approach is not a badstrategy per se, but it poses significant
risks for enterprise IT, especially in emerging technolo-gy markets. Organizations that purchased Nortel WLANgear when the company had an OEM relationship withAirespace, for example, were forced to migrate whenCisco bought Airespace and Nortel switched to Trapezeas a system provider.
CCisco is walking a fine line with itsCisco Compatible Extensions (CCX) pro-gram. The dearth of critical standards-based functionality in areas like mobili-ty and RF management has forced thecompany to venture into the world ofproprietary protocols to meet customerneeds. CCX encourages WLAN-clientvendors and silicon providers to imple-ment Cisco-specific enhancements andcertify those products for compatibility.Although Cisco has encountered chal-lenges along the way, especially in get-ting vendors to update drivers and utili-ties for older hardware, most newenterprise-class client hardwareincludes full support for CCX.
It’s ironic that the managementteam from Airespace used to com-plain to us that, though Cisco wasopen in providing CCX implementa-tion details to client vendors, Cisco
hardware was required if you wantedto leverage those features. WhenCisco relabeled and added the oldAirespace controllers and APs to itsUnified Network, there was no sup-port for CCX. Version 4.0 of Cisco’sWLAN controller software nowincludes support for a range of CCXfunctions, including roaming, radioresource management, Cisco discov-ery protocol and enhanced security.
Eventually, we expect to see stan-dards-based solutions to all the fea-ture voids CCX is designed to address.Cisco’s public statements vehementlyassert that the company will maintainand promote proprietary capabilitiesonly as long as necessary and that itwill be aggressive not only in con-tributing its intellectual property tostandards bodies but also in support-ing standards as they emerge. Sea-
soned IT pros can be forgiven someskepticism—Cisco’s track record in thisregard is checkered. Yes, the companyalmost always adds support for stan-dards, but the implementation ofthose standards sometimes providescustomers with subtle encouragementto stick with proprietary features.
We hope this isn’t the path Ciscotakes with CCX, and in the end, it’s upto network managers to drive Cisco’sdirection. If you express satisfactionwith proprietary capabilities, therewill be little motivation to standard-ize. Sometimes, solving problems inyour own organization takes prece-dence over doing what’s best for theindustry as a whole. But at the least,you should let Cisco know that youbelieve in open industry standardsand will make future purchasing deci-sions with that ideal in mind.
CISCO CCX: ADDED VALUEOR STANDARDS END RUN?
Imagine how your network will look three years from now. Which of the following best representsthe relationship between Wi-Fi and Ethernet LANs?
Wi-Fi will be broadly available throughout our facilities but Ethernet will be the most common form of network accessWi-Fi will displace Ethernet as the most common form of network access
Wi-Fi will supplement Ethernet LAN services by providing convenient network access in public spaces, like conference rooms and cafeterias
8%
44%
48%
Although notable differences in features and func-tionality exist among established WLAN controllervendors, all their offerings are more feature-rich andpolished than they were a year ago. But the most inter-esting development since our last look at enterpriseWLAN systems has been the emergence of new archi-tectures from Extricom, Meru and Xirrus. The last isaddressing deployment and scalability challenges byintegrating as many as 16 radios and a controller into asingle AP and using sectorized antennas to support nar-row pie-slice-shaped cells, an approach resembling thattaken by cellular providers. Extricom and Meru haveadopted a more revolutionary tactic, eschewing con-ventional channel-planning design in favor of a single-channel architecture with the goal of addressing inter-ference and roaming problems.
For organizations contemplating the rollout ofsimultaneous VoIP and data services over a singleWLAN infrastructure in the 2.4-GHz band—and forthose that just don’t want to deal with the hassle ofmultichannel RF design—the approach taken by Extri-com and Meru may offer significant benefits over moreconventional architectures. Although equipment fromboth vendors operates with standard 802.11 clients,their controllers play a more significant role in regulat-ing access to the airwaves, which allows for a more
deterministic form of network access. And because theWLAN appears to clients as a single AP operating onone channel, rather than multiple APs operating ondifferent channels, as is the case with older designs,roaming is extremely fast.
Although the single-channel architecture offers ben-efits, the problems associated with more conventionalmultichannel systems may be mitigated by several keydevelopments. First, increasing numbers of enterprisesare smartly supporting dual-band (2.4-GHz and 5-GHz)infrastructures, meaning contention issues are some-what mitigated as clients are spread across a largernumber of channels. Second, the emergence of ultra-high-speed 802.11n will make performance and capac-ity problems less of a long-term concern. And finally, ifstandards-based solutions to client-radio-managementproblems and secure, fast roaming make their wayfrom the IEEE into products, the benefits of Extricom’sand Meru’s scheduled-access designs don’t look quiteso compelling.
There’s a strong chance all this will happen duringthe next two years. Still, Extricom and Meru are mak-ing important technical contributions that could sig-nificantly enhance enterprise WLAN performance, andwe wouldn’t be surprised to see other vendors adoptsome of these capabilities.
CCisco Systems sent key elements of itsUWN to our Syracuse University Real-World Labs®. These appliances, con-trollers and APs blur the lines betweenCisco’s market-leading wired networkgear and the enterprise WLAN. (See“Picking the Pieces,” page 7, for a run-down of components.)
The UWN is based on the productsand technologies Cisco picked upwhen it acquired Airespace. Ciscosays standalone IOS-based APs willstill be supported, but companieslooking for superior managementtools and advanced functionality, suchas fast roaming, mesh services andlocation capabilities, should considerphasing in UWN devices.
Those planning new Cisco con-troller-based networks, or expandingexisting ones, will need the WCS
(Wireless Control System). For testing,we entered a floor plan of our lab withan aerial map view, specified the typeof APs and antennas we wanted,whether to optimize for coverage orcapacity, and our throughput expecta-tions. While WCS provided an educat-ed guess at how many APs we shoulddeploy, its features are not as compre-hensive as those found in some third-party planning tools.
We also evaluated WCS’ monitoringand reporting capabilities. We quicklysaw an aggregate view of networkhealth from a dashboard that pro-vides data on controllers, APs, rogueAPs and client activity, and we coulddrill down to specific devices andevents. We generated canned reportson items including client counts,transmit power and channel and AP
activity, based on historical data fromthe previous seven days. While thereports are elementary, they providetrend information. Overall, the built-insecurity-monitoring and reportingcapabilities will meet the basic needs ofenterprises without specific complianceor regulatory requirements; others maywant to consider a wireless IDS/IPSsystem.
We also investigated the UWN’slocation-tracking, guest-access capa-bilities and the ability of the architec-ture to serve enterprises with branch-office locations. We were impressedwith location tracking, and Cisco’supcoming 4.0 software and hardwarerelease should ease the creation ofguest credentials. A wide range of APand controller choices provides flexi-bility in configuring remote locations.
A number of components fall under the heading of Cisco’s Unified Wireless Network, but you don't have to buy one of each to put it all together.That said, it’s always helpful to understand what each piece does and its pricing.
Description
This wireless controller is designed to sit in the distribution-layer data closets throughoutyour infrastructure. The 4400 Series has several models, with capacities of 12, 25, 50 and 100 APs.
This controller is designed for branch-office use and currently supports six APs. The productis also available as a module for the Cisco Integrated Services Router, dubbed the WirelessLAN Controller Module, or WLCM.
The WiSM blade, designed for the Catalyst 6500 Series switch, supports as many as 300APs per module. This product is good for shops that want to centralize controllers within thenetwork core or at large distribution blocks.
This new product, included with Cisco’s 4.0 release, delivers the form factor the industry hasbeen expecting—an Ethernet switch and wireless controller rolled into a 2U device. The productcontains all the functionality of a Catalyst 3750 switch and supports as many as 50 APs.
The WCS is the software platform that ties together the Unified Wireless Network, providinga single point for WLAN planning, multiple controller management and aggregate networkmonitoring. Currently, WCS is limited to 1500 APs and 50 controllers, but the next release isslated to scale to 2,500 APs and 250 controllers. If your network exceeds these proportions,you can set up another WCS, but you’ll have to manage each independently.
The WCS uses the capabilities of this appliance to track the locations of as many as 10,000devices on the wireless network in near-real-time.
Available in a/b/g and b/g-only versions, the 1000 Series AP contains several modelsdesigned to meet a variety of needs, from basic carpeted-office access to the Aironet 1030,which can serve as a remote edge AP (REAP) for wireless backhaul, and as a point-to-pointand point-to-multipoint bridge.
This AP series has been around for a while as a carpeted office-focused autonomous AP thatsupports b/g through internal antennas. The company hasn't made many changes, except toadd a lightweight version.
The 1130, supporting a/b/g, is also designed for the carpeted office, with an internalomnidirectional antenna and no external connectors; it’s capable of serving as a hybridremote edge AP (HREAP).
The 1200, like the 1100, is not new, but has been made LWAPP-capable. This ruggedized APsupports b/g out of the box and has a modular slot for 802.11a support.
The 1240 is a ruggedized version of the 1130, with no internal antenna, just connectors forexternal 2.4-GHz and 5-GHz antennas. It also can serve as a repeater, a bridge and inHREAP mode.
The b/g-only 1300 provides for outdoor AP and bridge capabilities, for enterprises that wantto put their toes in the water for open-air services.
Enterprises ready to jump into wireless may prefer the new 1500 mesh APs.
List price
Starts at $9,995
$3,250
$45,995
$TKTK
Starts at $3,995
$14,995
Starts at $599
$599
$699
Starts at $750
$899
$1,299
$3,999
Picking the Pieces
Growth IndustryTracking enterprise WLAN market trends requires afair amount of subjective interpretation. Fourth-quar-ter 2005 enterprise WLAN shipments worldwide wereup 29 percent over the same period in 2004, accordingto Dell’Oro Group. For the year, sales were up 20 per-cent, making enterprise WLANs a billion-dollar mar-ket. Still, the enterprise market is about half the size ofthe more consumer-oriented small office/home officespace, and other research firms put enterprise WLANnumbers slightly lower. Synergy Research pegs Q42005 enterprise WLAN growth at 5 percent year overyear. Likewise, it reports overall 2005 enterprise WLANsales of about $1.3 billion, up 5 percent from 2004.
To some degree, reductions in the per-unit cost ofAPs mask the true expansion. However, the positivecost impact of commodity-priced APs is offset by asteady enterprise migration from second-generation
smart-AP system architectures to newer designs thatleverage WLAN switches or controllers. These systemshave considerably higher profit margins for vendors—and they significantly increase capital expenditures forenterprises. Synergy estimates almost 30 percent ofenterprise WLAN purchases in Q4 were for controller-based architectures, and sales of controller-based sys-tems grew 76 percent in the same quarter, year overyear. Clearly, there’s a trend toward newer architec-tures, especially for green-field installations, and eventhose who prefer more conventional smart APs recog-nize they’ll eventually need to change their designs toleverage emerging features and services, like betterroaming, enhanced security, location and mesh back-
Slainte-d Adoption: Almost 30 percent ofenterprises in the United Kingdom and Ireland
have deployed WLANs, surpassing North America, with 24percent adoption, according to Forrester.
FYI
IEEE Task Group802.11e
802.11k
802.11n
802.11r
802.11v
802.11w
Task grouptitle
Quality ofservice
enhancements
Radio resourcemanagement
(RRM)
Higher datarates and
throughput
Fast roaming
Wirelessnetwork
management
Managementframe
protection
Status/expectedratification
Ratified
Projectedratification:
October 2006
Projectedratification:September
2007
Projectedratification:
March, 2007; but the 11r
proposal has just been
recirculated, so late 2007seems more
likely.
Projectedratification:September2008; IEEE
publish: October 2008
Projectedratification:
March 2008;IEEE publish:April 2008
SummaryDefines MAC procedures to support LANapplications with QoS requirements, includingthe transport of voice, streaming audio andvideo over IEEE 802.11 WLANs.
Working to define radio resource measurementenhancements to improve the capability,reliability and maintainability of WLANs. Keygoals include enabling better diagnostics,improving dynamic frequency planning,optimizing network performance and enablingnew services like voice/video over IP andlocation-based services.
New MAC and PHY technologies to expandthe throughput of 802.11 WLANs to 100-Mbps+ throughput speeds
The 802.11i task group, which developed anew security architecture for WLANs basedon 802.1X, EAP and AES, was not able toagree on a standard for secure fast roamingin a timely manner. This job was given to the802.11r task group. The standard is designedto let clients move from one AP to anotherand quickly re-establish both security andQoS state without introducing securityvulnerabilities.
Provides enhancements to the 802.11 MAC,extending other amendments to add clientdiagnostics and client-reporting capabilities.
11w is an attempt to close a gap in the 802.11standard, which defines protection for dataframes, but not management frames.Unprotected management frames leavesystems vulnerable to denial of service, deviceimpersonation and information falsification.
CommentsNo 802.11e-compliant client devices areavailable. Many client vendors, including VoIPphone vendors, are supporting the Wi-FiAlliance’s WMM (wireless multimedia) spec,which includes a subset of 802.11e features.
802.11k is a key element of many vendors’WLAN plans because it will allow client radioparameters to be centrally managed, a processexpected to enhance performance in small-celldense deployments. Cisco is a big backer of802.11k and includes some of this functionalityin CCX.
The 802.11n standard, based on MIMOtechnology pioneered by Airgo Networks, is one of the most highly anticipated developmentsin wireless networking in recent years. After anintense battle between two consortia (TGnSyncand WWISE), the new Enhanced WirelessConsortium (EWC) emerged earlier this year,with backing by Cisco and most leadingwireless silicon vendors. However, while pre-Nand EWC-compliant products are emerging,there’s no guarantee these products will beupgradable to support the final standard.
Several vendors have prestandard fast-roamingsolutions. Cisco has two: Cisco Centralized KeyManagement (CCKM) and Pro-active KeyCaching (PKC), which was an Airespaceproposal.
While 802.11k is important because itstandardizes the information collected acrossa wireless network, 802.11v will be required to use this information in a meaningful way.Cisco and others are pushing to make thishappen because 11v is crucial for efficientoperation of densely deployed wirelessnetworks. Further, 11v may let customersmove away from proprietary client software(Cisco CCX enhancements and third-partywireless supplicants).
Cisco has been pushing 11w, actively workingthrough 802.11 but also moving ahead with itsown management frame protection—aptlynamed MFP—which is a prestandard version of 11w, in conjunction with CCX.
SOURCE: NETWORK COMPUTING reporting. IEEE data at www.ieee802.org/11/. Updated projected ratification dates at grouper.ieee.org/groups/802/11/802.11_Timelines.htm.
Emerging Standards
haul. The hope, from a budget perspective, is thatenhanced operational efficiency of these new designswill offset higher acquisition and vendor maintenancecosts. Whether this will pan out is a complex issue. Inlarge installations, some centralized management capa-bilities are critical, but there are many variables thatmust be considered before spending extra money onhardware and software in hopes of reducing staff costs.These factors include the quality of management capa-bilities, the number and variety of users and the typeof applications they’re running, the available skill sets
of technical staff, discounts provided by vendors, andinternal budget policies that compare current andfuture costs.
As noted earlier, Cisco dominates in market share,controlling more than half of enterprise sales. Just howmuch more is a good question. If you zero in on theso-called “carpeted enterprise” market and excludeSymbol, and if you focus exclusively on WLAN infra-structure rather than supporting products like wirelessVoIP, that number sneaks closer to 65 percent. By anymeasure, Cisco is doing well. Although Synergy has the
overall enterprise WLAN market growing by 5 percent inQ4 2005, it gauges Cisco’s growth at 18 percent. Impres-sive, especially when you consider that the companywas busy absorbing Airespace during 2005, an activitythat undoubtedly convinced some Cisco customers totake a wait-and-see attitude regarding new acquisitions.
What’s NextOne of the most significant decisions for IT managersrelates to the integration of conventional Ethernet andWi-Fi LAN services. One school of thought is that Eth-ernet and Wi-Fi are complementary LAN access alter-natives that demand tight service, security and policyintegration. For example, many organizations withlarge 802.11 deployments are implementing 802.1Xauthentication and privacy services. Although 802.1Xhas long been available for Ethernet networks, feworganizations have taken advantage because the costoften exceeded the benefits. However, once an 802.1Xinfrastructure is developed to support 802.11, theincremental effort associated with adding wired Ether-net to the mix is relatively modest. Vendors thatembrace this view seek to leverage existing Ethernetinfrastructures by adding wireless functionality. Themost notable examples include Cisco’s plan to add Wi-Fi controllers to its Catalyst 6500 and 3750 products.
A counterpoint position asserts that these technolo-gies are sufficiently unique in design and capabilities tobe treated separately. Does it make sense to upgrade anestablished Ethernet infrastructure solely to supportenhanced wireless functionality? After all, it’s commonfor Cisco shops to run older, more stable IOS code intheir switches and routers. Vendors that champion theoverlay strategy assert that the Wi-Fi infrastructureshould be logically distinct, though dependent on, arobust Ethernet environment. They further warn that,though a vendor may offer the appearance ofwired/wireless integration by physically embeddingwireless controller capabilities into a switch, such anapproach may offer only a minor level of true integra-tion. And the risks associated with early adoption arereal, despite vendor efforts to test all permutations.
From a practical perspective, Cisco has embarked ona concerted effort to integrate wired Ethernet and wire-less 802.11 services, but its most ambitious goals are stillfound in PowerPoint slide decks rather than in realproducts. Still, we predict Cisco will continue its push inthat direction, providing rational incentives for its Ether-net customers to remain loyal when it comes to wireless.
For other purveyors of wired and wireless gear,including Enterasys, Extreme, Foundry, Hewlett-Packard and 3Com, all of which partner with third par-ties for WLAN services, the level of integration is thinat this point. The reason for this goes beyond the chal-
lenges associated with integrating wired and wireless toreflect the complexity that’s still associated with deliv-ering enterprise-class wireless.
For technology professionals looking at wireless as atactical service, either approach will likely meet yourneeds. For more strategic, pervasive deployments, thelevel of integration required will vary depending onyour security policies and the nature of your wirelessapplications. Delivering enterprise hotspot service is get-ting a lot easier; implementing pervasive wireless VoIP,location services and granular multilayer security is not.
Last but not least, don’t discount the very real possi-bility of finger-pointing between wired and wireless ven-dors when things go wrong. Purchasing best-of-breedtechnology for every network application sounds greatin principle, but minimizing the number of vendors youdeal with to maintain adequate service levels almostalways simplifies operations. That puts Cisco in a clearposition of market leadership. Yes, its gear may cost a lit-tle more, and you may need to navigate through thecomplexities of a mega-company for support. But whenit comes to wireless, it’s a safe bet you won’t be giving upmuch for this added level of comfort. NWC
HAVE WI-FI, WILL WORKWHILE TRAVELING?Does your company provide accounts for mobile employeesto access wireless hotspots? Here’s what Gartner foundwhen it surveyed more than 2,000 business travelers in theUnited States and Britain:
25%U.S. respondents who use hotspots while traveling on
business, compared with 17 percent of U.K. respondents
4 of 5Laptop PCs that will have native Wi-Fi capabilities
by the end of 2008
16%Respondents who say they’re worried about security
1 in 10Respondents who think Wi-Fi hotspot access
is too expensive
$29.99Per-month cost of unlimited access to T-Mobile’s HotSpot
locations in U.S., with a 12-month commitment
37%U.S. Wi-Fi users who connect to hotspots more than 10 times a
DAVE MOLTA is a NETWORK COMPUTING seniortechnology editor. He is also assistant dean fortechnology at the School of Information Studiesand director of the Center for Emerging NetworkTechnologies at Syracuse University. Write to himat [email protected].
Wireless, Wireline
Come CloserWe put elements of Cisco’s Unified Wireless Networkinitiative to the test and were impressed, not only withhow well it’s assimilated Airespace’s technology but with integration across the entire enterprise network
BY DAN RENFROE
[ Product Analysis ]
To say that Cisco Systems’ WLAN infrastruc-ture offering is comprehensive is like sayingthe Grand Canyon is big—the scope just
doesn’t come across. Cisco’s Unified Wireless Networkblurs the line between the company’s traditionalwired network hardware andthe appliances, controllersand APs that make up theUWN. Although you don’t needone of each UWN product, ourtesting of the crates of gear Ciscosent to our Syracuse University Real
World Lab® shows the company has worked hard tointegrate all of the elements to extend the capabilitiesof your WLAN.
Once we got all the gear sorted out, we exploredCisco’s UWN package with an eye toward how ITgroups would use it to plan, deploy, manage, secureand monitor enterprise WLAN services. Note that weprimarily tested hardware running version 3.2 operat-ing code, but Cisco briefed us on some of the newfeatures and hardware that will be available with its4.0 release, due out in early May.
The UWN is largely based on the product line andtechnologies the company got in its Airespace acqui-sition, leaving owners of stand-alone Cisco IOS-basedAPs—what Cisco calls “autonomous APs”—asking,“What about me?” In discussions with Cisco, itbecame clear to us that the company doesn’t seethese autonomous APs as going away, nor does it seethem as being in conflict with the controller-basedsystem. Still, the reality is that autonomous APs pro-vide fairly baseline WLAN services; customers desiringadvanced functionality, like fast roaming, mesh serv-ices and location capabilities, will need to upgrade.
More important for enterprise IT, the managementtools for the UWN are superior to Cisco’s tool forautonomous AP management, the Wireless LAN Solu-tion Engine, or WLSE. Existing customers need notfear, though; Cisco has developed a number of updatesto enable autonomous AP customers to upgrade whilestill protecting their hardware investments.
Planning Your ImplementationIf you’re planning a new Cisco controller-based net-work or expanding an existing one, you’ll start withthe WCS (Wireless Control System), a soft appliancethat runs under Windows or Linux and providesWLAN planning, deployment, management andreporting capabilities.
In a controller-based environment, you might haveAPs in the same building, even on the same floor, thatcommunicate with different controllers for load-bal-ancing or redundancy reasons. Thus, viewing APsbased on controller won’t always provide an accurategeographical view of a wireless network. That’s wherebuilding maps and floor plans come in—representinga WLAN based on physical deployment areas providesadministrators with comprehensive pictures of theirnetworks. Maps are a critical part of any planningtool, and WCS is no exception. WCS differs, though,in its ability to use these maps for planning versusmanagement and location tracking. We’ll focus onplanning capabilities for now, reserving managementand location tracking for later sections.
The planning capabilities of WCS are designed togive users a ballpark idea of how many APs to deploy
and where they should be located. Utilizing the mapfeatures of WCS, we re-created a section of our cam-pus complete with an aerial map view (handy if wewere doing outdoor coverage) and floor plans of thebuilding where our labs are located. In planningmode, we specified the types of APs and antennas wewanted, whether to optimize for coverage or capacity,and our throughput expectations. The system thenrecommended AP placement, and we were able toadjust its suggestions based on our knowledge of thebuilding and re-calculate coverage areas. The tool alsocontains a map editor that allowed us to draw inwalls and architectural features that might impede RFpropagation, such as elevator shafts or concrete walls.
Those who have already deployed WCS and placedAPs on maps can pull existing AP data for a floor intoplanning mode and adjust AP location and antennatype, as well as add or remove APs, to visualize whatthose changes will do to WLAN coverage. One of ourbiggest frustrations with the planning capabilities ofWCS, though, is the disconnect between planningmaps and deployment maps. If we chose to deployour APs in the same locations we had placed them inplanning mode, we couldn’t just import that place-ment data from planning mode; we had to manuallyplace the APs on deployment maps all over again.
We feel that WCS’ planning capabilities provide aneducated guess at how many APs a company shoulddeploy, but the features are not as comprehensive asthose found in some third-party tools—enterpriseswith complex RF environments or expansive reportingcapabilities will want to invest in a separate planningutility, like the predictive modelers by Ekahau,Motorola/Wireless Valley and others. Some WLANvendors, including Bluesocket, Colubris Networks andXirrus, see the value in these tools and have partneredwith third-party vendors to provide these capabilities.
Putting It All in PlaceCisco’s UWN takes a layered approach to deploymentand management. APs, once deployed, discover andcommunicate directly with controllers. Controllers,in addition to managing and coordinating APs, cancommunicate with one another. Although we couldmanage individual controllers directly, it may becumbersome to keep everything up-to-date if you’vegot more than two or three. In addition, the monitor-ing capabilities of individual controllers are fairlybasic. That’s where WCS steps in, providing a way tomanage multiple controllers and deploy your wirelessnetwork.
We were impressed with the relatively straightfor-
ward deployment options. After some initial CLIconfiguration, we were able to easily manage ourcontrollers through their internal Web interfaces orusing WCS. While we could manually copy configu-rations from one controller to another, a better routeis to use the template capabilities built into WCS.WCS has a number of templates for groups of set-tings, like SSIDs; radio parameters; and managementconfigurations. Once created, those templates can bepushed out to all controllers or any subset thereof.
The same thing goes for APs: We created templates forcontroller order, AP mode, location and more, andpushed them out to subsets of the AP population.
In addition to mass configuration, we used WCSto change configurations on select controllers; any-thing we could do on the APs’ Web configurationinterfaces, we could do from WCS. Of course, justbecause you can do something doesn’t mean youshould. We think it would be pretty easy to get fardown the rabbit hole by making a number of indi-
TThe controller-based architecture ofCisco’s Unified Wireless Network is adefinite shift from the autonomous-AP mindset, where access pointsserve as the ingress/egress points fornetwork data destined for wirelessclients. Not so with lightweight APs ina controller architecture, where clientdata is tunneled back to the con-troller.
We thought it might be useful todiscuss the underlying architecturefor the Unified Wireless Network, withan emphasis on the role of Cisco’sproprietary LWAPP (Light WeightAccess Point Protocol). LWAPP is theprotocol Cisco APs use to communi-cate with controllers and is the secretsauce behind light-touch AP provi-sioning.
Although LWAPP is a proprietaryprotocol, it also serves as the basisfor the current draft of the CAPWAP(Control and Provisioning of WirelessAccess Points) specification the IETFis developing. Cisco is not the onlycompany to espouse a thin-AP archi-tecture—most vendors with switch-based architectures have developed asimilar method for AP-to-controllercommunications. Still, though thesearchitectures are similar, don’t expectcross-vendor interoperability anytimesoon, even after the CAPWAP specifi-cation is approved and implementedby vendors. The Cisco architectureprovides one example of why this is:APs and controllers conduct mutualauthentication through factory-installed X.509 certificates; maintain-ing that level of security with prod-
ucts from multiple makers poses chal-lenges that many vendors (and enter-prises) will be reticent to tackle.
When a lightweight AP is connectedto the network, it attempts to find acontroller IP address through a varietyof means; these discovery requestsinclude IP broadcast, DHCP optionsand over-the-air provisioning throughneighbor messages from other APs.Once the AP finds a controller, it sendsa join request to that controller; thecontroller then identifies the AP anddetermines whether it should let theAP join, or should point it to anothercontroller based on the preference set-tings configured by the network admin-istrator. Once the AP is joined to theappropriate controller, it downloads thecorrect AP operating code versionfrom the controller; using this methodensures all APs will have the propercode to communicate with the con-troller.
Communication between AP andcontroller occurs within a UDP tunnelthat secures device communicationsand also provides heartbeat functionali-ty. Every 30 seconds, the AP sends aheartbeat message to the controller toverify connectivity; if this processdoesn’t receive a reply, the AP disjoinsfrom the controller and searches for anew controller, providing a good failovermechanism.
Roaming, especially across sub-nets, is a critical capability, especiallyfor voice deployments. In some cases,roams may occur across controllers,which is where the rubber meets theroad in terms of technical complexity.
It just wouldn’t be a “unified” networkif the system broke down here. Ciscohas developed a solution that we feelplaces less strain on applications dur-ing roams across subnets: When aclient roams from an AP on a con-troller connected to one subnet to anAP on a different controller connect-ed to another subnet, the client endsup with dual-citizenship—it maintainsits client record on the first controllerand its IP address from the initial sub-net, but it also has a client record onthe second controller, marked as itsforeign “home.” Outbound data fromthe client is sent through the IP sub-net that the controller is connectedto, but incoming data is sent to theoriginal controller, where it is tun-neled back to the foreign controllervia Ethernet in an IP tunnel.
Inter-controller communications,for roaming and other activities, reliesheavily on an element Cisco callsMobility Groups. Administrators candesignate as many as 24 controllersas members of a Mobility Group,enabling information sharing amongthem. For example, controllers withinthe same group automatically shareinformation to facilitate inter-con-troller roaming, AP load balancing andcontroller redundancy. These groupsare usually created if it’s possible fora client to roam from AP on one con-troller to an AP on another. Say youhave a WLAN across two large officebuildings, but it’s impossible to roambetween the two; you might createseparate Mobility Groups for the con-trollers in each building.
UNIFIED WIRELESS NETWORKARCHITECTURAL BASICS
vidual configuration changes that could get out ofsync with the other controllers. Although WCS willtell you if a controller is out of sync, there’s nomethod to enforce a particular template. Enterprisescan manually conduct version control by creatingactive and backup templates for rollback if there areissues, but the software doesn’t have enforcementbuilt in. We raised this issue with Cisco, and its posi-tion is that organizations with WCS tend to use tem-plates and not make individual controller changes; ifthey do tweak, it’s for a good reason.
Monitoring Activity and SecurityThe current generation of Cisco’s UWN has solidcapabilities for monitoring active network events,with a focus on security-centric happenings. WCS’first screen provides an aggregate view of networkhealth from a dashboard that provides quick data oncontrollers, access points, rogue APs and client activi-ty. From there, we drilled down to specific controllersand other wireless devices and accessed detailedinformation on security events, network alarms orcritical events on the network.
WCS’ security event tracking is not limited torogue APs. Through signature-based tracking wefound that WCS monitors wireless attacks, likedeauth floods, as well as NetStumbler usage thatmight indicate suspicious activity. The system alsochecks for AP attacks, like AP impersonation, andclient security events, such as WEP decrypt errors andIPSec failures.
The alarms and events track a variety of networkactivities, including security events, controller and APmessages, and location server notifications. Each itemis designated with a specific priority level, rangingfrom informational to critical, and we were able toassign events for follow-up and add annotations. Wecould also configure the system to notify us of specif-ic event types.
From WCS, we generated canned reports, includ-ing client counts, transmit power, and channel andAP activity, all based on historical data from the pre-vious seven days. While reports are fairly basic, theyprovide decent trend information for the reportingperiod.
Overall, we felt that the monitoring and reportingcapabilities built in to WCS provide a baseline for themetrics an administrator needs to keep tabs on awireless network. In the future, though, we’d like tosee Cisco add capabilities for reporting and trendingfor longer periods, and hopefully much of the infor-
mation in WCS will eventually be able to migrateupstream to a broader network monitoring system,not just one solely focused on the wireless network.The missing integration at this level made us ques-tion how “unified” the Cisco solution is, but giventhat Cisco is early in this endeavor, we’re willing towait and see.
We believe WCS’ wireless security monitoringcapabilities will meet the basic needs of most enter-prises now, and Cisco is working to improve in thatarea; for example, a number of the company’s CCXinitiatives, such as NAC (Network Admission Control)and MFP (Management Frame Protection), are aimedsquarely at security. That said, enterprises with specif-ic compliance or regulatory requirements need tolook beyond the basics toward Cisco’s IDS product orthe wireless IDS/IPS systems offered by vendors likeAirDefense, AirMagnet, AirTight Neworks and Net-work Chemistry.
Rounding out the Feature SetCisco is betting that location tracking is going to beone of the next killer apps, and its efforts in thatarena should stand up to the test if that wager paysoff. While many verticals, like healthcare and manu-facturing, do require location tracking capabilities,we’re unsure how critical it will be for the typical car-peted enterprise to have real-time tracking of Wi-Fidevices.
Nonetheless, we’re definitely impressed withCisco’s location tracking. Using WCS paired with aCisco 2700 Series Location Appliance, we were able toview a variety of Wi-Fi devices on the floor plans wehad imported into WCS. Devices were separated intotypical categories, including clients, 802.11 asset tagsand rogue APs. Word to the wise: Achieving solidaccuracy with location requires a dense deploymentof APs in order to adequately triangulate the signal.
A more critical feature for many enterprises is theability to facilitate guest access to the wireless net-work, but this poses challenges for administrators.The first issue is limiting or prohibiting access to cor-porate resources—you want to provide Internet accessso visitors can check their e-mail, not give them apeek at your ERP system. In most enterprise WLANs,setting up separate SSIDs, often tagged to a separateVLAN, is an effective way to segregate guest traffic.WCS also allowed us to tunnel guest traffic back to acontroller housed in the DMZ, terminating all guesttraffic outside our firewall—a handy trick.
The real sticky issue with guests, however, is how
to authenticate them. The most common method is touse a captive portal system, but then you’ve got to setup their credentials first, a problem because IT mayknow little to nothing about guests before they arrive.Cisco’s upcoming 4.0 software and hardware releasesadd a number of capabilities to facilitate creation ofguest credentials, including automatic generation ofguest user IDs and passwords, and also create a handyrole that Cisco calls the “Lobby Ambassador.” This rolewould enable, say, a receptionist to create time-limitedguest accounts. We think this is a great idea, and manyof Cisco’s competitors agree—we’ve seen similar fea-tures cropping up in other WLAN offerings.
We also examined Cisco’s UWN architecture with aneye toward branch- and remote-office wireless servicesand found solutions to meet different needs. For largerbranch offices, Cisco offers several controllers, the 2000series and the Wireless LAN Controller Module for theCisco ISR, that can support as many as six APs.
However, enterprises with multiple, smaller branchoffices that need only one or two APs may not wantto invest in controllers for each site. It is possible todeploy only APs at small locations, but becauseLWAPP data is tunneled back to the controller, thereis the issue of WAN survivability and increased utiliza-tion on those WAN links. This may not be a big deal ifyour application traffic already traverses that link, butCisco also addresses the issue with its Aironet 1030AP, which can operate in REAP (Remote Edge AccessPoint) mode. REAP splits the data and control planes
for APs by bridging data traffic locally at the AP whilestill tunneling LWAPP control data back to the con-troller. Unfortunately, REAP mode does not have visi-bility into 802.1q VLAN tagging, making it necessaryto bridge all data traffic locally at the AP. This may bea problem for some enterprises; for example, you maywant to tunnel all guest traffic back to a controller inthe corporate DMZ, which is not possible with REAP.
Enter HREAP (Hybrid REAP) mode, which will besupported on Aironet 1130 and 1240 APs with Cisco’snewest software release, due out about the same timeas this article. HREAP supports visibility into VLANtagging, providing enterprises with the flexibility todetermine which SSIDs will have data bridged locallyand which will have data tunneled back to a con-troller. HREAP is a definite improvement over REAPand will be attractive to enterprises looking to providesmall-scale wireless services for a multitude of branchoffices. And did we mention there’s no extra charge?
Get What You Pay For Speaking of price, enterprises that have implementedtraditional autonomous AP networks, especiallyinstallations with 100 or more APs, are going to expe-rience sticker shock when they start looking at con-troller-based systems, regardless of vendor. Given thatcontroller hardware bumps up costs, we asked Ciscoto supply us with pricing information on the UWNcomponents we tested, so that we could provide aballpark cost estimate.
WWhen a vendor makes major architec-tural shifts in its product line, andespecially when shifts are due toacquisitions, current customers oftenfeel confused and left behind. One ofCisco’s major challenges in rolling outthe Unified Wireless Network will be toassure customers that have investedin Aironet APs and WLSE appliancesthat they won’t be left out in the cold.
A number of existing Aironetproducts and design models will begoing into maintenance mode, mean-ing that you won’t see a lot of newfeature releases, but the companyisn’t going to be announcing end-of-life or forcing customers to migrateto the new architecture. To that end,expect to see a decreased emphasis
on the Structured Wireless-AwareNetwork (SWAN) and products likethe Wireless LAN Services Module(WLSM) for the Catalyst 6500 switchand the Wireless LAN SolutionEngine (WLSE), a management toolfor autonomous APs.
Cisco is doing a number of thingsto ease the pain for customers thathave invested in these products. Thecompany has buy-back and trade-inprograms to help you recoup purchasecosts, for example. Options also existfor customers that want to run theirexisting WLAN hardware alongside thenew products; for instance, a Catalyst6500 will support WLSM blades andWiSM blades simultaneously.
The big deal as far as we’re con-
cerned, though, is the ability to upgrademany existing products to work in acontroller-based architecture. By the4.0 software release, due out about thesame time as you read this article,Cisco says customers will be able toupgrade the majority of legacy APs tocommunicate with controllers. Upgrad-able models include the Aironet 1100,1130, 1200, 1240 and 1300 Series APs,though there are some specific earlyrevisions of those devices that may notbe included. Cisco hasn’t forgottenabout customers who have invested inthe WLSE management appliance,either; a utility to upgrade your WLSEto a WCS is due out with the 4.0 releasein early May.
HAVE NO FEAR, UPGRADES ARE HERE
Certainly, Cisco is not going after extremely cost-conscious shops with its WLAN products, but the listprices it supplied were fairly reasonable when com-pared with competitors based on their RFI responses.Cisco APs, which start at $599 for the 1000 Series and$699 for other models, are middle-of-the-road interms of AP pricing. Controllers are difficult to com-pare in an apples-to-apples fashion because quantityof APs supported and extra licensing options varyamong vendors. That said, Cisco’s 4400 Series Con-troller starts at $9,995, which we find comparable tomany rivals. The price does increase, however, basedon the number of APs supported, as it does with justabout every WLAN vendor.
The real budget cruncher comes when you startbundling pricey extras, like the Wireless Services Mod-ule (WiSM) for the Catalyst 6500 Series switch. WhenWiSM is bundled with the 6500 chassis, Supervisor720 module and redundant power supplies, the pack-age starts at $86,995 list. This supports 300 APs andhas room to grow, with space for more WiSM mod-ules, making it possible to increase capacity withinthe chassis.
All prices listed here are MSRP, a point from whichto negotiate downward. Some colleagues at highereducation institutions cite discount levels up to 40percent off of list; large organizations should be ableto expect similar deals.
PerformanceWe conducted a number of performance tests in aneffort to gain a better understanding of how the CiscoUWN performs in a lab environment. A bit of a caveatbefore we dig in, though: We realize that benchmarkfeeds and speeds recorded in our labs may more accu-rately simulate theoretical maximum capabilities thanreal-world conditions. For instance, several of the testtools that we use to simulate multiple clients do sowith a single radio, eliminating the bottlenecks thatcontention places on the wireless medium. Moreover,without other systems to compare to, it’s tough tocull a lot of meaning from the data.
Using the Azimuth Systems 800W test chassis, weevaluated the call capacity and quality capabilities ofan Aironet 1240 AP connected to a 4400 Series WLC.In running as many as 18 simulated calls with varyinglevels of TCP background traffic, we found that thesystem performed admirably. In instances of no back-ground traffic and up to 5 Mbps of background traffic,we got Mean Opinion Score (MOS) values hoveringaround 4.3 and 4.4. Even after increasing the back-ground traffic to 10 Mbps, our downstream MOS
stayed at around 4.3 and 4.4, although the upstreamMOS was a little lower, at an average of 4.07, but stillvery respectable. For comparison, most cell phonesprovide a minimum MOS of 3.5, although some scaleup to 4.3. Five is the highest attainable MOS, but any-thing above 4 should be acceptable to users.
We also tested the association capacity of the Ciscosystem. We were able to associate 127 simulatedclients using the Azimuth system in open, WPA-PSKand WPA2 with RADIUS, so there are definitely noissues with AP capacity as far as clients are concerned.The final evaluation we performed with the Azimuthwas a failover roaming test to determine how a clientwould behave if the AP it was connected to failed.Using an Intel 2915ABG client card, we saw averagefailover roam times of 2.5 seconds in open authenti-cation and three seconds in WPA2, which is reason-able for most applications, although latency- and con-nectivity-sensitive apps would be temporarilyhampered.
In addition, we conducted a number of tests withthe VeriWave WaveTest 90 connected to eight Aironet1240 APs and a Cisco 4400 Series WLC. We evaluatedaggregate throughput of the system across a numberof frame sizes, ranging from 82 to 1400 octets, andfound respectable throughput for each size in therange. At 1400 octets we were pushing approximately167.48 Mbps across all eight APs; at 82 octets wemeasured about 26.45 Mbps, both reasonable by ourstandards. We also tested the latency of the system atload, measuring latency at the observed throughputof the previous frame-size ranges. Average latencyranged from 3 ms to 6 ms, with maximum latencyrunning between 55 ms and 85 ms. These figures,especially the average latency, are sufficient for mostenterprise applications. At maximum latency youmight have brief effects on VoIP traffic, but becauseaverage latency is much lower, we don’t think thoseeffects will cause much of an issue for users.
As for the ability of the system to handle 81 clientsof different security configurations (open, WPA-PSKand WPA2-PSK) roaming among all eight APs, wemeasured an average roam delay of 37 ms for clientsin open mode, and 94 and 96 ms for clients usingWPA-PSK and WPA2-PSK, respectively. These numberswere marginally higher than we expected, but in ourdiscussions with VeriWave and Cisco we came to real-ize that those results are attributable to the uniqueway the VeriWave system measures roam delay—thistest measures the end-to-end roam, including anydelay inserted by the controller, rather than justmeasuring the delay in associating with a different AP.
Putting It All TogetherThe final burning question on our minds—and yourstoo, we suspect—is whether the controllers you buytoday will support 802.11n, the forthcoming standardfrom the IEEE to update the 802.11 MAC and PHY lay-ers to achieve higher throughput. Cisco told us that it’sstill too early in the standards process for it to committo an answer one way or another. Because the standardis still in draft form, and because of the uncertainnature of the changes to the MAC and the PHY, we’dbe suspicious of any vendor that was willing to make alot of promises with respect to 802.11n support.
We believe that Cisco has a solid offering with theUnified Wireless Network, and the strides that thecompany has made toward integrating the Airespace
technology make its wireless story fairly compellingfor Cisco shops. We agree that putting the WiSMmodule in the Catalyst 6500 platform isn’t new tothose familiar with the older Wireless LAN ServicesModule (WLSM); products like the new Catalyst 3750Integrated Wireless LAN Controller Ethernetswitch/wireless controller, on the other hand, indicatethe company’s commitment to a tighter integrationbetween wired and wireless networks. NWC
DAN RENFROE is a technology associate focusing on wirelessand mobile technologies with the Center for EmergingNetwork Technologies at Syracuse University. Write to him [email protected].
