Cisco touts plan to tame WLANs

Cisco Systems Inc. this week will answer the challenge of a pack of aggressive wireless LAN switch vendors with a plan for managing WLANs across an enterprise network.

One big difference: Cisco will do it without introducing a dedicated WLAN switch.

Cisco’s plans feature new software that will add more intelligence to the company’s Aironet access points, while laying the foundation for more-centralized management of these devices and of the actual radio medium.

Management of access points and of the radio frequency are areas in which Cisco has been weak, despite the company’s overall strength in the WLAN market. As a result, network executives trying to deploy big WLANs have turned to third-party suppliers for these needs. Or, like Cisco’s internal IT group, they’ve written their own management tools.

As part of its WLAN management and operations framework, which Cisco says follows its efforts over the past two years to improve WLAN security, the company will release a series of software upgrades to several hardware products starting late this summer. The new code is designed to add several key security standards, enable customers to configure thousands of access points at a time, and let administrators read and adjust radio signal strengths. It will also identify radio interference, and detect unauthorized (or rogue) access points. In addition, Cisco is relying on its Access Control Server appliance to handle authentication in the network.

Partners in WLAN

Cisco also is partnering with companies that have committed to incorporating Cisco WLAN code into their semiconductors. Laptops and PDAs with adapter cards using these chips will become “visible” to back-end Cisco management tools, including the new radio frequency tools. The company says these client products will appear in late summer.

“(This announcement) is the piece that’s been missing,” says David Hemendinger, CTO for Lifespan, a Providence, R.I., healthcare system with about 400 Cisco Aironet access points in five hospitals. The hospital group has beta tested Cisco’s upgraded Wireless LAN Solutions Engine and access points with the upgraded software. “Cisco has great management tools for the wired side, but they never had this capability for their wireless infrastructure products.”

Hemendinger says the new code helps him in three key areas: WLAN design, administration and rogue access point detection.

Traditionally, designs are created via a labor-intensive site survey, often with the help of specialists. With the new radio frequency tools, and the newly visible client adapters, Cisco now gives him an overview of the actual coverage of the WLAN and its signal strengths. He says the Aironet access points automatically can configure themselves to values set by the administrator. “This will take out of the picture a lot of . . . the mysticism of creating a coverage plan for your wireless LAN,” he says.

Managing the wireless devices will be simplified with new code in an improved version of CiscoWorks Wireless LAN Solutions Engine, the first version of which was announced about a year ago. The upgraded box is set for delivery in July for about $8,500, Cisco says.

“I can collectively manage all the wireless devices, just as I do with switches and routers in my wired environment,” Hemendinger says. “I can download a configuration to the access points, based on the analysis I’ve done (in the design phase).”

The new code also will let Lifespan automate the detection of unauthorized access points. Today, two network technicians spend nearly a full day each week walking around the hospital sites with handheld scanners to find new access points. The code turns each access point and wireless client into a radio monitor that can pick up new radio broadcasts.

Cisco says it will develop this strategy further in 2004, when it starts to release what company executives call wireless-aware upgrades to IOS, the brains in its routers and switches.

This upgraded code will support the IEEE 802.1x port authentication standard, start to offload from the Aironet access points a variety of functions, and give these network devices the ability to see and manage radio frequency.

“We don’t believe in ‘dumb’ access points,” says William Rossi, vice president and general manager for Cisco’s wireless business unit. “The access points will eventually become smart antennas.” However, Rossi says that the work done today at the access point, such as communicating with other access points for handoffs and roaming, SNMP processing and so on, will shift to switches and routers.

Cisco’s critics and rivals are unimpressed.

“Nothing in their announcement is significant,” says George Prodan, vice president of marketing with Trapeze Networks, a wireless switch start-up. “Everything on this list is a ‘me, too’ function, and they still fall short of several requirements.” Prodan says Cisco lacks tools for capacity planning and user management, and doesn’t support dynamic virtual LANs for wireless.

Because wireless clients can move between access points over subnets, among buildings, VLANs are a more complex issue in wireless than in wired LANs.

“The big problem here is how long will enterprises wait for this solution from Cisco?” says Jeff Aaron, senior manager of product marketing, with Airespace, another wireless switch start-up. “A year is a lifetime in this industry. In 2004, vendors such as Airespace will be on the third generation of products already. Why should an enterprise wait for a first-generation product from Cisco?”

Cisco’s Rossi says his company’s plan treats access points as part of the enterprise network, not as a network overlay that requires a specialized appliance – a wireless switch – in every wiring closet (some vendors let their wireless switch sit in the data center at the network core).

Wireless switches, Rossi says, are essentially access-point aggregators that can’t compare with Cisco plans to upgrade its CiscoWorks Wireless LAN Solutions Engine to configure and upgrade as many as 2,500 access points with a mouse click.

“Why was there ever a limit (for that product) to start with? Why is there any limit on access point count?” Trapeze’s Prodan asks. “We have no limit here.”

Other vendors say their boxes will fit into Cisco’s approach, but add a range of features that Cisco doesn’t offer, such as hand-offs across VLANs, and security and access policy management. That’s the strategy being pushed by vendors such as ReefEdge, which announced its CS200 WLAN concentrator in April.

“The Cisco announcement validates the concept of a controller function that sits behind the access points,” says Sandeep Singhai, CTO for ReefEdge.

Network executives will have their hands full sorting out these claims, and changing their perspective to accept a new WLAN architecture, says Aaron Vance, WLAN analyst with Synergy Research Group.

“At this point, enterprise IT people don’t really know how they see wireless LANs,” Vance says. “The majority of enterprise wireless deployments today are departmental in nature. They’re not large-scale.”

The migration of IOS into the Aironet access points, and the ability to tie them back, via IOS, into existing products such as the Wireless LAN Solutions Engine and the Cisco Secure Access Controller, will make sense for a lot of corporate customers, Vance says.

The argument by Cisco rivals that IOS in the access points is needlessly complex and burdensome is the kind of argument that might make sense to an outsider, Vance says, but Cisco customers understand the software thoroughly.