Look, Ma ... No Wires

Wireless networking products prove they are finally ready for prime time

Until recently, wireless LAN devices have been regarded as niche-class products, or even just frivolous executive toys. But after the 802.11 High Rate specification (known colloquially as 802.11b) was finalized, vendors finally had a real selling point, namely 11 Mbps' worth of viable throughput. Hang onto your hats; wireless just got useful.

To get the skinny on the new wireless LAN (WLAN) segment, we issued our typical product-test call and got responses from five brave vendors. Most of these are pioneers in wireless LAN technology, because even though the 802.11b specification has been around for a year and is generating lots of industry buzz, you'll still see a number of product ship dates occurring in the second quarter of this year.

3Com sent a final preproduction edition of its AirConnect series. Aironet sent its mature and shipping 4800 series, followed by Cabletron's almost-as-mature RoamAbout line with the 11-Mbps upgrade. Lucent also sent its shipping 11-Mbps WaveLAN products. The last vendor included in this comparative review, Compaq, needs to be considered separately because they shipped an earlier level of the beta product than anyone else.

Nokia and Zoom were invited to participate, but neither responded in time for testing.

While functional, Compaq's WL series shouldn't be evaluated for purchasing based on this review--at least not until you've had a chance to experience the final shipping version. Judging from the direction Compaq has taken with the WL, these devices should be impressive and available by the time you read this, although we were unable to acquire such units in time for testing.

The State Of Wireless

As far as the state of the WLAN market is concerned, our advice is to tread carefully. For the most part, these products worked--and worked well. But they did so only within their own product families, meaning you're much better off purchasing PC Cards, hardware access points and management software from the same vendor--at least for now.

In fact, some rumormongers are saying that you're safest running these products not only within the same WLAN vendor family, but also with hardware from the same wired-network manufacturer (3Com's AirConnect with 3Com's OfficeConnect hubs and switches). But we're here to tell you that this just isn't the case. All these products were plugged into Intel or Cisco hubs and switches during testing and never encountered a problem. We found excellent results with backward compatibility, too. Using older, 2-Mbps 802.11 equipment from Bay Networks proved easy and reliable. But if wireless is so sunny, why the warning to tread carefully? The same old saw: competing standards.

While 802.11b is the corporate networking wireless medium of choice, it is facing competition and legislative battles from other standards, namely HomeRF and Bluetooth. Basically, high-speed wireless networking plays only in the 2.4-GHz frequency band. That's a problem because this band is limited to only 60 to 80 discrete channels at 1 Mbps, dropping savagely to only 3 channels at 11 Mbps. Stick three competing standards in there, as well as a slew of 2.4-GHz cordless telephone products, and you have trouble.

To summarize, 802.11b devices use Direct Sequence Spread Spectrum (DSSS) transmission, while HomeRF uses Frequency Hopping Spread Spectrum (FHSS). The major difference is that FHSS sends data over a 1-MHz carrier that "hops" from frequency to frequency within the 2.4-GHz band about 50 times a second. DSSS, on the other hand, stays fixed within a 17-MHz carrier channel, but sends out a lot of noise to cover that range, with its devices able to pick relevant data out from among this cyber fog. Finally, Bluetooth also uses FHSS transmission, but at a much more accelerated hopping rate than HomeRF.

Even though each standards body is using a different transmission methodology, they're still forced to compete for space and regulatory advantage with the FCC in order to provide longevity to their product lines.

At the moment, 802.11b is in the lead for corporate WLANs, but Bluetooth will be a big player in the personal area network market--meaning wireless connections between PDAs and desktops, laptops or printers. This may sound like home networking, but the PDA angle implies that users will want to run Bluetooth networking while in the office, making the resolution of Bluetooth and 802.11b a serious matter for network managers intent on deploying this technology right now. A similar quandary exists for telecommuters who standardize on HomeRF in their den, then want to take their notebooks on visits to the corporate headquarters.

Security And Room To Roam

Another sticking point in the WLAN specification is security. With hackers making the national headlines weekly, protecting wireless data streams is of the utmost importance. Vendors have answered this call with the Wireless Equivalent Privacy (WEP) encryption standard. They've even bolstered WEP's initial 40-bit encryption key to a meatier 128-bit key in recent product releases after a relaxation in encryption legislation. This looks great on paper, but we found other security problems that vendors haven't yet answered.

For one, with only three channels operating in an 802.11b scenario, building a device to jam all of them wouldn't be all that difficult. Indeed, the same denial-of-service attacks that have been busily frying Web servers the last few months could also be used to drain battery life from WLAN-dependent devices.

Some security experts will quickly point out that devising such an attack on the products tested here (the 802.11b camp) would be more difficult than we make it sound. First, hackers would have to find the appropriate radio frequency signal, which would typically be below ambient noise level in a DSSS transmission scheme. Then that signal would have to be rebuilt, which means breaking the 40-bit (or now 128-bit) encryption process. And then a hacker would still need an appropriate ESSID and IP address.

Again, that sounds difficult, but we encountered situations in testing that reveal it may be easier than you'd think. While testing Lucent's cards, we found that the PC Card WLAN Network Interface Cards (NICs) could use an ESSID browser, which basically polls the local area for any access-point device, then attempts to sync up. Left in default mode, some access points will automatically accept these newcomers. Considering that Lucent is the basis for Apple's AirPort WLAN series and is also very similar to Cabletron's RoamAbout series, this security hole covers a wide range of product types.

Then there is the question of roaming. When a wireless NIC accesses the network, it typically registers with a single wireless access point. But since wireless equals mobility, network managers must expect users to move around. Indeed, since most access points are rated for only 60 or 70 simultaneous users, network managers will want them to move around to save their access points from overload.

But what happens to users' connections when they move from one access point to another? In the cellular telephone world, this has often meant becoming disconnected if access points aren't spaced properly. And the data world adds additional complexity, namely that each access point must be wired into local networking hardware. This means that access points in different departments, different floors or even different buildings will most likely be on different subnets.

That represents a singular challenge to wireless LAN manufacturers in that the users' networking experience can't be interrupted with a new login screen every time they stray across subnets. Shockingly, no wireless vendor is presently capable of addressing this problem. Our testing showed that for roaming within the same subnet, these devices worked great. Handoff was seamless as long as proper overlap was maintained between access points.

But roaming across subnets is still an unanswered issue, and that's a critical weakness for enterprise deployment and one you should check out carefully before making any purchasing decisions. At the moment, there are only two ways around this problem. First, users will need to reconfigure their IP settings whenever they walk across subnet boundaries--not very attractive in most situations.

The second has a much better result, but requires the proper equipment in your data center. We're talking about placing all the access points on their own subnet, in effect creating a VLAN for only wireless users. But to do this, you'll need Layer 3 switches in your network capable of 802.1p tagging.

We tried this scheme ourselves at a recent Networld+Interop trade show, where access points were scattered all over the trade show floor and even some of the hotels, and had no trouble with roaming. But it sure was a far cry from plug and play. The bottom line: Be sure to plan carefully before attempting to integrate these devices into an existing enterprise campus.

Are They Ready?

So, with all these issues, are WLANs really ready for prime time? After testing these products for the last few months, we'd have to say yes, regardless of standards wars or security problems.

For one thing, the upgrade to 128-bit WEP encryption should severely slow down most cracking attacks, and vendors are continuously working to improve security in other ways. The same goes for standards implementation. Vendors like 3Com, Cabletron and Lucent all confirm their ability to keep pace with the standards war using only software or firmware upgrades, while keeping hardware-purchasing dollars safe. And while roaming issues pose a problem now, vendors are working on easier solutions even as we speak. In the meantime, you can work around it as long as you have the proper back-end equipment.

With throughput speeds competitive with 10Base-T and prices coming down from the stratosphere, we feel that these new wireless networking products can save you real money in many situations by avoiding wiring costs, as well as man-hour dollars for complex installations.

Using WLAN technology, IT departments can literally configure an entire remote office network at the central data center. Then they can send via overnight delivery notebooks, desktops, printers and access points to remote locations and simply have users turn on their devices. Presto! Instant network. Extend that scenario out to temporary offices, trade show and convention floors, and even executives who can't stay planted behind a desk, and you get the full picture. Sound the call; wireless LANs have grown up.

3Com AirConnect

In typical 3Com fashion, its AirConnect products are not only well made, but ambitious in scope. These devices have a competitive price and solid base performance. And 3Com has gone the extra mile in several areas pertaining to management and standards compliance. Unfortunately, the products we reviewed were late beta versions, although 3Com assured us that the hardware was production level. Even so, we encountered some difficulties with the installation software. Also, we were unable to test roaming because one of the access points died midway through testing.

When everything was functioning, however, you wouldn't have known these were beta-level products. 3Com begins its installation procedure with the advice to run a utility called Site Survey, which records the wireless connection quality at the installation site and uses this information to recommend an optimal number of access points for complete site coverage. Within our test space, this utility was superfluous, but it did give us good advice as to access-point placement--certainly useful in large office environments.

Installing 3Com's AirConnect access point was definitely the most difficult part of the installation process. 3Com has gone to great lengths to make these devices highly manageable and secure in a corporate environment, but the flip side of that coin is that you'll need to be familiar with these devices to configure them. That is made more difficult by 3Com's online-only documentation, which was quite terse and omitted random sections of instruction. Yes, it's terribly analog of us to yearn for paper documentation in this day and age, but online documents have never lived up to print quality in our experience, and 3Com's was no exception.

Initially, you'll need to connect via a serial cable and a terminal interface running at 19.2 Kbps. Unlike products that were easier to set up, such as the Aironet, this step involves setting up not only the access point's IP information, but security IDs and acceptable client configurations based on the Message Authentication Code (MAC) address. Frankly, 3Com isn't the only vendor in this roundup to fall back onto MAC addresses as a configuration step, but even so, we were disappointed. While there are certainly technical reasons for defaulting to MACs, we felt this was unnecessarily granular and unpolished for today's corporate environments.

Additionally, the only way we were able to get this device to work in a network running DHCP was to provide it with a static IP address, then disable this address in the DHCP server. 3Com's documentation indicated that the device supported DHCP, but like the Compaq WL series, attempting to connect this way crashed our DHCP server every time. Later, it turned out that this was due to our use of Ositis's WinProxy 3.0 as an Internet gateway server-cum-DHCP server and firewall. When we switched to Windows NT Server's native DHCP service, things ran smoothly.

Once the access point was configured, things took a turn for the better. Remote management of the access point offers a plethora of choices. 3Com's product includes a dedicated network-management tool, as well as the ability to integrate the AirConnect devices into its own Transcend network and systems-management framework. Additionally, you can also telnet into the device or use other network-management frameworks, as long as they support SNMP.

PC Cards installed with no problems, and we were up and connected on both test notebooks within 10 minutes of installing the access point. Throughput performance was in line with the rest of the pack, although distance wasn't as great as that of the Aironet. On the other hand, 3Com doesn't claim a 500-foot max distance, just 300 feet in typical office environments. Our connected wanderings bore out this claim and with an additional benefit over the Aironet. Where the latter simply disconnected when taken beyond its range limit, 3Com's AirConnect actually defaulted to its 2-Mbps speed first. This allowed us an extra 100 feet or so of traveling distance before the device disconnected.

To Continue