A day with Airespace in Cisco's lab
by Erik Parker
The goal for the day was to see how the initial setup and configuration of the Airespace product line was. At one of my current contracts we have been looking at moving away from a fat access point based network to a switch based network using thin access points. Deploying the network across the country at dozens of regional offices and centrally managing from our primary data center where all of the WAN links terminate was a primary goal.
We were looking at pre-release firmware that hasn't changed too drastically from what is on the market today, but does have a lot of enhancements to the location tracking technology.
The software was still in QA on Cisco's side I believe, but it looked good, was very easy to use, and gave us no problems.
We setup a small lab with a Cisco 4100 Wireless LAN Controller, 4x Cisco 1000 Series Lightweight Access Points, and utilized Vmware to setup a Windows 2003 server with IAS for radius, DNS, and DHCP. We also had a Windows 2000 server for Cisco's Wireless Control System Software.
While it seems like a lot.. the main piece to concentrate on is the Controller. You don't need WCS really unless you're going to have multiple controllers or want some of the more enterprise oriented features. You can get by with just a controller and some AP's for small to medium sized businesses.
The controller setup was pretty amazing, it took about 5 minutes to do the initial console config of giving it a name, IP, subnet, and general purpose in life. Reboot, and head to the web interface of the controller. Very easy interface, not too much clutter, options are very easy to understand (Even for non-wifi engineers), and the feature set was pretty good.
The real power seems to come from the WCS software at an enterprise level, letting you maintain the entire network, watch the units, deploy new networks, trending, rogue detection, etc. Their location tracking is very accurate as well. I took a glance at the Cisco HQ WCS box and was amazed to see how well it worked and looking at their rfid asset tracking tags moving around the office, etc.
The overall trip was good, and there are far too many details to log here. I'll bullet some key product points I really like:
- You can terminate Cisco VPN directly to the switch with crypto module
- You can scan for rogues while servicing users
- The central management is very easy and clean
- You can have AP's across routers (Unlike Symbol, which requires Layer 2 connections)
- If the AP can't find a controller via DHCP option 43, multicast, DNS, caching, or a few other options.. It'll do OTP (Over the air provisioning). While I'd never in my life use OTP, I just thought it was cool.
- You don't need to setup any VLANS to service dozens of SSID's
- You can do several different crypto combos on a single AP (WPA, WPA2, Clear)
- The controller is Linux based
- It uses N+1 for failover
- We could technically (Although, I would never do it.. Another thought that was just kind of cool) deploy wireless across the country and have a single subnet that spanned an entire country. (You would have to have each AP tunneling back to the home controller. Just think that you could be on wifi in Boston, and another person on wifi in Los Angeles is in your broadcast domain and shows up as a single hop away)
- The simple fact that you can unpack the boxes, configure, and have a fully operational 10 access point network and controller/switch online in under an hour.
The couple of down sides that I have off of the top of my head are:
- The captive portal isn't a huge feature and due to that, isn't very customizable for guest access. It also only has a radius backend.
- You can't route wired ports through this device for captive portal, like you can with devices like a Bluesocket (Which was built specifically for captive portal)
- The security features are a nice add-in and provide a lot of valuable information, but still aren't a complete match to products built specifically for that purpose, such as the AirDefense product line.
The bottom line is that the industry is moving toward switch based wireless solutions, and Airespace is the best way I've seen to go. Aruba has a nice product offering, but it's still not quite mature enough. Symbol still seems to be geared toward warehouses and not really servicing the end user. Their product was extremely lacking.
What about Trapeze?
I didn't see it in your list of other choices.
What about Trapeze?