Aruba Wireless Networks has a new wireless switch designed to give cautious users a taste of its enterprise wireless products, and is planning to open a European headquarters in London next month.

"The Aruba 800 is a Leatherman," said David Callisch, director of marketing at Aruba. It can stand on its own in a branch office wiring closet, controlling traffic from "legacy" wireless access points from vendors such as Cisco, or aggregate that traffic in a campus to pass it up to one of Aruba's large 5000 switches. Aruba refers to this as a multiplexer or "mux", to distinguish it from a full-blown switch.

With the new version of Aruba's software, launched for all Aruba products at the same time, it can also act as an intrusion detection system (IDS), picking up unauthorised traffic and rogue access points. IT will also spot attacks such as the ASLEAP attack which hits Cisco's LEAP security scheme. Aruba promises to update users with the signatures of such attacks so that systems can respond to them in real time. Other security features include running WEP and WPA traffic on separate "crypto-VLANs", so that nodes using the weaker WEP encryption can be kept separate from those using the stronger WPA scheme.

The 800 is cheaper than Aruba's full blown switch. A fixed format 800 box costs $2995 in the US compared with $12,000 to $30,000 for the more modular 5000 switch.

"The 800 is a way of getting Aruba in without having to rip out legacy access points," said market analyst Richard Webb of Infonetics Research. "Users really like the security and centralised management of this kind of solution, but they don't want to have to buy a lot of thin dumb access points." The ability to connect other vendors' access points could enables Aruba to wean users off Cisco's fat-AP architecture, he argued: "I expect other vendors will make this kind of product too."

Aruba's thin access point approach to wireless networking (see our Architecture Wars overview) puts all control in the centre and controls access points across the network, but this can require users to junk much of what they have.

The 800 changes this by providing Power over Ethernet connections to the legacy access points, as well as a serial link for admin. If there is an Aruba 5000 switch present, it runs a proxy for each legacy access point it is managing, so it appears exactly like an Aruba access point to the 5000, explained Callisch. The 5000 series can link to other access points but this would require putting an expensive switch in wiring closets, said Callisch.

Aruba was founded by veterans of the Web switching company Alteon (bought by Nortel) and wireless switching needs a similar ability to inspect the details of network traffic and react accordingly, said Callisch: "It's a Gigabit switch with processors on top of it," he said of the company's flagship 5000 product. "We can collapse a lot of functions into an integrated system."

The company will launch into Europe in November, establishing a head office in London. In that month it will also launch a whole new product range (watch this space for details) and will run the wireless network for Networld Interop in Paris, said Callisch.