Bigger players set their eyes on WLAN switch battleground

Some of the biggest names in wireline switching are readying products designed to incorporate wireless LANs more fully and securely into enterprise networks.

Those plotting announcements include:

– Enterasys Networks Inc., which is expected to unveil in a few weeks a switching architecture that uses specialized chips to control packets from or to a wireless LAN;

– Nortel Networks Corp., which according to one source familiar with the company’s plans, will introduce an “appliance” that sits behind a group of access points to secure and manage them, along with a wireless access point. Nortel declined to comment, other than confirming it will make a wireless LAN announcement at the CTIA Wireless 2003 show;

– 3Com Corp. planned last month to unveil at the CeBIT show in Germany details of its first 54Mbps 802.11a wireless access point. 3Com won’t say whether it has any sort of switched architecture in the works.

– Cisco Systems Inc., a leader in the wireless LAN access point market, declined to say whether it has a wireless switch in the works.

Discussion of tying wireless LANs into traditional wired networks largely has been the domain of a handful of start-ups, such as Aruba Wireless Networks Inc. and Trapeze Networks Inc., plus wireless veterans such as Proxim Inc. and Symbol Technologies Inc. So far, there’s been more talk than product.

Still, the start-ups are at least talking a good game, according to Enterasys CTO John Roese.

“[They] have it right, in promoting cooperation between the switching system, which is a more robust control point, and the access point, which is very much a price-driven product,” Roese says. “They’re making access points more of a dumb antenna [and radio], and the switch more of the brain. That is a good thing.”

In most cases, these wireless brain functions are being written in software and loaded onto a standard or custom-built Ethernet switch. But Enterasys is loading these functions into ASIC or specialized chips.

“Everything [wireless LAN switch vendors] can do, can be done better in a switch and access point rather than in one very narrowly focused [wireless] appliance,” Roese says.

Enterasys offers a range of wireless LAN products along with its wired switches.

“Our current switch and access point architecture works well together,” Roese says. “But what we’ll be adding are single-user and multi-user authentication, as well as IEEE 802.1X,” a port-based authentication standard.

Roese says the new ASICs will let companies with Enterasys switches create and apply per-user and per-port access and service policies across the wireless LAN. “Instead of having a single [data] rate limit per access point, you could have individual rate limits per application or per user attached to that access point,” he says.

Enterasys’s advanced RoamAbout R2 access point supports an array of security provisions, and its User-Personalized Networks software lets administrators set up network policy rules for authenticated users, based on Layer 3 and Layer 4 attributes.

But Roese is clear about how the new switching architecture will affect this model.

“R2 is the only access point that can do individual policies,” he says. “But it’s an expensive product: the Cadillac of . The difference is that [wireless LAN switch competitors] can stick a cheap access point [on] the end of their switches and get these same results.”

“They have probably a one-month edge on us,” says Roese, who declined to go into more detail on the products, pricing or shipping. “When we release our next-generation switching architecture, it will have everything they do.”

Perhaps not quite everything, at least not yet. Some start-ups are focusing a lot of attention on radio frequency features, which is not a strong point for traditional switch vendors. Vivato is using a phased-array antenna system that lets its combination switch-access point send narrowly focused radio beams to clients. Aruba will use its own access points also as radio wave monitors, scanning not only for rogue, or unauthorized, access points, but also for signal strength, traffic loads and numbers of users.