Mobile and Wireless
With the right planning, any network can go wireless. Find out how the numerous 'lite' and freeware options can provide enterprise-class wireless connectivity.
August 27, 2004
Equipment and Installation
Don't be tempted to pick up a consumer-grade AP special. You'll give up any reasonable warranty and support, as well as enterprise features such as PoE (Power over Ethernet) and variable power output. Gateway's 7001 series of APs, which includes support for 802.1X authentication and a built-in RADIUS server, is a great deal. It's priced at $299 and $399 for 802.11b/g and 802.11a/b/g service, respectively. Dell sells the TruMobile 1170--a rebranded Orinico AP-2000 from Proxim--with 802.11b/g support for $350. Both offerings are bargains compared with a fully loaded Cisco Systems 1200 with trimode support (a/b/g), which retails for $1,295.
No matter what, you'll need IEEE 802.11b support on APs and wireless cards. Working in the 2.4-GHz ISM band to provide access rates up to 11 Mbps, 802.11b is the most common wireless standard. If you get an AP or card that supports only 802.11a, you'll isolate users. PoE support distinguishes enterprise-class APs from consumer-class ones. Fortunately, most new APs support the PoE IEEE 802.3af standard--older APs are either prestandard or don't support PoE at all. Case in point: Gateway's 7001 series has it; Dell's TruMobile 1170 doesn't.
FeaturesClick to Enlarge |
Few wired Ethernet switches include in-line PoE as a basic feature, so to avoid the cost of a replacement switch or installing electrical outlets, consider obtaining a single-port midspan power injector such as the $99 PowerDsine 6001; multiport versions are also available.
Special Issue:Affordable IT • Introduction• Desktop Management• Desktop Security• Patch Management • Protocol Analyzers• Network Monitoring• Network Configuration• Storage• Whiteboxes & |
After your APs are installed, perform a site survey to verify the coverage patterns and speeds of the wireless network. AirMagnet's and Ekahau's site-survey tools cost thousands of dollars, but a combination of ping and a good wireless client card can also ascertain coverage. Cisco and Proxim cards generally include capable client utilities that show details such as signal strength, quality and connection speed. Choose a minimum data rate--say, 5.5 Mbps--and lock in your client or AP at that speed. Using a laptop, you can move systematically throughout your location, recording the signal strength and link speed while pinging the AP in the background.
To support multiple standards, you'll need to generate different coverage maps for 802.11a, b and g. This manual method won't generate the fancy heat maps obtainable from site-survey tools, but it will give you the information necessary to guarantee coverage and service.
Look Both WaysWireless technology is a natural solution to bridge two or more separate wired LAN segments. Proxim offers several PTP (point-to-point) kits. Its Tsunami QuickBridge 11, which lists at $2,099 for a pair of units, including antennas, mounting brackets and all necessary cables, delivers 5 Mbps of throughput, while the QuickBridge 20, which lists at $3,499, delivers 18 Mbps of throughput.
You can eliminate licensing headaches by using products that function in the unlicensed ISM ranges, but other wireless devices in the 2.4- and 5-GHz ranges could interfere with your connection. At a minimum, use encryption so your data can't be stolen. Highly directional antennas will improve and stabilize performance.Wireless security for client connections can be an after-thought in small deployments, but it doesn't have to be because of cost. At the most basic level, if you already provide VPN client termination for your remote users, you can duplicate this setup for your mobile users. If you want a more secure Layer 2 connection and have an all-Windows shop with a reasonably new AP, Microsoft's version of PEAP (Protected Extensible Authentication Protocol) lets wireless LAN clients authenticate without using digital certificates. If you don't use a Windows server or associated directory store, look to the open-source FreeRADIUS project. Although you'll need to speak some Linux to use this software, FreeRADIUS is a functional replacement to products such as Funk Software's Steel-Belted Radius or Cisco's Secure Access Control Server.
Needs Vs. Wants |
To monitor for rogue clients or APs without spending a dime, check out shareware or freeware such as Netstumbler, and Linux-based products like Kismet and Wellenreiter. You don't even need to install Linux--try the CD-bootable Auditor security collection (moser-informatik.ch) with a supported wireless card. For more comprehensive and continuous wireless security and performance management, try Network Chemistry's distributed solution. The RF Protect pilot package includes three 802.11a/b/g sensors and associated software for only $1,899.
Gotchas |
Two new types of security services are available. One is remote authentication and encryption, using technologies such as 802.1X. Radiuz Networks, for example, offers this for free; Wireless Security runs a subscription-based service. Neither requires extensive in-house architecture. The second is wireless security monitoring, offered by the likes of Full Mesh Networks (fullmesh.net). Using Red-M's technology for wireless security and/or intrusion detection, Full Mesh offers its service for less than a penny per square foot per month, with no start-up charges.
Why outsource?
Unless you've already got the wireless chops, designing and monitoring a wireless network will be challenging. If your installation is intimidatingly large, or if you're looking at a dense deployment, it might behoove you to hire a consultant to assist you, at least in the site-planning phase. Then again, mastering the learning curve may prove more cost-effective than delegating the planning, design and implementation to an expert. To the extent that outsourcing is necessary, determine your needs ahead of time, then verify that the prospective provider is up to the task.
QUESTIONS TO ASK PROVIDERS:
• Which wireless standards (802.11a/b/g) do you install, monitor or manage?• What kind of monthly reports will I receive?
• What is your guaranteed response time to a security event?
• Does your security solution require a client-side installation?
• Who are some of your premier customers? Will I be able to contact some of your customers for references?
You May Also Like