The first article in this series discussed types of wireless Access Points (APs) and how AP design affects network function and cost. This article examines vendor design approaches to authentication, VLANs, and network installation issues. These issues impact how your users connect to the network, their access to network resources and the overall cost of adding WLANs to your network.
Authentication
WLAN users must enter authentication credentials, usually a username and password to gain access to the WLAN. Authentication facilities are usually designed so that the same credentials provide admittance to the network and to resources such as e-mail and shared drives. The 802.1x protocol, supported by all of the major vendors, defines the authentication interchange between the user's laptop and the network. Thin APs pass the authentication packets to the switch without examining them. More powerful APs handle the protocol interchange, but in either case the user's credentials must be sent through the wired network to a RADIUS server for verification. Most vendors do not require use of a specific vendor's RADIUS server, but verify that this is true of your chosen vendor since a switch of RADIUS products could be a major task.
As users move through the area served by the WLAN, they travel from the area served by one AP and into the area served by another AP. The process of severing a connection to one AP and establishing a connection to another is called roaming. It is crucial that roaming take place as quickly as possible, especially where voice over wireless is supported. A delay that isn't a problem for a user reading e-mail will cause a dropped phone call. The process of re-authenticating to the new AP would cause an unacceptable delay.
The wireless vendors all address this problem by maintaining information on authenticated users in a central location, but they differ on the location. Thin AP vendors Symbol and Aruba use their switches to maintain the information. Cisco maintains authentication information in a facility built into Cisco's IOS software called Wireless Domain Services (WDS). WDS usually executes in a card installed in a Catalyst switch, but in a small network that doesn't include a Catalyst switch, WDS can execute in one of the APs.
Chantry Networks maintains authentication information in its BeaconMaster router. Colubris Networks uses its access controller, which in contrast with the other products, is a software product running on a rackmount Linux system while the switches and routers are all specially designed hardware.
VLANs
Virtual LANS (VLANs) are an essential facility on many corporate networks. Products vary in the number of VLANs supported and how users connect to a specific VLAN. In many architectures, each VLAN is assigned to a specific Service Set Identifier (SSID). A user connects to a VLAN by connecting to the corresponding SSID. In other cases, users do not need to be aware of how to select and connect to an SSID because a single SSID supports multiple VLANs. In these cases, the authentication process automatically assigns users to the proper VLAN.
VLANs can also be used to prioritize traffic from different applications. For example, voice data requires minimal network latency. A VLAN for voice should be given higher priority than other VLANs. Thin APs prioritize traffic at the switch. More powerful APs prioritize in the AP so high priority packets won't be backed up behind low priority data waiting to be sent over the link from the AP to the network backbone. You need to verify that your chosen vendor can support the latency requirements of voice given the level of lower priority traffic projected in your network.
Installation
Installation costs can be a significant factor. Most APs are designed to install in the ceiling. Power over ethernet eliminates the need to provide a power connection in the ceiling, but it is still necessary to run an ethernet cable into the ceiling. Aruba Networks Grid Point APs are designed to be installed on cubicle walls, reducing installation labor by eliminating the need for a ceiling network connection. With APs within an easy reach, employees may be tempted to remove one for home use, but Aruba's APs are useless when separated from Aruba's switch.
Environments other than office areas require specialized products. Vivato's products are designed for use in large open spaces such as warehouses and outdoor areas. Vivato's APs detect the location of users and direct narrow beams of radio energy directly to the users instead of spreading the energy evenly over an entire area. The same total amount of transmitted energy is able to cover a much larger area.
Each of the issues discussed in these articles is addressed by all of the vendors and each will provide reasons why its solution is best. No one solution is best for every network, so you must carefully review how each fits with your current and future requirements, the cost of each including equipment, training and ongoing support, and the difficulty of integration with your existing network.
David B. Jacobs has more than twenty years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software start-ups.
