Introduction to Wireless Switching

Introduction to Wireless Switching WHITE PAPER Manageable, Scalable Wireless Networking for the Enterprise Until recently, management and security concerns have frequently limited wireless networking to small and home office environments. A wireless switching solution can enable organizations of all sizes to overcome the limits of first-generation wireless LANs. Wireless switching delivers a robust combination of user-based management, strong centralized control, and network-wide security policies. The 3Com® Wireless LAN Mobility System provides all the components IT managers need to deploy a manageable, secure wireless network that equals a wired network. The wireless switching solution reduces capital and operating expenses, while improving performance and efficiency, all without compromising security. The 3Com solution is designed to integrate seamlessly with existing networks, provide a flexible choice of deployment options, and scale to support new applications well into the future. Introduction Wireless networks have proven their ability to deliver increased productivity, convenience and freedom of movement to users and network installation flexibility to IT staff in organizations. However, managing wireless networks has all too often been time-consuming and cumbersome, especially in large enterprise environments. Traditionally, wireless networks have consisted of standalone access points (APs) servicing groups of wireless users in a virtual LAN (VLAN). While these APs have some security and local management capabilities, they lack the capability to track users, manage bandwidth performance, or control security policies across the enterprise. Furthermore, each AP must be configured separately. As a result, wireless networks are often less secure, more complicated to use, and more costly to maintain than they could be. Wireless switching is a breakthrough technology that brings real benefits to LANs of any size by addressing the limitations of wireless networks for the enterprise. Wireless switching makes large-scale, costeffective, secure wireless deployments possible for the first time because it brings strong centralized control, user-based management, scalability, and network-wide security policy enforcement capabilities to the wireless infrastructure. When Wireless Switching Makes Sense While current wireless networks are appropriate for small and home office environments with relatively few APs, organizations should consider taking the next step and deploying a wireless switching solution if their business or network matches any of the following characteristics: • Has stringent security concerns • Fits a high-security or complex enterprise LAN profile • Contains APs in sufficient numbers that management becomes an issue • Has a complicated radio frequency (RF) environment • Supports multiple wireless branch offices • IT staff has plans to implement wireless voice-over-IP (VoIP) now or in the near future Wireless switching derives many of its benefits from a new concept of AP functionality. Organizations can choose from “fat, “thin,” or “fit” APs. Fat APs, associated with traditional, complex wireless networks, perform the most functions, often including encryption, service set identifier (SSID), and signal routing for APto-AP hand-offs. Thin APs, found in some vendor wireless switching solutions, have CONTENTS Introduction....................................................1 When Wireless Switching Makes Sense ..........1 The 3Com Wireless LAN Mobility System Solution ..............................................2 The Benefits of a 3Com Wireless Switching Solution..........................................4 Wireless Switch Solution Purchase Considerations .................................9 Summary ......................................................10 3Com Wireless LAN Mobility System Solution Components .......................11 Glossary of Terms .........................................11 FREEDOM TO CHOOSE A BETTER NETWORK 1 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER no intelligence for local encryption, and support limited or no centralized management. Between the two, fit or managed APs (MAPs) in a wireless switched network maintain encryption close to the user in the managed AP. The wireless switch complements the local managed AP protection with additional security policies and management. The wireless switch provides a central point of communication and control with these manageable APs. Wireless network management and central security administration and control are all handled by a central wireless switching management application. The combination of secure, inexpensive managed APs and centralized management delivers significant cost savings that multiply as the size of the wireless network increases. Not all wireless switching solutions are created equal, however, and it’s important to investigate the capabilities of the available vendor solutions. In this paper, we’ll discuss how the 3Com Wireless LAN Mobility System addresses the most critical issues that stymie first-generation wireless LANs. The 3Com Wireless LAN Mobility System Solution The 3Com Wireless LAN Mobility System provides all the components IT managers need to deploy a manageable, seamlessly secure wireless network. This scalable, flexible solution consists of these key components: • 3Com Wireless LAN Controller WX4400 and/or 3Com Wireless LAN Switch WX1200 • 3Com Wireless LAN Managed Access Point AP2750 • 3Com Wireless Switch Manager Designed to strengthen wireless security implementations and management from network to user, 3Com WLAN controllers and switches manage communication with backend AAA servers. They provide robust support for user-based security and authentication using industry standards such as 802.1X, RADIUS, and LDAP. 3Com WLAN switches and controllers access AAA servers to verify usernames and passwords used for other network login functions. During the authentication process, the software learns each user’s network authorization attributes. User network authorization attributes may include VLAN or subnet membership, access control lists (ACLs), and Mobility Profiles which may specify where the user is allowed to roam. The 3Com WLAN controllers and switches that form the Mobility Domain authenticate all users and enforce their network authorizations wherever they roam. 3Com WLAN WX4400 controllers and WX1200 switches also communicate with and provide comprehensive control over APs to optimize airspace and further enhance 3Com’s robust security foundation. Controllers and switches communicate with fit managed access points which provide hardened encryption, bringing security closer to the user to safeguard critical business data as they deliver the benefits of wireless mobility. WLAN Controllers and Switches Provide Comprehensive managed AP and RF Control The 3Com Wireless LAN Controller WX4400 and 3Com Wireless LAN Switch WX1200 centrally control communication and management in complex environments with multiple managed APs. Designed to provide seamless mobility and security, 3Com WLAN controllers and switches use Identity-Based Networking to deliver network services based on user identity, instead of ports or physical device connections. Organizations can group multiple controllers and switches into a Mobility Domain to communicate with one another and with the wired network’s authentication, authorization, and accounting (AAA) systems to share user and group authentication information across the entire network infrastructure. 2 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Stack ® Super R 00 PW 3Com ch 44 Swit ® 3 3 3C17203 SuperStack 3 3C17203 SuperStack 3 3C17203 SuperStack Floor 1 N ess LA Point Wirel ess 3Com aged Acc Man devices 50 27 Switch 4007 LAN ts Clien 3 Stack Super PWR 00 3Com ch 44 Swit ts Clien ion regat Agg ch Swit ess 4400 Wirel r WX 3Com Controlle LAN ess Wirel Wireless 3CRWX440095A LAN Controller WX4400 ess LAN Wirel h Manager Switc 3 3C17203 SuperStack Corporate Backbone 3 3C17203 SuperStack N ess LA Wirel ager 3Com an ch M Swit 3 3C17203 SuperStack Floor 2 entica Auth er Serv tion Data Center N ess LA Point Wirel ess 3Com aged Acc Man devices 2750 LAN Clien ts FIGURE 1. Centralized Enterprise Application The 3Com Wireless LAN Mobility System gives IT administrators flexible deployment options for designing a wireless LAN. A centralized deployment features 3Com WLAN WX4400 controllers and WX1200 switches in the data center, at the network core, shown in Figure 1. Organizations can also deploy 3Com WLAN controllers and switches in wiring closets for a distributed environment, shown in Figure 2. 3Com managed APs support both topologies, because they can be directly and indirectly attached to WLAN switches or controllers, ensuring that the solution will operate well in any design. Many organizations will choose a combination of centralized and distributed wireless switches and controllers. This flexibility gives IT administrators deployment options to suit their cost and performance objectives. 3 Stack ® Super R 00 PW 3Com ch 44 Swit ® 3CRWX440095A Wireless LAN Controller WX4400 3 3C17203 SuperStack 3 3C17203 SuperStack ess 4400 Wirel r WX 3Com Controlle LAN 3 3C17203 SuperStack Floor 1 N ess LA Point Wirel ess 3Com aged Acc Man devices 50 27 Switch 4007 LAN es Wirel nts s Clie ts Clien ion regat Agg ch Swit ess LAN Wirel h Manager Switc Corporate Backbone 3 Stack Super PWR 00 3Com ch 44 Swit Wireless 3CRWX440095A LAN Controller WX4400 N ess LA Wirel ager 3Com an ch M Swit ess 4400 Wirel r WX 3Com Controlle LAN entica Auth er Serv tion Data Center 3 3C17203 SuperStack 3 3C17203 SuperStack 3 3C17203 SuperStack Floor 2 N ess LA Point Wirel ess 3Com aged Acc Man devices 2750 LAN Clien ts FIGURE 2. Distributed Enterprise Application FREEDOM TO CHOOSE A BETTER NETWORK 3 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER managed APs Strengthen Security Implementations and Management 3Com managed APs, such as the 3Com Wireless LAN Managed Access Point AP2750, are the second key component of the 3Com Wireless LAN Mobility System, and offer benefits not found in other vendor solutions. As mentioned earlier, fat APs typically consist of a one or more wireless radio transceivers and antennas, and local encryption and authentication software, as well as software that offers some user configuration and RF management for the wireless network. Thin APs include minimal software and no local data encryption, with limited support for centralized management. 3Com takes a unique approach that balances cost, security, and performance. Used with a wireless switch or controllers, 3Com managed APs, or fit APs, contain less code and processing, and are therefore less expensive to deploy. managed APs protect data privacy by encrypting and decrypting user transmissions using AES and TKIP Each 3Com Wireless . LAN Managed Access Point AP2750 supports 253 802.11a or 802.11b and 802.11g users, depending on the capacity and coverage requirements of the wireless installation. The fit AP functional approach delivers several advantages. The managed AP’s lower cost reduces capital expenses, and encryption remains close to users and data, reducing authentication and polling traffic that would typically come from large, standard fat AP deployments. The improved efficiency also enables 3Com managed APs to support VoIP and other bandwidth-sensitive applications. 3Com Wireless Switch Manager Centralizes Visibility, Management, Control The third integral element of the wireless solution, the 3Com Wireless Switch Manager gives the 3Com solution its impressive power, versatility, and resiliency. Its features are described in detail in the rest of this paper. The 3Com Wireless Switch Manager software contains all the features IT managers need to successfully plan, deploy, monitor, and manage an enterprise wireless LAN. Preand post-deployment tools dramatically simplify configuration and reduce initial installation complexity and expense. Robust administrative tools provide centralized control over all managed APs on the WLAN. Additional tools automate and centralize time-consuming user monitoring, traffic load balancing, and security enforcement tasks, significantly lowering ongoing administrative costs. The wireless network management software can be installed on any computer connected to the enterprise network. The initial software license manages a wireless LAN with up to ten controllers and/or switches in any combination; an additional upgrade license extends support to an unlimited number of controllers or switches for seamless scalability. The Benefits of a 3Com Wireless Switching Solution The 3Com Wireless LAN Mobility System is a scalable solution for networks of all sizes— even large deployments. By moving many of the traditional standalone AP functions onto a wireless switch for central monitoring and management, the 3Com solution reduces hardware, maintenance, and administrative costs, while boosting performance and efficiency. The 3Com wireless switching solution delivers a host of advantages to large, complex enterprise environments, organizations with high security and/or resiliency requirements, and/or organizations with multiple branch offices. Together, these benefits provide a “Perfect Ten” for wireless networks: • Pre-deployment site planning • Simple and secure setup • Centralized management • Automated AP management • Rogue detection and isolation • User and group security profiles • Mobility and fast roaming • Monitoring and alerting • Support for future wireless network requirements today • Reduced costs 4 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Pre-Deployment Site Planning 3Com’s wireless switching solution includes customized, automated site planning tools that let network administrators sidestep the manual processes of the past, and save significant dollars on network installation. The 3Com Wireless Switch Manager is a fullfeatured program that enables IT managers to apply a structured, scalable approach to planning and design. The application suite includes pre-and post- deployment planning, configuration, verification, and optimization capabilities. An easy-to-use graphical user interface shows IT staff how to accurately meet user bandwidth needs, balancing bandwidth capacity and coverage. As shown in Figure 3, the built-in Virtual Site Survey™ program imports standard building blueprints from popular 3D graphics programs such as AutoCAD, DXF, or other file formats such JPEG or GIF, to design the WLAN infrastructure offline. FIGURE 3. The 3Com Wireless Switch Manager automatically calculates optimum RF coverage derived from imported building floor plans, based on building material RF attenuation factors. Using the building RF attenuation factors, along with user bandwidth and capacity information, the 3Com Wireless Switch Manager automatically calculates how many 3Com managed APs, switches, and/or controllers are required and the position of the managed APs for optimal RF coverage and capacity on the imported building site plans. Additional automated customized deployment tools convert the design plans into configuration data, and generate accurate site plans and work orders, greatly reducing the chance of installation errors. These tools eliminate countless hours of trial-and-error effort. Simulation tools test whether the installed WLAN meets the objectives set during the site survey, verifying user service levels for each RF coverage area based on predetermined throughput and capacity parameters. Post-deployment software tools incorporate system feedback to fine tune signal strength and coverage based on actual performance. As the network evolves, additional tools model network topology changes to test growth or reconfiguration scenarios and reconfigure existing APs to accommodate new ones to support WLAN user expansion. Simple and Secure Setup Network management is the most significant ongoing expense for most IT organizations. The 3Com Wireless LAN Mobility System is designed to simplify management complexity and decrease ongoing administrative expenses. Using the detailed work order created by the 3Com Wireless Switch Manager, administrators can rapidly deploy and set up 3Com WLAN switches, controllers, and managed APs. They can also securely roll out scores of switch configurations and thousands of Mobility Profile configurations in one step, automatically applying security policies, radio channel and power settings, and roaming profiles for users. FREEDOM TO CHOOSE A BETTER NETWORK 5 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Centralized Management Once the wireless network infrastructure is installed, the 3Com Wireless Switch Manager enables IT staff to enjoy centralized visibility and control over the WLAN. Administrators can configure and control all managed access points from a management console located anywhere on the enterprise network. And they can closely monitor users, groups, and policies within the Mobility Domain. The management application also provides in-depth system level information, such as Ethernet statistics, including errors and traffic, down to packet size, radio statistics, and user session details. Centralized deployment and upgrade tools reduce configuration time and errors. For example, a network administrator can send all selected individual configurations to each managed AP with one click, eliminating the need to manually configure each one. The configuration program offers a web browser-based graphical user interface or command-line interface to configure and manage the managed APs, as shown in Figure 4. Both support SNMP and SSH remote management to integrate management and monitoring data with enterprise LAN management applications. Automated AP Management Traditional fat APs communicate with one another to determine how to handle changes to the network, such as which channel each should use when a new device comes online. By moving these RF management functions to a wireless switch or controller, this cumbersome communication between APs is no longer needed. Instead, the switch can monitor and manage activity across all managed APs. With 3Com Wireless Switch Manager RF configuration tools, the enterprise IT staff can finally take control of the network airspace. Through the wireless switch or controller, managed APs can be configured to automatically scan the wireless environment, on either a scheduled, continuous, or on-demand basis. These scans identify clients and access points and their spatial relationships, measure system capacity, verify signal coverage, and collect meaningful statistical data, such as peak usage during specific time periods. Additional tools compare the real-time data with predetermined parameters and adjust traffic load balancing, optimize RF footprints or power to eliminate gaps, and verify or change AP RF channel assignments. Running real-time, multi-dimensional AP scanning data through complex decision algorithms, 3Com wireless switches and controllers dynamically direct bandwidth to the area of highest need, making sure to assign different channels to neighboring managed APs to avoid introducing crosschannel interference. FIGURE 4. The 3Com Wireless Switch Manager tracks users’ locations and shows which managed APs they are associated with. 6 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER 3Com’s location-independent architecture creates a redundant, self-healing topology that always keeps wireless services available. Should one AP fail, its associated wireless switch becomes aware of the failure and turns up the gain of adjacent APs to cover the gap in coverage. If a wireless switch fails, the AP finds an alternative “parent”. This network resilience helps organizations reduce WLAN capital expenses, while easing network administration and maximizing uptime. User and Group Security Profiles In the past, networks have depended on users connecting to a specific port on a device in one location on the network. Dependence on physical ports and devices was the foundation for network engineering. Subnets, ACLs, and class of service (CoS), for example, are defined on ports of routers and switches, and IT staff often manages a user’s connection via the desktop’s MAC address. With 3Com’s Identity-Based Networking, VLANs no longer require a physical connection or port for implementation, the information now is part of the user or group security policy. IT staff can now enjoy unprecedented control and visibility into the wireless LAN. Monitoring tools track information down to the individual, regardless of his or her location, and network identity is based on the user and not on physical ports or locations. As a result, the 3Com Wireless LAN Mobility System provides enhanced user and group security and enforcement, allowing IT managers to create virtual private groups for unique requirements. Another feature is simplified SSID support. Multiple SSIDs are no longer required to support roaming and authorization policies; a single SSID is sufficient to support roaming, subnet roaming, or authorization policies that include VLAN or subnet membership. Extensive configurable monitoring tools collect user data such as location, access control, and security settings, and identify guests. In addition, the Virtual Private Group Manager feature in the 3Com Wireless Switch Manager enables IT staff to assign users and groups specific security and access policies for maximum flexibility. IT staff can further tailor the system by configuring users or groups to associate to specific managed APs with specific security credentials, or by enabling multiple virtual private groups of users to connect to multiple VLANs. This pinpoint user visibility, combined with virtual group policy assignment, increase network security and significantly reduce IT management time. For the first time, IT staff can not only change individual user settings, they can also conveniently configure or reconfigure groups of similar users, or groups of APs, from a central management console with just a few keystrokes, rather than having to go through the lengthy exercise of reconfiguring individual access points. Rogue Detection and Isolation 3Com’s automatic managed AP RF scanning gives administrators better insight and visibility into the network by identifying and nullifying “rogue” APs. Rogue APs are potentially malicious, unauthorized APs placed on the network to obtain access to resources. They can degrade network performance by introducing additional traffic, compromise network security by attempting to obtain data or user names, or spoof the network in order to generate harmful spam, viruses, or worms. The risk of rogue APs exists with any network, but larger networks are more vulnerable. To counteract this threat, IT staff can configure 3Com wireless controllers or switches to assign APs to act as RF “sentries,” scanning the WLAN for rogue locations, logging them for corrective action, and reassigning channels around them to keep the network up and running. AP RF scanners also detect and adjust for other sources of RF interference such as microwave ovens and cordless phones. In contrast, other systems with fat APs may be able to detect a rogue, but they can’t identify the rogue’s physical location or take countermeasures to address the intruder. However with the 3Com Wireless Switch Manager, not only can rogues be detected and located, but administrators can take steps to keep them from communicating with users on the network. FREEDOM TO CHOOSE A BETTER NETWORK 7 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Mobility and Fast Roaming Designed to provide true secure seamless mobility, the 3Com Wireless LAN Mobility System allows users to connect once and roam throughout the network with true session integrity. Once the system authenticates a user, it tracks that user’s identity with a single persistent login as he or she roams the WLAN, using standards-based protocols. The location-independent, usercentric architecture supports a unique user “passport” capability based on 802.1X authentication. This wireless roaming capability allows faster handoffs, eliminating the need for users to re-authenticate when entering a new AP domain, and enables them to access a consistent set of services. User security persistence also reduces repetitive traffic to and from the authentication server because wireless users no longer need to re-authenticate when traveling from one area to another. The ability to create Mobility Domains with shared AP user records, combined with the ability to assign a persistent login, enable IT managers to enforce user-based security policies that determine network access. These policies are assigned to a user or group of users through an authorization value returned by the AAA server during authentication, and allow or deny network access to different areas or resources of the wireless network. Roaming profiles and security policies are applied consistently across the enterprise WLAN, regardless of wireless user’s location. Support for Future Wireless Network Requirements Today Wireless CoS and Quality of Service (QoS) traffic prioritization, combined with persistent user login capabilities ensure that adequate bandwidth will be available for wireless VoIP applications. 3Com’s fit AP architecture lets organizations deploy VoIP services more effectively, with higher performance. To provide VoIP over WLAN with acceptable performance, “fastroaming” must be built into the system. That is, the managed AP-to -managed AP phone call hand-off must be seamless and fast, to avoid dropped calls. 3Com fit managed APs don’t suffer from the limitations of fat AP architectures, which must negotiate with each other individually and therefore introduce latency, or thin APs, which introduce latency during the centralized encryption process. 3Com’s WLAN switching solution optimizes the locations of these functions, minimizing data transfer latency and boosting the performance of VoIP systems. Reduced Costs From equipment implementation to ongoing administrative expenses, the 3Com Wireless LAN Mobility System is an easy-to-use solution that doesn’t compromise features or integrity. Complex, large-scale enterprise networks benefit from reduced capital equipment expenses, due to the lower-cost managed APs and an upgrade path for existing 3Com enterprise APs. The solution overlays any Layer 2 or Layer 3 wired infrastructure, so no hardware or software changes are required to the enterprise network in order to deploy it. But more importantly, enterprise networks benefit from ongoing operation savings, thanks to advanced site planning and management tools, and RF and user controls that significantly reduce the burden of maintaining and supporting large WLAN environments. The solution enables organizations to derive the full benefit from their wireless investments, since many wireless systems are not fully utilized because they cannot be adequately secured or managed. Monitoring and Alerting The 3Com Wireless Switch Manager provides real-time operation information to quickly detect problems, to improve security and optimization of the network, or even to locate users. Designed for today’s dynamic businesses, the network management application offers automatic alerts for configuration changes. An easy-to-use wizard interface provides immediate prompts, enabling administrators to quickly resolve conflicting changes. The software’s Mobility Profile feature enables organizations to control where users or user groups can access resources when they roam throughout the WLAN infrastructure. In addition, location policies enable IT to prevent or allow access to special applications according to a user’s location. 8 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Wireless Switch Solution Purchase Considerations The advantages of WLAN technology are clear. Wireless LANs can enable organizations to free their workforce to access critical network resources virtually anytime, anywhere. By making the network more accessible, organizations can increase productivity, ease site planning, reduce connectivity costs between buildings, and improve workforce responsiveness and organizational flexibility. However, each wireless offering has distinct advantages and disadvantages. When making a wireless solution purchase, network administrators should carefully evaluate vendors and products to choose the solution that’s most appropriate for their organization. Consider these important factors as you conduct your research. Some vendors’ proprietary solutions require administrators to make significant, costly changes to the core network, client devices, or both. IT might have to deploy completely new protocols, and install them on all of their edge routers. Other architectures require that administrators install software on every PC or laptop that will be used on the wireless system. The 3Com solution is designed to integrate with existing network infrastructures to extend at least the same level of security found in the wired network to mobile users. Depth of Security at the AP Security remains a key concern for IT organizations that wish to deploy a WLAN. A solution that depends on thin APs sacrifices the local encryption capability that keeps encryption close to the data and close to the user. 3Com managed APs, on the other hand, provide local traffic encryption which distributes encryption processing across the network rather than relying on one central device. They work closely with 3Com wireless switches and controllers, which integrate with backend AAA servers, consistently enforcing user and group access policies across the wireless LAN, to provide secure session integrity as users roam throughout the network. Path to Upgrade and Cost Today’s fast-moving businesses are continually making new demands on their IT infrastructures. Administrators considering a wireless solution should consider not simply short-term requirements, but also what their needs will be years ahead. The 3Com Wireless LAN Mobility System enables organizations to cost-effectively apply a robust mobility solution today, while providing the scalability and application support needed for the future. 3Com’s fit AP architecture enables organizations to deploy multiple managed APs together with a wireless switch at less cost than a traditional fat AP network with no wireless switch. And, because 3Com managed APs are less expensive than traditional fat APs, organizations can grow their network easily to extend their WLAN as requirements change, while improving security yet minimizing costs. No upgrades or network equipment modifications are required. As importantly, the versatile, topology-independent solution can be deployed anywhere in the network, separated by L2/L3 devices, and operate as an integrated infrastructure, making it easy to scale or change as business needs dictate. Multiple controllers and switches work together within a Mobility Domain to manage and control thousands of managed APs for unparalleled scalability, while license upgrades offer “pay-as-you-grow” flexibility. Application support is another key concern of growing businesses. The 3Com WLAN switching solution provides the superior performance and QoS support needed for VoIP , enabling organizations to tap the moneysaving benefits of multiservice networking. Robust Encryption To further ensure session integrity, an effective WLAN solution should provide support for the most advanced encryption technology. The 3Com WLAN Mobility System supports AES encryption today. AES encryption is the most robust technology currently available to encrypt wireless data. AES technology was chosen by the U.S. Government as the standard for the protection of secret information, through the “Top Secret” information level. Building on 3Com’s strong wireless security features of AES, TKIP and WEP encryption, and WPA 1.X and 2.0 and 802.1X authentication, the 3Com Wireless Switch Manager creates and enforces both individual and group security policies that are applied consistently as the user roams throughout the network. 3Com’s Identity-Based Networking gives IT managers confidence in the enhanced security of their wireless LAN networks through improved user and group authenticated access control, consistently enforced roaming policies, and monitored bandwidth usage. 9 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER Site Planning and Deployment Tools One of the biggest challenges in deploying a WLAN occurs first: determining how many APs will be required, and exactly where to put them. The answers to those questions depend on a host of factors including the size and layout of the building and/or campus, type of construction, number of WLAN users, and their individual bandwidth requirements, among others. The traditional approach used by many vendors is to conduct an RF site survey and WLAN layout—a costly, time-consuming proposition. In fact, one estimate puts the cost to develop manual WLAN site surveys at $5,000 per 20,000 square feet of WLAN coverage. Instead, 3Com offers the 3Com Switch Manager, with powerful planning, configuration, and deployment tools. The Virtual Site Survey automatically accounts for common RF obstacles, creates a recommended WLAN configuration, and generates a detailed work order. And it enables administrators to automate the process of verifying and deploying the plan. With a single click, the Mobility Domain is set up as configuration templates are quickly to multiple wireless LAN switches, controllers and managed APs via secure HTTP. Central AP Management Centralized control is the keys to the effectiveness and security of the 3Com WLAN Mobility System. The centralized switching architecture offers critical housekeeping functions that optimize the performance and reliability of the WLAN on a day-to-day basis. For example, the 3Com Wireless Switch Manager provides a coverage/capacity wizard that defines geographic coverage with the number of users and desired bandwidth. It also offers a centralized event viewer and unified management of images and configurations. The 3Com Wireless Switch Manager is also integral to optimizing rogue detection. With its holistic view of the network, it is wellpositioned to detect rogues, log the rogue for corrective action, and manage and control acceptable frequencies. Summary Wireless switching technology addresses the limitations of conventional wireless networks— lack of capacity planning tools, lack of central control and management, and lack of layered security—that have kept them from fully integrating with enterprise infrastructures. 3Com’s wireless switching solution makes large-scale, cost-effective, secure enterprise wireless LAN deployments possible for the first time. Wireless switching vendors all incorporate some version of a simplified AP with a fuller-featured wireless switch which manages security, RF usage, and users. However, the 3Com solution, with its fit managed AP and highly intelligent controllers and switches, offers distinct advantages over the competition. The 3Com Wireless LAN Mobility System is designed to enable organizations to overcome the headaches previously associated with cumbersome, manual deployments. Its innovative fit AP architecture and intelligent planning and configuration tools enable organizations to quickly roll out a WLAN solution, placing APs more quickly and accurately, while reducing overall deploy- ment costs. In addition, robust security and administrative tools let organizations make their wireless deployment as secure, easy, and manageable as a wired network. Best of all, the 3Com WLAN Mobility System is designed to integrate seamlessly with existing networks today. Users can now connect securely to the network and roam, enjoying consistent security, regardless of where they physically connect to the network. The system is designed to work the way your organization already works. There’s no need to reconfigure your wired network to supplied wireless users. The solution is also available in a wide choice of deployments to suit your specific organizational requirements. No upgrades or network equipment modifications are required. The 3Com wireless switching solution is a strong complement to its broad array of wireless offerings, from client PC cards and adapters to wireless bridges and APs. And the solution’s attractive pricing means there’s no reason you can’t tap the benefits of mobilizing your workforce today. 10 FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER 3Com Wireless LAN Mobility System Solution Components PRODUCT DESCRIPTION 3Com® Wireless LAN Controller WX4400 3Com Wireless LAN Switch WX1200 3Com Wireless LAN Managed Access Point AP2750 3Com Wireless Switch Manager Options 3Com Wireless LAN Controller WX4400 Spare Power Supply 3Com Wireless LAN Controller WX4400 24 managed AP License Upgrade 3Com Wireless Switch Manager 3WXM Unlimited License 3COM SKU 3CRWX440095A 3CRWX120695A 3CRWX275075A 3CWXM10A 3CWX4400RPSA 3CWX4400L24A 3CWXMUPA Glossary of Terms Access point (AP) – A wireless transceiver that connects devices on a wireless LAN to the wired infrastructure. Fat AP – An AP or managed AP that contains antennas, one or more radios, local encryption capability, Ethernet MAC, and all the local software to configure and maintain a group of wireless users. Fit AP – 3Com’s implementation of a managed AP that contains antennas and one or more radios, supports the managed AP Control Protocol, and offers local encryption capabilities. It is managed and controlled by a 3Com wireless controller or switch. Internet Group Management Protocol (IGMP) Thin AP –A managed AP that contains antennas, one or more radios, and supports the managed AP Control Protocol. It is managed and controlled by a wireless switch. 3Com Wireless LAN Mobility System – 3Com’s wireless switching solution that includes the 3Com Wireless LAN Controller WX440, 3Com LAN Wireless Switch WX1200, 3Com Wireless LAN Managed Access Point 2750, and 3Com Wireless Switch Manager. 3Com Wireless Switch Manager – Comprehensive management software includes pre-and post-deployment and setup tools, user, traffic, and RF optimization control tools, and multi-layered security capabilities. Virtual LAN (VLAN) – Assigned as part of – Multicasting allows a single computer to send content to multiple target computers that are interested in the transmission. Multicasting can be used for high-bandwidth applications such as streaming media. IGMP allows for dynamic optimization of the multicast path, possibly reducing network traffic. IGMP snooping – The ability of a wireless controller or switch to snoop on all ports for IGMP group members and restrict multicast traffic to ports that just have IGMP group members. This is enabled by default per VLAN, but can be configured on a per-port basis. Managed AP (MAP) – An access point that authorization from the AAA server, a VLAN permits a group of clients to share a common broadcast domain regardless of their physical location in the network. Virtual private group – A VLAN or IP subnet defined by an AAA server to allow or deny network access privileges across the wireless network. Per VLAN Spanning Tree (PVST+) Protocol Maintains a loop-free topology while providing redundancy in case of failure on a per-VLAN basis. Participating devices recognize a loop in the topology and block traffic on one or more redundant VLANs. When the topology changes, STP attempts to reconfigure the participating devices to avoid loss of connectivity or creation of new loops. Wireless switch/controller – A Layer 2 wireless device that communicates with and centrally controls all managed APs. 3Com further differentiates this device category: its wireless controllers are high-capacity switches that manage large complex, environments; 3Com wireless switches are designed for smaller or remote branch offices. 11 contains antennas, one or more radios, and supports the managed AP Control Protocol. It is managed and controlled by a wireless switch. Managed APs can be defined as thin or fit depending on the amount of local encryption intelligence they possess. Mobility Domain – A group of 3Com wireless LAN controllers and/or switches that intercommunicate with each other through the Inter-Switch protocol and share a common user database. Secure session identifier (SSID) - A unique 32character identifier attached to the header of packets sent over a WLAN. FREEDOM TO CHOOSE A BETTER NETWORK 3COM ® INTRODUCTION TO WIRELESS SWITCHING WHITE PAPER 3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064 To learn more about 3Com solutions, visit www.3com.com. 3Com is publicly traded on NASDAQ under the symbol COMS. The information contained in this document represents the current view of 3Com Corporation on the issues discussed as of the date of publication. Because 3Com must respond to changing market conditions, this paper should not be interpreted to be a commitment on the part of 3Com, and 3Com cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only; 3Com makes no warranties, express or implied, in this document. Copyright © 2005 3Com Corporation. All rights reserved. 3Com and the 3Com logo are registered trademarks of 3Com Corporation. Exercise Choice is a trademark of 3Com Corporation. All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice. 500931-001 01/05