Wi-Fi equipment so far has mostly been designed for large enterprises (wireless switches and overlays to existing wired networks) or for the home, or small office. The smaller office, where ten to a hundred people work, has been ignored, because it falls between the two stools.

A single access point does not have enough coverage or throughput for a branch office. Building up the coverage with multiple access points doesn't solve the problem because there is nothing to handle the handover between access points or - more importantly - the issue of security.

Large enterprise systems, where a dozen or more access points connect to a wireless switch, solve these problems well - and several others. The wireless switch includes security features, such as intrusion detection and prevention. Some support location sensing, and other features are being added to cover such things as quality of service for voice.

However, the enterprise switch tends to be a fairly costly device, and difficult to justify where there are only three or four access points and fifty users or fewer.

Small offices need wireless
This is ironic, since in many ways the small office is a place where wireless can be particularly useful. Small companies often set their offices up flexibly, and, if the office is a local branch of a large enterprise, it will host a steady stream of visiting users from elsewhere in the company, all of whom could use the kind of short-term access that is ideally provided by a wireless LAN.

Small stand-alone offices may opt for all-wireless networks to reduce the costs and inflexibility of cabling (Aruba makes this case, among others).

This adds up to an opportunity that vendors are starting to grasp, most recently Airespace and Trapeze. But they join a range of wireless LAN products aimed at the branch office.

What's out there?
The arrival of smaller switches follows a hoary network industry trend: as equipment matures, it can be sold into smaller niches. The trend is driven by greater integration in silicon, such as a recent chip launched by Broadcom, designed to allow combine security and wireless in branches.

But branch Wi-Fi is by no means a commodity. There are many different approaches:

  • Trapeze's MXR-2 is aimed at branches rather than standalone offices. It presumes the user has Trapeze WLANs elsewhere and people managing them. The new box can be shipped to the remote site, plugged in, and then configured centrally by wireless personnel in the central office, already familiar with the company's highly ranked RingMaster management software.

    Common wisdom once held that most smaller sites would run "fat" APs - intelligent radios with no corresponding switch - because the cost of a switch seemed like overkill when only one or two access points were needed. However, the MXR-2 costs only $995. And, according to Trapeze, one switch and one access point can be installed for $1,350. The MXR-2 supports up to three APs.

    The Trapeze box slots in below an existing small-ish office box, the MX8 which supports up to eight access points.

  • Airespace's 3500 box, meanwhile supports up to six access points. According to Airespace marketing manager Jeff Aaron, it is more suited to small standalone offices than the Trapeze box.

    The new product fits above Airespace's existing solution for very small offices - the 1200R access point, which connects over the WAN to a switch in the central office. Many users have been reluctant to use thin access-points connected remotely to a wireless switch, because they fear that the WAN link might shut down the wireless network in the branch, says Aaron. Thin access points don't operate independently, and refer user authentication to the switch or a RADIUS server, but he points out these ones that his access points cache keys locally, so would continue working even if the connection to the switch were cut.

  • Symbol Technologies recommends placing a wireless switch - its comparably priced WS 2000 launched in February - in the remote site. But Symbol combines wired and wireless networking with six Ethernet connections plus a WAN port in its device. When joined with a Symbol AP-200 802.11a/b radio, the configuration costs just a couple hundred bucks more than the Trapeze MXR-2 setup. But it also supports fewer features (no 802.11g radio yet, no automated site survey tools, for example).

    Also, unlike Trapeze's product, Symbol doesn't yet support 802.11i/WPA2, but will in November, according to the company.

  • Aruba Wireless Networks has not reached as far down the scale of office sizes, with the Aruba 800 switch supporting up to 16 access points and costing $2995, with each AP costing $395 or $495, depending on radio configuration. Aruba has said it has plans for further streamlined remote-office products this year.

  • ReefEdge has a remote office version of its wireless security gateway, the ReefSwitch 25, which supports up to three access points.

  • Proxim is pitching a stand-alone AP, the AP-700, at small businesses. It costs around £330 and includes the requisite 802.11i, draft 802.11e, Super Mode 802.11g and 802.11a features, as well as built-in Wi-Fi rogue detection in both the 2.4 GHz and 5 GHz bands.

  • SonicWall comes at this from the direction of a firewall vendor, which has realised that wireless networking can be a reasonable add-on to a firewall. The TZW170, launched in July, costs £580.

  • Fortinet, like SonicWall, has come out with a wireless version of its Fortigate security appliance, adding an access point to a box which supports network-based anti-virus, firewall, content filtering, VPN, intrusion detection/prevention and traffic shaping. Priced similarly to the SonicWall box, it can be centrally managed by the company’s FortiManager System, either locally or over a WAN connection.

  • Firetide and Strix. These companies build 802.11 mesh products, which can be used in locations that are difficult to cable, which change frequently or where you just want the flexibility to plug radio nodes into an electrical outlet and be done with it. Firetide’s devices are used for backhaul only; you’d still have to hang someone else’s WLAN access points off it for user access. Strix (recently launched in Europe) has modules that support both backhaul and AP functions, in that clients associate with the devices, and APs also pass traffic to one another for backbone connectivity. You can plug in cabled devices such as printers and servers at the very edge of the wireless mesh in both architectures.

    Joanie Wexler, Network World contributed to this article.