No sooner did we finally have a ratified international standard in the form of IEEE 802.1b running 11Mbit/s Ethernet, than along came the “.a” variant with 54Mbit/s. Now the “.g” variant offering the same bandwidth is appearing too, albeit in limited product numbers to date. But not only are the WLAN standards changing – the product architecture is too. The initial release of WLAN products – all those appearing before this year – followed a standard format. They had “Fat” Access Points (APs), where all the intelligence lie, which attached to any old Ethernet switch, plus client adapters and software. To add in extra security you perhaps went for a third-party VPN gateway and client software and that was about it. But now we have the switch-based alternative, where a dedicated Ethernet switch provides the heart and soul of the WLAN solution and the APs have slimmed down and become relatively simple beings, in some cases to the point where they are positively anorexic. Trapeze Networks’ Mobility System sits somewhere in the middle, with intelligence both in a dedicated switch and the Mobility Points or MPs (Trapeze-eze for APs). The system currently supports .a and .b standards on the same MP, with .g support due shortly. The Trapeze WLAN system consists of a number of different components. At the heart is the MX (Mobility Exchange) switch, which can be configured with redundant dual PSUs. This is effectively an Ethernet switch (20 x 10/100 ports plus a Gigabit uplink port) designed for use with the MPs though, in practice, it can be used as an, admittedly very expensive, standard Ethernet switch. All the MPs are dual homing, so each can have a redundant link and are powered over the wire using PoE (Power over Ethernet). In addition to the MPs, one or more RADIUS servers – depending on what levels of redundancy you want – are attached to the MX. The RADIUS server works directly in conjunction with Trapeze’s Ringmaster management software. Management-led
Whereas most network products are thought out with network management tagged on the end as a last resort, in this case – hurray – Trapeze has gone for a management-led approach. So the very starting point of a Trapeze installation is not access points, not switches, not client WLAN adapters but… an Autocad drawing of your offices. The Ringmaster software imports the drawing, then lets you tidy up the details (the more accurate a representation, the better the net results) before assigning values to each element of the office, such as a wall or a door. A drop-down list of options lets you assign thickness levels, material type etc, to each element, which is then used to calculate how to deploy a Trapeze solution. This itself is based around a number of variable parameters, such as what is the lowest connection speed you want users to connect at before going out of range. It means that you can perform “what if” type analyses before you even order the products, as part of the pre-sales consultancy. That way, you can work out the most cost-effective method of deployment, given that there is always a trade-off in a WLAN between speed and coverage. On agreeing a specification, you can commit that to Ringmaster, which then creates a new diagram and report showing exactly where to place each element (MPs etc) of the solution, even down to which ports on the MX switch to use. Neat, eh? And it works. The only missing element is an automated robot which then goes out and does all the donkey work. Security policies
Once the basic WLAN hardware is deployed, you can focus on the user management and security policies. The Trapeze Mobility system uses a combination of VLANs and user account policies to define which areas of the WLAN any given user or group is able to access. VLANs can be restricted to a single MP or spread across several MPs. A “Last Resort” configuration is provided to optionally allow any user access to the WLAN, but bypassing all network components apart from the Internet gateway – for those who simply want to scrounge Internet access! Trapeze also offers QoS/CoS policies – made easy, courtesy of providing a switch-based system – to enable bandwidth to be nailed down for specific applications, such as Voice over IP. Security options are many and varied. The industry standard – and globally slated – WEP (Wired Equivalent Privacy) key-based authentication is provided but not recommended by Trapeze. Instead it uses the IEEE 802.1X authentication which uses the EAP (Extended Authentication Protocol) and offers a full suite of secure authentication protocols. Importantly, the authentication occurs after a wireless client has associated with (connected to) an MP, but at the MP itself, so all activity, post IP address assignment, is authenticated and protected. We put the Trapeze Mobility system through a series of tests, including rogue MP/user detection, where it used the accurate plan of the network – as developed from the initial Autocad drawing – to identify the location of the rogue to within about two feet of office space. We also carried out real-world tests using concurrent 802.1a and .b configurations and were able to get around 15 metres outside the labs – through 60cm stone walls – and still attach at 5.5Mbit/s. This augurs well for scenarios such as offices in the city of London, where these kinds of physical barriers are plentiful. It also shows the need for a tightly authenticated, secure WLAN solution if you are to keep out unwanted users. Redundancy tests showed that a failed MP connection was failed-over in around 25 seconds with normal service then resumed. Of course, you can build multiple MP-paths into any VLAN to ensure – short of a major catastrophe – multiple connection paths are always available. Overall we were very impressed with the way that Trapeze has thought about WLANs with its Mobility System. This is genuinely a second-generation solution, one that has been designed to integrate with the existing network, rather than appear as some alien second network which begrudgingly converses with its wired cousin. what's more it has all the features you would expect to find in a corporate-level system, unlike some of the more obviously home-network oriented products.


If you have been stalling the introduction of a WLAN into your company because of deployment worries then the Trapeze system is definitely the one to look at, as it is specifically designed to deal with these issues. If you are looking for a more simplistic solution – say for branch offices, or specific departments - then a much cheaper “fat” AP orientated system, such as those from Linksys (now part of Cisco) will do the job.