Enterprise Wi-Fi specialist Trapeze will on Monday announce details of its much discussed new software and hardware. As well as remote connections across the office LAN, the company has added support for 802.11g (alongside existing support for 802.11a and 802.11b), and RF monitoring for rogue access points.

"We have the most comprehensive list of Wi-Fi features," said Mike Banic, vice president of marketing at Trapeze. "We are the only company delivering secure roaming in wireless based on user identity," By comparison, other vendors focus on a small part of the picture, he said.

The most widely-promised part of the announcement is the ability to connect access points remotely across the network to Trapeze's Mobility Exchange Wi-Fi switch. Until now, all Trapeze access points have to be connected directly to the switch, which can mean a lot of switches are needed if the points are distributed throughout a building.

The company's new 200-series access points come in two versions, with one radio (to handle 802.11a or 802.11b/g) or two (to handle 802.11a/b/g). Both have built in AES encryption and support the WPA specification.

Version 1.1 of Trapeze's software adds the ability to have multiple SSIDs - effectively multiple Wi-Fi LANs from a single access point. It also lets users limit access by policies and use access points as "sentries" to detect unauthorised rogue access points in the office. The software can also do load-balancing, setting a maximum number of associations per access point.

The security policy support is important, says Banic. For example, it can require users to use AES when they authenticate, or divide less secure traffic such as that on a guest network, which allows office visitors access to the Web.

Other policies include location-based security, where different security is enforced in different areas, for example only allowing access to sensitive applications on the human resources VLAN to people located in the HR department. Alternatively, universities could turn off web browsing in lecture theatres, to encourage students to pay attention.

The software also allows policies based on the time of day: "We have a lot of customers who want to offer guest access only between the hours of eight and five, to avoid having someone doing stuff in the parking lot out of hours."

The new "sentry mode" for rogue detection is a response to customer feedback, says Banic: "Customers are crawling before they can walk. They realise the only way to give good Wi-Fi intrusion detection is to monitor the air." Rivals Airespace and Arubahave already made prevention a big part of the promotion.

While some competitors have access points that can monitor and signal simultaneously, Trapeze's approach requires dedicated "sentry mode" access points, but this is not a big drawback, says Banic: "If you have a big office, you really only need one extra per floor for monitoring." The access points have a bigger range for receiving signals than transmitting he says: "I only use two access points for sentries."

Trapeze's Ringmaster software is being upgraded into more of a corporate citizen, as it is now available on Linux and Solaris as well as on Windows XP and Windows 2000, and has been integrated to HP's OpenView network management system.

Trapeze's competitors are not daunted, labelling Trapeze's announcements as a game of catch-up: "We already do location-based identity networking and location based ACLs, with a self-calibrating RF network," said Alan Cohen, vice president of Airespace.

"We are the only new entrant that took the European market seriously enough to go there at same time as the US," responded Banic (some might say that Trapeze expanded too quickly but it has certainly been more visible in Europe than its rivals)."The real comparison is finding the right architecture to enable mobility, not hanging your hat on a product feature or a point product."