While Cisco Systems Inc.'s shadow falls across the "wireless LANscape," wireless switch startups and third-party management and security vendors have always been able to capitalize on a few of its weaknesses. In particular, Cisco has been lacking when it comes to management of the WLAN radio frequency (RF) segment. If a user wanted to deal with rogue access points or handle an RF site survey, Cisco was not the name that came to mind. Similarly, the handling of roaming devices was not something that Cisco shouted about.
Products: A run through the recent Cisco announcements and their time frames is in order: The meat of the plan doesn't appear until Q4, but the first step is an immediate, no-cost IOS upgrade for its Aironet 1100 and 1200 series access points, which gives them three new facilities. First, it lets them implement Wi-Fi Protected Access (WPA) authentication and encryption. It's worthy, but not unexpected.
Second, and more interesting, is support for "fast secure roaming" between access points. Currently, when a user moves between access points, supporting 802.1x re-authentication adds around 500 milliseconds to the roaming procedure, according to Cisco's own figures. That's enough to break some apps, notably voice over IP.
The new system is claimed to enable "fast" (virtually instant) handover between access within a subnet. It appears that Cisco has given access points the ability to organize themselves -- via a new Wireless Domain Services system -- so that one becomes dominant and choreographs the re-authentication.
Cisco was a bit misleading in its announcements, implying that the system works across subnets, too, but no. The fact that it doesn't is good news for ReefEdge, Vernier, Bluesocket and others. However, in the long term, Cisco has its eye on introducing full layer 3 inter-subnet roaming.
Wireless Domain Services is behind the final feature of this release -- implementing a local 802.1x authentication service that allows users to log in, even if the access points lose their WAN link back to the central authentication server.
So that's this month's access point upgrades. In July comes an $8,495 upgrade to the CiscoWorks Wireless LAN Solution Engine (WLSE), Cisco's management station. This version 2.0 release increases the number of supported access points to 2,500, adds some additional troubleshooting features and tidies things up. Not too earth-shattering.
The Structured Wireless-Aware Network -- as Cisco is officially referring to the new framework -- actually begins to take shape in Q4, when there will be a further IOS upgrade for the access points, the WLSE will hit version 2.5, and the company will produce an upgrade for its 802.11 client software and release version 2 of its Cisco Compatible Extensions technology to client manufacturers. All of these are no-cost upgrades.
Together, these moves promise to give the system the RF management capabilities that Cisco has lacked. The access points get the ability to monitor the RF environment for channel levels, interference and rogues, etc. The WLSE gets the ability to import architectural drawings, and then present diagrams showing access point location and power, the location of rogue access points, etc.
However, the company is also going to enlist 802.11 clients into the business of reporting back on RF environment. As clients move around the workspace, the information they collect on access point strengths, rogue devices and interference will also be passed back to the WLSE, increasing the system's resolution and allowing for easier 'assisted site surveys.' It is not just Cisco's own clients that will pass the information back; so will any client implementing the Cisco Extensions version 2. Once again, Wireless Domain Services raises its head here -- both the clients' and access points' RF statistics will be collected and collated by the 'dominant' access point before being passed back to the WLSE. It's a heavily engineered system, but it is designed to scale.
Strategy: By the end of the July, then, Cisco will have delivered infrastructure that will handle fast handover for roaming clients and which is clearly important for supporting the company's wireless VOIP PBX and handset plans. By the end of the year, it will have plugged the larger holes in its RF management strategy. But where is it going?
The company asserts that at some time in the future the Structured Wireless-Aware Network infrastructure enhancements will be integrated not only into the access points, but also Catalyst 3750, 4500 and 6500 series switches and Cisco 2600XM and 3700 series routers. The company talks of a "wireless-aware Cisco switch and router infrastructure combined with a Cisco wireless network, including a common management and robust security scheme, simplified deployment and operation, and centralized control and configuration of thousands of networking devices."
The vague suggestion from the company is that this initially means that we should expect a common integrated SNMP management interface for both switches and access points. However, there are hints that sometime next year a further IOS upgrade will let the Wireless Domain Services controller reside within the switch/router, as well as in an access point.
This would have two potential benefits, assuming that this is not a prelude to Cisco introducing a skinny access point. First, it would let the system scale properly as subnet size increases; second, it could form the prelude to Cisco's plans for fast inter-domain roaming. Executives say they want to implement a full layer 3 routing system in due course. The promises are somewhat vaporous at the moment, but they may serve their purpose.
Competition: Cisco doesn't usually make a habit of preannouncing products two quarters in advance, which we believe indicates that the WLAN switch startups and their talk of automated site surveys, dynamic RF tweaking and rogue access point management have at least gotten the attention of the company and its customers. Aruba, Airespace, Trapeze and Legra have all focused on the manageability of the RF space and have been able to use Cisco's weakness to their advantage. Proxim's Maestro system, due later this year, also offers such facilities.
There is little in Cisco's product announcements to suggest that it will surpass its competitors' capabilities – although the ability to collate RF information from both clients and access points sets it apart. However, this week's announcements will be enough to sow uncertainty and doubt into rivals' sales process.
The announcement is bad news for the likes of ReefEdge, too, which announced its Airmonitor package last month, including a dedicated RF-monitoring probe that could be attached to the network. Airwave, which offers centralized WLAN management with optional rogue access detection, is also likely to suffer a chilling effect. It may focus on its ability to manage access points from multiple vendors, but Cisco equipment is likely to make up the majority of its customer base.
ReefEdge, Bluesocket and Vernier -- with their ability to handle inter-subnet roaming -- look safe from Cisco's predations for now. But they've had a warning shot fired across their bows and find themselves in the uncomfortable situation of being squeezed by the WLAN 'switch' newcomers on one side, and Cisco's desire to improve its management on the other.
As for the switch newcomers, we expect to see them having to talk more about the price advantage of their lightweight access points. The problem with that strategy is that even without the new facilities, Cisco's pricey access points manage to sell, and Cisco actually looks like it's getting itself in a position to capitalize on the weight of its access points. This is just the beginning of the process.
The451 assessment: Cisco is playing catch-up in the RF management domain, but looks like it will have caught up by year-end. Its promise to create a "wireless-aware" Cisco switch and router infrastructure are still largely vaporous, with no roadmap in evidence. Nonetheless, even the statement of intent threatens to have a chilling effect on its competitors.
The451 is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service, click here.