Wireless security is the main obstacle to adoption in many environments. Although the press has focused almost exclusively on the vulnerabilities of WEP (Wired Equivalent Privacy), that's not the biggest problem. In fact, interim fixes to WEP have made it difficult for attackers to break the encryption keys. More problematic is the rather crude design of 802.11 security systems. The WEP static-key architecture, which lets you define four distinct keys on APs and clients, is nearly impossible to manage when you have more than 20 wireless devices. Likewise, security schemes built around MAC (Media Access Control) address access lists are difficult to administer and are vulnerable to MAC address spoofing.
AP Security Features and Capabilities
click to enlarge
|
More advanced security systems combine authentication and privacy (encryption), usually using 802.1x as a mechanism for passing authentication credentials to a back-end RADIUS server and letting it dynamically dole out encryption keys. Support for 802.1x is usually found only on high-end APs, though it is beginning to appear in lower-cost offerings. Also of interest is growing support for the Wi-Fi Alliance's WPA (WiFi Protected Access) security standard, which provides a subset of the functionality expected in the emerging 802.11i security standard.
Most vendors simply integrate a radio into the AP's main system board, but a few take a modular approach, using Cardbus or mini-PCI interfaces. Proxim and Enterasys, for example, offer dual-slot designs that let you mix and match radios. Cisco offers an alternative in the 1200-series AP, which includes an integrated 11b radio and a mini-PCI slot for another radio.
Most APs are designed to provide network connectivity to wireless clients, but some provide additional features, including bridge and repeater modes. An AP that functions as a bridge can join two Ethernet networks--perhaps LANs in two buildings separated by a road. Some APs can act as APs and bridges at the same time. With repeater functionality, you can extend the effective range of your wireless system by repeating the wireless signals, but you will pay a price in additional packet overhead.
One of the more significant differentiators between consumer and enterprise-grade APs is support for POE (Power over Ethernet). This lets you run data and power over the same twisted-pair cabling bundle, which means you can install an AP in any location without having to worry about the location of AC power outlets.
Other features have appeal for enterprise deployments. Many newer APs support multiple virtual LANs, letting you provide secure and open access on the same AP. For example, you might define a VLAN for guest access to provide visitors with external Internet access. It's also common to see a variety of filtering and class-of-service and quality-of-service capabilities on high-end systems.