Should you plump for a fat or thin wireless Lan?

Off-the-shelf products may appeal, but it is worth remembering that you get what you pay for

New Asset  

Off-the-shelf products may appeal, but it is worth remembering that you get what you pay for




When a company with up to 100 staff considers installing a wireless local area network, is it OK to go to the local PC store and buy a cheap, shrink-wrapped device, or should it spend several times the amount on an "enterprise class" product?

A business may have dozens of branch offices that are ideal candidates for adopting a wireless strategy. Is it best to choose the same product already installed at the head office - probably a fully featured WLan switch - or a budget, off-the-shelf alternative? It is an interesting debate, which the likes of Symbol and Trapeze Networks - enterprise-class WLan switch suppliers whose products my company Broadband Testing has tested in the labs - are involved in constantly.

After all, if a business is looking at paying maybe 10 times more for what amounts, in its simplest form, to adding wireless connectivity to the Lan and probably the internet, are all those enterprise features really needed?

Maybe we should go back a step and define the difference between the two extremes.

Equally, we should add a third option which sits, pricewise, in between: the enterprise class fat access point. This is the typical initial WLan product, where all the intelligence resides, and which is attached to any old Ethernet switch, plus client adapters, power injectors and software.

Cisco, for example, offers both the cheap-and-cheerful option (Linksys) as well as its own, Cisco-branded Aironet enterprise fat access point product. The difference? Lots more features and a much fatter price tag for the latter.

Cisco's recent acquisition of Airespace means it now offers a switched WLan product as well. The switched alternative takes all the "intelligence" away from the access point, instead using a switch as the control centre, and the access points become simple, almost throwaway technology.

The obvious benefit here is that if they break they can be cheaply and easily replaced, and you don't lose your wireless configurations. Also, if someone steals one, there is no valuable information on it that could be used to breach network security.

These are two basic reasons for choosing the switched, thin access point product ahead of the fat alternative, but there are many more - not least the myriad security options you typically get with a switched product, along with the scalability. But is the latter important for an SME or branch office WLan deployment?

Broadband Testing labs provides the ideal arena for this debate, given that it is a small business and can simulate the branch office environment. Moreover, our current basic wireless setup centres on a low cost, all-in-one internet router with integrated WLan access point: a Netgear, in fact.

At the same time, however, we will regularly have an enterprise class WLan product working in tandem, under test, such as the Symbol WS2000 product currently being given the treatment.

So what does a budget product offer? In the case of our resident Netgear device, we get a reasonable choice of security options - Wep, WPA, 802.1x and an integrated firewall plus very basic URL filtering - 802.11b/g support, NAT and a DHCP server. Not bad for what represents a small financial outlay. Strictly speaking, there is not much in the way of user management.

If you want "real user access control" and maybe a dozen more specifics, then it may be worth considering something like Trapeze's MXR-2 "baby" WLan switch, which we examined as part of a WLan test, or the device currently connecting me to the internet: the aforementioned Symbol WS2000.

Now for enterprise-class. Running a business involves managing a workforce, and this is fundamental to the WS2000 class of product, or the Trapeze alternative. These products offer real user/group access controls that can mirror an existing Lan set-up.

Support for a Radius server is integrated in the case of the next software release for the WS2000 so AAA authentication - now de facto in most enterprises - is available. And they also offer integrated management of the SNMP and beyond variety, proper "big boy" functionality, in other words.

This theme continues when it comes to configuring the WLan itself, something which does not apply to budget access point products, where there are no options. For example, Trapeze's MXR-2 simultaneously supports native subnet connectivity for roaming corporate users, remote wireless users on the corporate headquarters, VLan, secure access for local employees and locked down and isolated guest access to the internet.

It is a wireless network pretending to be a wired one.

Likewise, with the Symbol product, there are a myriad of options in terms of how a network manager can segregate users, by subnet and/or VLan; and what is really clever is the WS2000's support for virtual access points.

This enables multiple virtual access points to be present within one physical access point. It means you can segment your network easily without the need for any extra physical devices. By allowing a single wireless network to be used for multiple purposes, virtual access points conserve channels: you only have three available with 802.11b/g and therefore bandwidth is limited.

The ability to assign multiple service set identifiers (SSIDs) - the "name" that an access point broadcasts or beacons to a single physical access point - means it is possible to minimise the impact of broadcast traffic on the network as each individual broadcast can be controlled, per SSID. For battery-operated devices in particular, this is a very important feature.

Further control can be established with a multiple SSID configuration by the use of wireless VLans. Not only is this a great way of minimising and optimising traffic flows across the WLan, but it also gives you enormous control over the WLan users, so there are multiple benefits.

When sharing a single SSID, traffic often gets queued for long periods when attaching to battery powered devices in power-save mode, and is then dumped across the network, causing performance degradation for those mobile devices. There is also a very significant hit on the battery life of those devices.

We put this feature to the test in the labs. First, we analysed the impact that only having a single SSID can have on general network performance by creating a typical multi-application scenario, then compared the multi-SSID performance of a Symbol WS2000 solution with the single SSID limitations of a "typical" fat access point-based solution.

We compared the battery life of a Centrino laptop and a handheld (Pocket PC) device using first Symbol's Wireless Switch System and then a traditional fat access point solution.

Using the Symbol solution we were able to get significantly better battery life from the Centrino Laptop (1,609 seconds) and dramatically longer life from the Pocket PC (10,506 seconds, a 49.8% improvement). We also measured packet loss during the same overnight test and again found that the extended battery life meant significantly better results when measured in this format: 15 packets were lost for the Symbol solution against 426 for the fat access point.

The point is, an enterprise class WLan switch solution gives you a lot of benefits which are, perhaps, not immediately obvious when compared directly against a budget, fat access point alternative, or even an enterprise class fat access point, the latter not now realistically being worthy of consideration, in our view.

The extra user management features are beneficial to any company, regardless of size. However, the equally obvious scalability benefits are not applicable to an office with, say, 20 to 40 people.

So, for a very small company or branch office with basic wireless connectivity requirements, the reality is that a cheap-and-cheerful, shrink-wrapped access point solution will do the job. For anyone needing more than this, the jump to a WLan switch alternative is relatively expensive but undeniably worth it. After all, you are still only talking a few hundred pounds. Moreover, we have proved in our labs that this kind of wireless product can genuinely replace a wired environment.


Broadband-Testing Labs   

Steve Broadhead runs Broadband-Testing Labs, a spin-off from independent test organisation the NSS Group.   Author of DSL and Metro Ethernet reports, Broadhead is now involved in several projects in the broadband, mobile, network management and wireless Lan areas, from product testing to service design and implementation.

Read more on Wireless networking