The Aruba 5000 switch can communicate with and manage APs directly connected to its switch ports, as well as those that are accessible across a Layer 2 or Layer 3 infrastructure. Third-party APs are supported, though you won't be able to take advantage of some of the system's management capabilities. A simple DNS lookup lets newly booted Aruba APs find 5000 wireless switches on their own networks or across routers using GRE (generic routing encapsulation), as well as retrieve their appropriate configuration files automatically.
Aruba positions itself as combining advanced automated site-survey capabilities similar to Trapeze with real-time infrastructure optimization similar to Airespace. Although its capabilities are not as advanced as those offered by Trapeze, Aruba can import floor plans, develop a 3-D radio model and make an initial recommendation on AP placement.
Once APs are installed, dynamic calibration of RF characteristics is performed to correct coverage problems and interference issues by altering power outputs and channel allocation. Dynamic load balancing can also be invoked if user density in the proximity of a single AP becomes too high. Unlike Airespace, which uses each AP for both network connectivity and RF monitoring, Aruba configures a limited number of APs to function as "Air Monitors." Air Monitors can switch dynamically to AP-mode if needed to enhance system availability if an AP fails. Although this approach does increase system cost by a modest amount, Aruba argues that separating AP functionality from Air Monitoring functionality in hardware eliminates the possibility of extra overhead and the subsequent performance degradation associated with performing both tasks inside a single AP.
The Aruba 5000 Wireless Switch supports a full array of security standards. Like other products, the 5000 offers 802.1x, WPA, AES and captive portal Web authentication. Aruba makes VPN access simpler to deploy and use by making Aruba's VPN dialer downloadable via a customizable captive portal Web page. But what makes Aruba unique is its per-user stateful firewall capability: Full role-based authentication is supported, with roles configured via stateful firewall policies. This provides the most granular range of access control of any product in this roundup.
Like Airespace's, Aruba's wireless switch is also capable of rogue-device detection and can prevent its users from associating with illegitimate APs. Unique to Aruba is the system's ability to perform real-time distributed packet analysis on a per-AP or per-user basis using Ethereal's protocol analyzer. Aruba plans to add support for WildPackets' AiroPeek analyzer in a coming release.