Navigating Wireless AP Options

A, B or G?

Your first decision revolves around standards: 802.11a, 802.11b or 802.11g. The market for 802.11a-only APs is limited, primarily because 802.11b is so firmly entrenched. However, if you are designing a network that requires high performance and you want to prevent the masses from accessing your network, 11a may be the way to go, but just be aware that you'll need to purchase 11a NICs for your client devices. Although 11a products support higher data rates than 11b (54 Mbps for 11a versus 11 Mbps for 11b), they tend to be more expensive and have shorter range. The range limitations are such that it may be impossible to provide full coverage in a branch or home office with 11a using a single AP, and the FCC's tighter regulations on 5-GHz products usually makes it impossible to use high-gain antennas to extend range.

The best value is clearly an 802.11b AP. Although its data rate is limited, a single 11b AP can support 12 or more users, as long as they aren't trying to run high-end applications like digital video, and its range is usually more than adequate.

The 802.11g standard combines the OFDM (orthogonal frequency division multiplexing) signal encoding technology of 11a with the 2.4-GHz frequency of 11b. In addition, 11g promises backward compatibility with 11b--but the cost of coexistence is reduced performance. In many instances, performance for all devices drops to the level of the slowest device.

Security ShortcomingsWireless security is the main obstacle to adoption in many environments. Although the press has focused almost exclusively on the vulnerabilities of WEP (Wired Equivalent Privacy), that's not the biggest problem. In fact, interim fixes to WEP have made it difficult for attackers to break the encryption keys. More problematic is the rather crude design of 802.11 security systems. The WEP static-key architecture, which lets you define four distinct keys on APs and clients, is nearly impossible to manage when you have more than 20 wireless devices. Likewise, security schemes built around MAC (Media Access Control) address access lists are difficult to administer and are vulnerable to MAC address spoofing.

More advanced security systems combine authentication and privacy (encryption), usually using 802.1x as a mechanism for passing authentication credentials to a back-end RADIUS server and letting it dynamically dole out encryption keys. Support for 802.1x is usually found only on high-end APs, though it is beginning to appear in lower-cost offerings. Also of interest is growing support for the Wi-Fi Alliance's WPA (WiFi Protected Access) security standard, which provides a subset of the functionality expected in the emerging 802.11i security standard.

Most vendors simply integrate a radio into the AP's main system board, but a few take a modular approach, using Cardbus or mini-PCI interfaces. Proxim and Enterasys, for example, offer dual-slot designs that let you mix and match radios. Cisco offers an alternative in the 1200-series AP, which includes an integrated 11b radio and a mini-PCI slot for another radio.

Most APs are designed to provide network connectivity to wireless clients, but some provide additional features, including bridge and repeater modes. An AP that functions as a bridge can join two Ethernet networks--perhaps LANs in two buildings separated by a road. Some APs can act as APs and bridges at the same time. With repeater functionality, you can extend the effective range of your wireless system by repeating the wireless signals, but you will pay a price in additional packet overhead.

One of the more significant differentiators between consumer and enterprise-grade APs is support for POE (Power over Ethernet). This lets you run data and power over the same twisted-pair cabling bundle, which means you can install an AP in any location without having to worry about the location of AC power outlets.

Other features have appeal for enterprise deployments. Many newer APs support multiple virtual LANs, letting you provide secure and open access on the same AP. For example, you might define a VLAN for guest access to provide visitors with external Internet access. It's also common to see a variety of filtering and class-of-service and quality-of-service capabilities on high-end systems.Configuration and Management

Most APs include embedded Web servers that let the systems be configured and managed using any Web browser. That's OK for maybe a dozen or so APs, but there comes a point where you need a more automated management system, usually built around SNMP. Many higher-end vendors provide SNMP support and some offer an SNMP management system. Using a central management system, you can update firmware and software across all networked APs and, by using profiles and groups, configure groups of APs much more efficiently. Some specialized vendors, including AirWave and Wavelink, provide AP management systems that are compatible with multiple vendor products. However, the list of supported products is usually limited. For example, Wavelink supports Cisco, Proxim and Symbol APs. Some vendors include other options for management, including command-line and menu interfaces accessible through telnet or a serial port.

In the end, your biggest concern should always be system availability. Clearly, the level of management sophistication makes a difference in this regard. However, equally important is the overall reliability of the hardware. In general, enterprise-class products will deliver better reliability, but some lower-cost products may perform just as well. Cover yourself by insisting on appropriate references before you sign the purchase order.

Dave Molta is a senior technology editor at Network Computing. He is also assistant dean for technology at the School of Information Studies at Syracuse University and director of the Center for Emerging Network Technologies. Write to him at [email protected].

Post a comment or question on this story.