Airespace is set to simplify the security of its wireless LAN switch systems. The companu said it would work with partners to let clients roam to different access points in a WLAN without re-authenticating, and will check the integrity of clients before they connect to the WLAN.

Clients will be able to roam without re-authenticating because the encryption key will be cached. Without this feature, the device would have to receive a new key each time it associates with a different access point, according to Allen Cohen, Airespace's vice president of marketing. Caching will reduce roaming delays which are one of several problems which are blocking real-time applications such as voice over WLAN, causing calls to drop.

The feature, called proactive key caching, was developed jointly by WLAN chipmaker Atheros, security software vendor Funk and Airespace. It will be delivered as part of a software upgrade that implements the recently approved IEEE wireless security standard (explained here) although the caching technique is proprietary. See our explanation of how cacheing in 802.11i is extended.

The Airespace system also has a new API that can tie access points and switches into network access control applications (NACs), which make security checks on a client before allowing network access. The first products to use the API will be Infoexpress's CyberGatekeeper LAN and Zone Labs' Integrity Server, who jointly developed with API with Airespace.

Network Access Control is nothing new. It's been around long enough in the wired world that even Cisco has it, and remote access company iPass does it for wireless clients. Airespace's rival Aruba announced a deal with Zone Labs to quarantine client devices six months ago - and has also worked with Funk on authentication.

NACs intercept a client's attempt to access the net, and then run a series of checks on that device. Based on the policies set for the user site, the software checks such things as the user configurations, anti-virus software updates, whether a personal firewall is present and active, and so on. Only if all these match the enterprise policy, is the client allowed to connect and authenticate.

When a WLAN user's device starts to associate with an Airespace AP it is connected to the NAC. If it passes the checks, the NAC software notifies the access point, which then lets the client associate and complete the authentication process.