Cisco this week finally answered customer questions on whether they should stick with Cisco's current and pricey wireless LAN product plan or embrace the WLAN products from the company's US$500 million purchase of WLAN vendor Airespace.

The answer is: whatever works best.

Interop attendees will see both product lines next week, including switches and thin access points from Airespace, now sporting Cisco colors and labels. They'll also see a new line of low-end routers with built-in WLAN access points, the latest example of Cisco's scheme to make WLANs an integral part of network infrastructure.

The announcements have few surprises, as the elements have been predicted here and elsewhere, many times. "It takes forever for Cisco to kill a product line," says Abner Germanow, director of enterprise infrastructure with IDC. "The challenge [for Cisco] is stepping up and explaining where each WLAN architecture is most appropriate."

"We're in an awkward early stage because we have two product lines," says Dave Leonard, who shares the title of vice president / general manager of Cisco's wireless networking business unit with Brett Galloway, the former CEO of Airespace. "Investment protection is our guiding light. We'll support both Airespace and Cisco products."

Although the goal is integration, neither executive gave much detail about how that will be achieved. Galloway says Cisco will keep offering the two WLAN alternatives, even as it gradually shifts key functions into Cisco switches and routers.

The WLAN generation game
The WLAN market, unlike the more mature and stable Ethernet switch market, continues to breed innovation, Germanow says. "The market is moving from 'one size (architecture) fits all' to 'multiple sizes,' " he says.

Cisco's "first generation" architecture of standalone Aironet access points has been superceded by a second generation of security gateways (like Bluesocket), and a third generation embodied by Airespace, and its competitors Aruba and Trapeze - and Cisco's own wireless control add-ons to the Catalyst 6500 switch.

But while Cisco is blending first and third generation WLANs, a putative "fourth generation" is emerging, based on overlapping radio channels and exemplified at Interop by Extricom and the more established Meru (read a Meru white paper on the subject).

Whereas Cisco and Airespace spent the last two years bashing each other's architecture, now they're "one big happy family" precisely because they can offer customers whichever architecture they prefer, he says.

Within Cisco, the names have been changed of course: The Airespace products have been re-branded the Cisco 100 Access Point, the Cisco 2000 and 4100 WLAN Controllers, and Cisco Wireless Control System for network management. They join the Aironet access points, Catalyst 6500 series switch with the Wireless LAN Services Module (launched last year) and CiscoWorks Wireless LAN Solutions Engine to manage them.

Galloway says they are focusing on three integration areas.

Step One: Airespace switches manage Cisco APs
The first, due sometime later this year, will be software that will let current Aironet access points talk to, and be managed by, an Airespace controller. This new code will add Airespace's Lightweight Access Point Protocol to the Aironet devices, along with other features the Cisco executives wouldn't disclose.

"Customers are hugely positive about this," Galloway says. "They can use an Airespace controller for security and ease of use, also use our intrusion-prevention features and location services, and we aren't going to make them rip out their Cisco access points."

This announcement was so obvious that Airespace's rivals have moved first on opening their switches up to other access points. Aruba has shared the boot code for its APs, so others can link to its switch.

Trapeze has gone further. While Cisco customers have to wait months to get Cisco-branded Airespace switches that can manage their APs, Trapeze has launched a free upgrade to its switch that manages them now.

In the meantime, a number of Airespace software upgrades and new products under development at the time of the acquisition will roll out in coming months. These will include a new high-end switch and an outdoor wireless mesh access point.

Step 2: Airespace software on Cisco switches
The second area of integration will involve moving software functions, from Cisco WLAN products and the Airespace controller, into a range of other network devices, including switches and routers. Cisco has been moving in this direction for more than a year, introducing in May last year the Wireless LAN Services Module, which slots into the Catalyst 6500 switch.

At the time, Cisco product manager Douglas Gourlay dismissed specialist switches as mere “appliances” that wouldn’t scale up beyond a “pilot deployment” - an opinion that Cisco apparently reversed in the eight months it took to buy Airespace.

Now a newly-converted Cisco will be slowly turning its mind to using the Airespace software it once dismissed. "We [Airespace] delivered our technology in an appliance, but the core is really software," Galloway says.

Again, Cisco isn't exactly leading the way. Trapeze has deals to put its
software on switches from Nortel and 3Com, and a new deal with Enterasys, announced at Interop, that actually centres more on the software side than the hardware.

IDC's Germanow thinks corporate executives are sometimes ambivalent about an integrated wired and wireless network, largely because of the potential to have to change router and switch configurations. "They want an integrated infrastructure, but sometimes it's just easier to do a WLAN as an overlay network."

Step 3: SWome kind of security integration
The third area of integration will involve shifting a range of WLAN security functions, such as elements of 802.11i encryption and key management, 802.1X authentication, and wireless intrusion detection and prevention, into Cisco's emerging "self-defending network" effort. Neither executive would provide more detail.

Cisco's Network Access Control (NAC) program, through which Cisco is trying to gain greater control over client devices attempting to access the network, is part of the self-defending network vision.

Cisco's power changes the client?
One benefit of the Cisco acquisition is the ability to influence client direction, Galloway says. "As a small company, Airespace had no ability to focus on or influence the wireless client," he says. "Cisco has partnerships with companies like Intel to do just this. As Airespace, we could only deal with half of the (wireless) equation."

"To enterprise users, the client device world is like the Wild West," Germanow says. "You don't have a whole lot of control over the client. Cisco is big enough to be able to go to Intel, Microsoft, Atheros (a leading WLAN chip maker) and say, 'if you change X, it will ease these support and troubleshooting issues for our customers.'"

Radio frequency management, and voice over Wi-Fi, with its attendant need for high quality of service and fast, secure roaming (the focus of the IEEE 802.11r work), are two areas where this collaboration on the client will directly benefit enterprise users, Leonard says.

The client wireless network interface cards will be able to play a role in management of the radio frequency environment, providing more discrete control, and it will be possible to push QoS rules down to clients for converged environments.

Galloway says corporate WLANs will need that level of control to meet the demand for new wireless applications. "You put in wireless infrastructure and it pulls applications into it," he says. "Networks breed applications and applications drive networks. It works in a circle."

Access points added to low end Cisco routersAlso at Interop, Cisco will show new routers with built-in WLANs based on the Cisco Aironet products. The routers, and router boards, now will be able to handle WLAN traffic, as well as local Ethernet connectivity and WAN connections, creating a network-in-a-box device that can be deployed easily across many locations, the vendor says.

New routers include the Integrated Services Router (ISR) 800 and 1800 series. Cisco also is announcing WLAN access point modules for its higher-scale ISR routers, as well as higher-density power-over-Ethernet (PoE) switch modules, and new blades that offer improved network analysis management.

All ISR 1800 series routers can act as an 802.11a, b and g access point, and include an eight-port 10/100M bit/sec Ethernet switch with PoE. Pricing starts at US$1,300.

The ISR 870 and 860 are aimed at small offices or teleworkers. The 870 includes an 802.11g radio, QoS support for WAN traffic and a four-port 10/100 LAN switch with PoE. Different models are available with integrated DSL or an Ethernet port for cable modem connectivity. The 850 includes 802.11g, four LAN ports (without PoE) and DSL or cable modem support. The 870 series starts at $650 and the 850 series starts at $400.

All of Cisco's ISR products include VPN, firewall, intrusion detection and URL filtering capabilities embedded in hardware on the router, as opposed to running as software services or expansion modules in the device.

"I like the office-in-a-box idea," says Grant Opperman, chief technologist at D.W. Morgan Company, a California logistics company, that will use WLAN-enabled ISR 1800 routers for small field offices at employee warehouse or logistic sites. "I see us being able to get a customer signed on a Friday and have an office opened on their site by Monday."

He says the integrated WLAN capabilities also could help his company roll out WLAN-supported bar code scanning and inventory tracking systems at customer sites. VoIP over WLANs is another potential application he is looking at with the ISR boxes.