Wireless Switching System Level Deploymrnt.

Wireless Switching System-Level Deployment

WHITE PAPER

As today’s IT managers seek to empower an increasingly mobile workforce, there is an urgent need to deploy wireless solutions that provide the same degree of traffic control, security, and manageability as wired networks. Until recently, providing this level of business-class performance in a wireless network required IT to proceed through an array of time-consuming, manual design and deployment steps followed by time-consuming management and troubleshooting to solve ongoing wireless network issues. The 3Com® Wireless LAN Mobility System embeds intelligence directly into the network, enabling IT staff to automate the manual processes of the past and quickly design, deploy, and manage their wireless LANs. Using this structured approach to wireless LAN development, organizations of all sizes can quickly deploy the wireless environment that’s best suited to meet their changing business needs.



The Limits of Current Wireless LAN Design

Most wireless LAN designers traditionally rely on a trial-and-error approach to design and deploy wireless LANs (WLANs). Initially, an IT manager performs an informal survey of the site, considering radio frequency (RF) obstacles and building materials, followed by an ad-hoc location evaluation coupled with estimates of where to place the wireless access points (APs). A time-consuming staging process follows, during which the IT manager unpacks APs, individually configures them, assigns channels, and installs them in their approximate locations. Next, the IT manager performs a more formal site survey, walking around the office with a wireless-enabled laptop and using site survey software to take manual RF signal measurements at various points throughout the building. Manual site surveys can take a great deal of time, and address only one aspect of wireless network requirements— the area the RF signal covers. After the site survey, the IT manager compares the results of the formal survey to the initial estimates and initiates a finetuning process of attempting to select the correct channels to provide the maximum coverage with a minimum of co-channel interference. Then AP placement is manually adjusted and rechecked for coverage.



This iterative approach is especially problematic for large organizations with many users or with very large areas. For most organizations, this entire process requires periodic checking to make sure that conditions haven’t changed, and that an employee hasn’t installed any unauthorized equipment that interferes with the network.



CONTENTS The Limits of Traditional Wireless LAN Design.......................................1 Today’s Structured Approach...........................1 Step 1: Determine a Topology.........................2 Step 2: Initiate Network Planning ...................5 Step 3: Configure the WLAN ..........................7 Step 4: Deploy the Network ...........................9 Step 5: Manage the Network .........................9 Conclusion ...................................................11



Today’s Structured Approach

Growing, successful businesses demand a more structured and scalable approach to wireless LAN design. As wireless LANs in the enterprise proliferate, IT managers must apply the same structured, scalable approach to planning and design as they do to the wired infrastructure. 3Com’s wireless switching solution, the 3Com Wireless LAN Mobility System, enables IT to employ a structured approach to move beyond time-consuming, hit-or-miss manual design processes. This approach consists of the following steps: • Step 1: Determine the topology • Step 2: Initiate network planning • Step 3: Configure the WLAN • Step 4: Deploy the network • Step 5: Manage the network



FREEDOM TO CHOOSE A BETTER NETWORK



1



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



Step 1: Determine the Topology



Every business environment is different in terms of the number of users, the office floorplan, or even the materials used to construct the building. That’s why the 3Com Wireless LAN Mobility System gives IT administrators flexible deployment options for designing a WLAN. Its architecture ensures that security, mobility, and other critical WLAN functions will operate in any topology and in any building site. Key to the 3Com Wireless LAN Mobility System are the 3Com WLAN switches and controllers, where some key system intelligence resides. These platforms can support a variety of data center and wiring closet topologies. The centralized deployment in Figure 1 features the 3Com Wireless LAN Controller WX4400 in the data center, at the network core. Organizations can also deploy 3Com wireless LAN controllers or switches in wiring closets for a distributed environment, as shown in Figure 2. 3Com Wireless LAN Managed Access Point 2750 devices support both topologies because they can be directly and/or indirectly attached to 3Com WLAN switches or controllers, ensuring that the solution will operate well in any design. Many organizations will choose a combination of centralized and distributed network design.



Factors Impacting Topology Choice

A variety of factors impact the decision of which wireless platform to use.

Topology Preference



IT organizations often advocate one topology over another. Some prefer a centralized deployment with as many resources in the data center as possible. Others prefer a distributed topology where network resources are in the wiring closet. An organization’s topology preference will help determine its choice of wireless platforms. As a general rule, consider the advice “centralize for price, distribute for performance”. A centralized approach can initially be more cost effective, but since all traffic must pass through the controller, there can be performance issues. Placing wireless switches closer to the network edge supports faster roaming and higher performance between managed APs by distributing the traffic. However, this approach can initially be more expensive. The 3Com Wireless LAN Controller WX4400 and the 3Com Wireless LAN Switch WX1200 are designed to be effective in both centralized and distributed topologies, and can be mixed and matched in any combination.



FIGURE 1. Centralized WLAN Deployment: The 3Com Wireless LAN Controller WX4400 is deployed at or near the enterprise network, in the data center.



3 Stack ® Super R 00 PW 3Com ch 44 Swit

®



3

3C17203



SuperStack



3

3C17203



SuperStack



3

3C17203



SuperStack



Floor 1



N ess LA Point Wirel ess 3Com aged Acc Man devices 2750

Switch 4007



LAN

Clie eless nts

3 Stack Super PWR 00 3Com ch 44 Swit



C



lients



ion regat Agg ch Swit

ess 4400 Wirel r WX 3Com Controlle LAN



Wireless 3CRWX440095A



LAN Controller



WX4400



Wir



ess LAN Wirel h Manager Switc



3

3C17203



SuperStack



Corporate Backbone



3

3C17203



SuperStack



N ess LA Wirel ager 3Com an ch M Swit



3

3C17203



SuperStack



Floor 2



ti entica Auth er Serv



on



Data Center



N ess LA Point Wirel ess 3Com aged Acc Man devices 50 27



LAN



Clien



ts



2



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



FIGURE 2. Decentralized WLAN Deployment: The 3Com Wireless LAN Switch WX1200 is deployed at the edge of the enterprise network, in the wiring closet on each floor.



3 rStack ® Supe WR 00 P 3Com ch 44 Swit

®

3CRWX440095A



Wireless



LAN Controller



WX4400



3

3C17203



SuperStack



3

3C17203



SuperStack



less X440 Wire er W 3Com Controll LAN



0



3

3C17203



SuperStack



Floor 1



N less LA s Point Wire es 3Com aged Acc Man devices 2750

Switch 4007



LAN

Wire less C lients



C



lients



tion rega Agg ch Swit



ess LAN Wirel h Manager Switc



Corporate Backbone

3 Stack Super PWR 00 3Com ch 44 Swit

Wireless 3CRWX440095A LAN Controller WX4400



N less LA Wire ager 3Com an ch M Swit



less 4400 Wire r WX 3Com Controlle LAN



entica Auth r e Serv



tion



Data Center



3

3C17203



SuperStack



3

3C17203



SuperStack



3

3C17203



SuperStack



Floor 2



N less LA Point Wire ess 3Com aged Acc Man devices 2750



LAN



Clien



ts



Initial Wireless LAN Size



Centralized deployment is an ideal starting point for large organizations that wish to create a wireless foundation then build on it. A business can install a WX4400 WLAN controller in the data center and populate only specific areas, such as conference rooms or common areas, with 3Com managed access points (managed APs). IT staff can monitor usage growth and traffic patterns and then decide to purchase an additional managed AP license or to purchase and deploy 3Com wireless switches in a distributed configuration. Upgrade licenses for each WX4400 controller can be purchased in 24-managed AP increments; each controller supports up to a total of 96 managed APs per WX4400 for cost-effective scalability. Smaller or remote branch office LANs would typically deploy a distributed topology with the 3Com Wireless LAN Switch WX1200. The wireless switch ships with a maximum support for 12 managed APs.

Access Point Density



number of users that must be supported, balanced against cost considerations. A few managed APs will usually suffice for simple coverage that allows many users to share each radio. With a few managed APs in a given area, organizations can centralize the wireless switch in the data center. Additional managed APs might be required for larger numbers of users and for VoIP capability.

Power Over Ethernet and Device Management



PoE alleviates the need for a power plug-in at each individual AP. A switch with PoE ports, such as the 3Com SuperStack® 3 Switch 4400 PWR, or any standard 802.3afcompatible device (3Com offers a variety of external and alternate PoE sources), will supply both power and data over the Ethernet cable. For long-term flexibility, PoE devices should supply enough power for dual-radio access points, which require about 8-10 watts. For IT organizations that put a premium on managing fewer devices, distributed 3Com WX1200 switches with integrated PoE are an excellent fit. Any deployment utilizing 3Com WX4400 controllers should have PoE in the wiring closets.

3



The number of managed APs needed in a wireless LAN depends on the level of performance an organization requires and the



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER

Data Security



Although physical links can be used to launch an attack, the wired network is traditionally considered a trusted medium. Physical access to the premises is restricted, wires and cables are hidden in conduits, and assets are locked away in wiring closets and data centers. This is not the case with WLAN radio transmissions, which are broadcast over open airwaves. Data sent over a WLAN is accessible to RF sniffers; and connections can be spoofed by “rogue” (unauthorized) APs. However, the 3Com Wireless LAN Mobility System fortifies 3Com’s already strong wireless security features. Its 3Com Wireless Switch Manager WLAN management software and associated network components protect WLAN transmissions from intruders with strong encryption and authentication capabilities while RF scanning tools will search for unauthorized APs.

Link Resiliency



IT managers can also choose to implement redundant software protocols such as PerVLAN Spanning Tree (PVST+) and Load-Sharing Port Groups to support compatible redundant physical interfaces into the wired network. Support for PVST+ allows traffic belonging to individual VLANs to flow over different paths within the virtual bridged LAN. The IT manager can configure Load-Sharing Port Groups to provide load sharing and link redundancy from the wireless switch to the wired network. In addition, IT can configure the Spanning Tree Protocol (STP) Sticky Bit enhancement to keep links from constantly resetting (flapping) on STP topology changes.

Voice and Quality of Service



With the 3Com Wireless LAN Mobility System, organizations can group multiple controllers and switches into a Mobility Domain to communicate with one another and with the wired network’s authentication, authorization, and accounting (AAA) systems to share user and group authentication information across the entire network infrastructure. For organizations that require a high degree of robustness, the solution’s Mobility Domain architecture supplies network resiliency with load balancing and traffic routing among controllers and switches. Using the 3Com Wireless Switch Manager, IT can plan for sufficient capacity so that the failure of a given AP reduces capacity but not availability of the WLAN in the affected coverage area. During deployment planning, IT managers can use the application’s software tools to illustrate the impact of reduced RF coverage by hiding the RF contours for a selected AP. They can also review the coverage of each AP’s RF contours at the minimum association rate, highlighting the overlap of radio signals, to account for any possible failures before the solution is deployed.



Organizations that are deploying a wireless LAN to support voice services should consider the impact of their wired network infrastructure on wireless Voice over IP (VoIP) traffic. The 3Com Wireless LAN Mobility System supports voice applications today and provides the seamless roaming support needed for wireless-based voice traffic. 3Com WLAN switches and controllers use sophisticated Quality of Service (QoS) features to mark priority traffic, and 3Com managed APs, with multiple queues per user, prioritize voice traffic as well.

Capital Cost



Cost is always an issue for businesses, and the initial capital expenses for distributing wireless switches in wiring closets may be higher than selecting a centralized approach in the data center. 3Com supports either choice, with capital equipment expenses more than offset by the ongoing deployment and administrative cost savings garnered from the configuration and management capabilities of the 3Com Wireless LAN Mobility System.



4



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



Step 2: Initiate Network Planning



Wireless LAN planning is the next step in a structured deployment approach. The 3Com Wireless Switch Manager offers a fullfeatured planning and pre-deployment tool suite that automates this step, providing everything IT managers need to design and manage a wireless network. The planning step involves these tasks: • Defining site requirements using imported floor plans • Designing the wireless LAN by determining managed AP number and location • Generating a work order



Import the Floor Plan and Create RF Obstacles

First, the IT manager imports AutoCAD, JPEG, or GIF floor plan files to design the wireless LAN offline. The 3Com Wireless Switch Manager includes a wizard-based Virtual Site Survey and automated coverage and capacity planning tools to simplify the planning stage. The management application also includes a library of attenuators for building obstacles, including doors, walls, ceilings, and other physical obstructions which absorb RF signals. Software factors in the impact these objects have on RF flow and signal loss through a given facility. IT managers can convert objects in the drawing into RF obstacles or create custom RF obstacles not on the floor plan and assign each an obstacle type and attenuation factor. They can also customize attenuation factors to accommodate unique requirements for their organization.



FIGURE 3. Creating a WLAN Plan: Importing AutoCAD Floor plans help ensure scaled, accurate RF planning and modeling



Calculate Placement and Number of Managed APs

The 3Com Wireless Switch Manager automatically determines how many 3Com managed APs need to be installed in any part of a building, taking into consideration the RF obstacles, RF coverage for a given data rate and protocol (802.11a, 802.11b or 802.11g), and capacity plan based on the number of users and their bandwidth demands to find the optimal balance between radio density and user performance.



Using an iterative algorithm process, AP coverage is automatically checked using the maximum allowable transmit power. If 90 percent or more of the area is not covered, the program adds another managed AP, and re-positions existing managed APs. The process repeats until the defined area is adequately covered, then AP coverage at maximum power is checked to determine if any APs can be removed. With the powerful graphical interface, IT staff can accurately evaluate coverage levels and base wireless association rates, and see how they change when managed APs are moved to different locations. IT can also specify redundant managed AP connections to one or more WLAN controllers or switches for added network resiliency.



FREEDOM TO CHOOSE A BETTER NETWORK



5



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER

The 3Com Wireless Switch Manager also automatically assigns Service Set Identifiers (SSIDs), radio frequency channels, and power levels to each managed AP. The channel assignment algorithm assigns nonoverlapping channels to neighboring managed APs, including APs on different floors and third-party APs, from the selected channel set, minimizing same-channel assignment. IT can factor in cross-floor attenuation and 802.11 recommendations in assigning channels.



Create a Work Order

Next, the 3Com Wireless Switch Manager creates a work order that shows exactly where to install every managed AP as well as the , location of the WLAN switches and/or controllers. This detailed work order lets IT staff easily install the WLAN, in the right physical locations. Administrators can create a work order as an HTML file, or as a printable document, for use both online and offline. Additionally, the work order also includes reference WLAN switch and controller setup configuration information and projected Received Signal Strength Indication (RSSI) information, useful for verifying installation. However, there is no need to manually configure the individual managed APs as part of the installation. managed AP configuration will occur as a centrally directed automated process in a later step.



FIGURE 4. Creating a Work Order: The work order provides all of the necessary information for the physical installation of the WLAN.



6



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



Step 3: Configure the WLAN



Wireless LAN configuration is the next major step after choosing a network topology and developing the network planned equipment. Using the 3Com Wireless Switch Manager, IT staff perform the next two tasks in the process: • Creating and configure virtual LANs (VLANs) • Configuring authentication, authorization, accounting (AAA)



Configure AAA

The 3Com Wireless LAN Mobility System integrates tightly with an organization’s existing back-end AAA infrastructure, making use of attributes that reside in AAA servers to prove user identity and user-based services. The 3Com wireless solution supports 802.1X authentication and MACbased authentication for clients that do not support 802.1X. Examples of supported 802.1X authentication protocols include EAP-TLS, PEAP, and EAP-TTLS. The wireless solution also supports Web authentication and bonded authentication. 3Com’s Identity-Based Networking approach to secure mobility uses information from the authentication system to map users to their native VLAN, regardless of where they are connected in the wireless network. 3Com’s innovative approach gives IT the ability to locate and follow users as they move, and applies security contexts unique to that user. This a fundamental change: attributes such as VLAN membership that are traditionally associated with physical ports now follow the user, independent of the network attachment point or medium (wired or wireless). The Identity-Based Network architecture seamlessly integrates into the wired network infrastructure. IT managers do not have to change the backbone configuration or spread VLANs everywhere as other approaches require. Router configurations and access control lists (ACLs) do not change or have to be recreated. A subnet remains a subnet—it includes the same group of users whether wired or wireless. Nor do AAAbased solutions require changes to IP addressing. WLAN users get their IP addresses from the same DHCP server or a wireless switch, whether they are wired or wireless, and not from a NAT appliance where the IP address constantly changes as they move. IT staff can centrally configure Mobility Domain AAA policies for wireless network users and groups using the 3Com Wireless Switch Manager and then propagate those rules to 3Com WLAN switch and controller databases to enforce the security of the enterprise network.



Create Virtual LANs

The first important configuration task is creating and configuring VLANs. A VLAN permits a group of clients to share a common broadcast domain regardless of their physical location in the network. The 3Com WLAN Mobility System lets IT managers seamlessly integrate the WLAN into their existing wired networks. One critical factor in providing seamless integration is the level of effort needed to support VLANs wirelessly. With the 3Com solution, the IT managers can support all existing wired VLANs without changing any existing router port configurations, adding any new routing protocols to the network, or modifying any client configurations. The solution supports VLANs that span multiple physical LANs and all portions of the WLAN, regardless of their physical attachment to different Layer 2 or Layer 3 switches. No switch or router ports need to be reconfigured to support VLANs in the 3Com solution. VLANs must have a connection to the 3Com Wireless Mobility System through one wireless switch, the 3Com infrastructure then makes the assigned VLANs dynamically available to users wherever they roam. IT managers can use 802.1Q tagging support on the wireless switches to interoperate with the wired LAN switches and thereby extend all VLANs to the WLAN. The system supports the full 4,096 VLANs available in the 802.1Q standard release. IT staff can also add ports or groups to a VLAN. After adding a port or port group, they can also assign one or more tag values to the port or port group. A tag is a numeric value that identifies a virtual port within the VLAN. The same VLAN can have different tag values on different ports. The 3Com Wireless Switch Manager has the unique capability to handle different 802.1Q frame tags for the same VLAN ID on the same port. This allows the VLAN to support wireless users with different encryption types on a single port. IT can also use the 3Com Wireless Switch Manager to move or modify VLAN members, using pull-down menus.



FREEDOM TO CHOOSE A BETTER NETWORK



7



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER

Authentication Authorization



Authentication provides user identification and assurance that users are who they say they are using methods such as checking usernames and passwords or initiating a challenge-response mechanism. Network users can be authenticated by 802.11 preshared key, Web authentication, 802.1X, MAC address, or other methods if the user device does not support 802.1X. Authentication is performed by a central Remote Authentication Dial-In User Service (RADIUS) server or by the local user database in the 3Com WLAN switch or controller. However, 3Com recommends using RADIUS servers to accommodate larger numbers of users in enterprise networks. Although Web authentication is not as secure as 802.1X, it still allows complete AAA functionality, including directing a user to a particular VLAN or subnet and enforcing other security authorization attributes, such as time of day, encryption type, ACLs, and location-specific policies.



Authorization controls network access by methods such as per-user ACLs, VLAN membership, and session timeouts. Authorization must always be performed for network users because, at a minimum, they must be authorized to use a VLAN. Authorization is automatically configured to use the AAA method defined in the corresponding 802.1X authentication method. Using the 3Com Wireless Switch Manager, IT can add user-specific attributes to the central WLAN database: • VLAN name – The VLAN the user is assigned to by default. • Mobility Profile – Specifies which managed AP or LAN authentication ports a user or group can use, allowing administrators to dynamically apply access permissions based on attributes returned by the AAA server. • Encryption type – Specifies one or more encryption protocols—TKIP WPA, or , AES—assigned to each user or group. • Time-of-day access – Controls and restricts user or group access to the WLAN at predetermined times on an hourly, daily, or weekly basis.

Accounting



Accouting records the start and/or end of a user’s session and stores the records on the local 3Com WLAN switch or controller database or central RADIUS server. After administrators have defined individual users, they then define RADIUS server groups. The 3Com Wireless LAN Mobility System lets them specify up to four RADIUS server groups for AAA services; at least one group must be assigned to each user.



8



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



Step 4: Deploy the Network



After planning and configuring the WLAN, the next major step is to deploy the network. Using the detailed work order created by the 3Com Wireless Switch Manager, IT managers can deploy scores of switch configurations and thousands of Mobility Profile configurations in one step from a central point. The software automatically applies security policies, radio channel and power settings, and roaming profiles for users. Key deployment steps are as follows: • Install and initialize 3Com Wireless LAN Switch WX1200 and 3Com Wireless LAN Controller units and configure them for IP and SSL connectivity. • Install 3Com Wireless LAN Managed Access Point AP2750 units and connect them to the wired network. Connect them either directly to a 3Com wireless switch port, or to a wiring closet switch with mid-span PoE. • Propagate the network plan to the 3Com managed APs, WLAN WX1200 switches, and WX4400 controllers and update the wireless switch connection information to the “managed” state.



After installing and connecting the wireless network infrastructure, IT staff can then verify their network configurations. The network management suite includes tools to enable them to quickly resolve any synchronization errors, as well as change tools to upload additional wireless equipment configurations if needed.The 3Com Wireless Switch Manager tool suite automates the configuration and deployment of wireless equipment, building configuration files during the planning process. Once IT approves the plan, those configuration files are complete, and the software provides a one-click deployment process for sending the files to the equipment. And because the system provides centralized image and configuration deployment, upgrades and downgrades are also easy for administrators to perform.



Step 5: Manage the Network



After the network has been configured and deployed, the 3Com Wireless Switch Manager greatly simplifies running the wireless LAN, using advanced network management, reports and statistics to ease ongoing RF and user administration—significantly reducing the total cost of owning and operating a wireless network.



The enterprise tool suite collects session information across the Mobility Domain, providing instant access to location and performance statistics by user, user group, VLAN, or any other grouping IT desires.

Detecting RF Sources



RF Management

To provide automated air and RF management, the 3Com Wireless Switch Manager automates a variety of functions, including: • Dynamic RF channel assignment • Automatic transmit power control • Auto load balancing • Self healing around managed AP outage • RF redundancy • RF source detection and classification, including rogue APs



IT staff can use the 3Com Wireless Switch Manager to identify possible RF sources that can jeopardize either the performance or security of the network. Some examples of these include: • Adjacent WLAN implementations from other corporations • Benign sources such as cordless phones, Bluetooth wireless devices, microwave ovens, baby monitors • Sources of more concern, such as ad-hoc WLAN user groups and rogue access points



FREEDOM TO CHOOSE A BETTER NETWORK



9



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER

Detecting Rogue APs



User Management

After adding users to a watch list, administrators can see information about users and the managed APs that they have been associated with during their sessions. Administrators can select a specific user and view his or her session roaming details. The 3Com Wireless Switch Manager locates users by performing an RF sweep of the environment and collecting all the RF signals heard throughout the network. IT can find a specific user by querying the software using the user’s login name, IP or MAC address, or both. The program will display the user’s location on the floor plan based on the received signal strength. It also displays other user information, such as the AP the user is currently associated with; IP and MAC address; network usage statistics including data about packets, octets, and errors; and current session state, such as fully authenticated, attempting to authenticate, and so on. When the user is logged into multiple devices, the program displays all instances of that user. The 3Com Wireless Switch Manager also maintains user data over multiple sessions with the WLAN. The software tracks roaming history, listing all APs each user associated with. This historical data helps IT to isolate network problems on troubleshooting calls. IT staff can also define a session timeout for users as a specific authorization attribute defined in the AAA server, or terminate an unauthorized user’s session and force them off the network. The IT manager can use the 3Com Wireless Switch Manager graphical user interface or command-line interface commands to end the session by de-authenticating and de-associating the user.



A rogue access point is an access point that is not authorized to operate in the airspace. Rogue APs undermine the security of an enterprise network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity. These APs can also interfere with the operation of the wireless network. The 3Com Wireless Switch Manager alerts network administrators when rogue APs appear, enabling them to detect and manage these security risks.The application also enables administrators to use RF countermeasures to deny service to or from a targeted rogue AP. When a rogue AP is detected, the closest 3Com managed AP performs the RF countermeasure. By spoofing various 802.11 control messages, the countermeasures prevent client association and authentication attempts to the rogue AP and disrupt communications between them.



Network Monitoring

The 3Com Wireless Switch Manager enables administrators to exercise pinpoint control over the complete WLAN Mobility Domain. IT staff can verify network status, using the tool to create topology reports, inventory reports, and provide a status summary. They can manage network events, filtering according to event type, and maintaining and exporting log files. Administrators can also monitor network statistics using the Performance Monitoring tool, which allows them to collect data for an object that they select and enable load balancing.



10



FREEDOM TO CHOOSE A BETTER NETWORK



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



Conclusion



The 3Com Wireless LAN Mobility System delivers the intelligence and features that let IT managers design, deploy, and manage wireless networks without the timeconsuming, manual processes of the past. By employing a structured approach to planning and deployment, IT can provide a wide array of benefits to their organizations: • Easier planning and deployment Automated planning tools ease design, configuration, and deployment headaches, while reducing deployment time and controlling administrative costs. • Comprehensive network and user management - Intelligence embedded in 3Com WLAN switches, controllers, managed APs, and administrative tools enables IT managers to exercise complete network and user control, applying the same standards to the wireless network as they do on their wired infrastructure.



• Enterprise-grade security - Advanced AAA and encryption helps administrators safeguard critical business resources for maximum network reliability and performance. • Standards-based implementation - The wireless switching solution has no proprietary vendor lock-in, ensuring maximum interoperability and scalability. • Scalability with growth - Designed for growing organizations, the 3Com solution scales easily to support thousands of users and future wireless LAN capabilities, including voice and other multiservice applications.



FREEDOM TO CHOOSE A BETTER NETWORK



11



3COM ® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER



3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064 To learn more about 3Com solutions, visit www.3com.com. 3Com is publicly traded on NASDAQ under the symbol COMS.



The information contained in this document represents the current view of 3Com Corporation on the issues discussed as of the date of publication. Because 3Com must respond to changing market conditions, this paper should not be interpreted to be a commitment on the part of 3Com, and 3Com cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only; 3Com makes no warranties, express or implied, in this document. Copyright © 2005 3Com Corporation. All rights reserved. 3Com, the 3Com logo, and SuperStack are registered trademarks of 3Com Corporation. Exercise Choice is a trademark of 3Com Corporation. All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice. 503137-01 01/05