Foundry Networks has updated its wireless LAN switch software to improve security and roaming.
Foundry access points will now support automatic configuration, and multiple "virtual APs", so insecure traffic does not bring down the level of security of other users. They can also be reconfigured as dedicated security probes, and the network now supports Layer 3 roaming in which client devices move from one subnet to another.
None of the features is unknown or revolutionary (virtual APs were announced almost a year ago by Symbol and Colubris, and are available from other vendors), but they maintain Foundry's challenge to Cisco's approach to wireless support on a wired network.
Foundry's approach differs from Cisco's Structured Wireless-Aware Network because the Cisco architecture requires a Catalyst 6500 switch with a special blade to handle WLAN security and access point management, said Michael Hong, a Foundry product marketing manager. With its emphasis on adding to wired switches, Foundry's wireless approach has been compared with Cisco's or Extreme's, rather than specialist switch vendors like Airespace and Aruba, since its better-late-than-never launch a year ago.
"Our access points support up to eight multiple SSIDs," said Foundry vice president Bob Schiff. "It lets you set up separate networks for guests, contract workers and employees, for example." Voice, too could get its own SSID, as security provision on Wi-Fi handsets can be primitive.
The new software can discover Foundry access points wherever they are connected, and configure them remotely. It can also configure some access points as dedicated RF security probes, to monitor wireless activity: "These are dedicated probes, and all data is reported back to IronNode Network Manager," said Schiff. "If you timeshare, it impacts performance for the monitor and the network." Schiff reckons that users will need one probe for every three or four access points - so the new feature is an opportunity to sell more hardware to existing customers, as well as new ones.
"With Layer 3 roaming, it looks like the client stays on one subnet when it moves to another," he said. This lets a user move from one floor of the building to another with an active session, for instance a voice call or a PDA synching. "Forwarding the traffic adds latency but it is not unacceptable," he said (read our feature on Layer 3 roaming).
Other additional security features include VPN pass-through and 802.1x, for authentication of access points, as well as clients, and support for WPA2. In future the APs will support 802.11e quality of service and other emerging Wi-Fi standards.
For 802.11n, Schiff is going to wait for the official IEEE standard, but expects he will prefer the Tgn Sync standard proposed by Atheros and others to the WWISE proposal of Airgo (see What are those 802.11n options?)
Like Air Defense, Foundry is automating its security processes, a feature Schiff describes as "closed-loop security". He says: "When it detects a threshold has been crossed, the IDS system will respond with action on the switch port, quarantining traffic."
The prices of Foundry's APs and switches remain unchanged. The IronPoint 200 access point costs $800. The IronView Network Manager software is available for $10,000 for the Advanced Edition, which manages all Foundry devices, or $2,000 for the version that only manages IronPoint devices. A WLAN FastIron Edge Switch software package costs $4,000 for a 24-port FastIron Edge switch; $6,000 for a 48-port switch; and $10,500 for a 96-port switch. Users already running WLAN-enabled FastIron switches can add the new auto-configuration and Layer 3 roaming features with a $1,000 upgrade kit.
IDG News Service's Phil Hochmuth contributed to this report.