Wireless solutions
3Com Wireless LAN Access Point 8000
Setup for this unit is slightly different from the other units tested. It receives its power via the LAN cable (power over Ethernet) but it comes with what looks like a normal AC/DC power pack -brick"; however, this pack (in addition to the normal power connections) has two RJ-45 sockets on it: one labelled To Access Point the other To Hub/Switch. This enables you to mount the AP unit wherever you like to take advantage of the widest area of coverage available and you only need to run one CAT 5 cable to it. The only downside is the possible damage one could do to the network if the wrong cable was plugged into the LAN.
We must admit that our first impressions of the 3Com product started off on a bad foot as there was no user/configuration manual included with the product kit, just a mounting template, a quick start guide which takes you through the plugging in of the device, and the warranty booklet. There was a CD included that had some documentation on it, however this was an older version, we found the resources on the 3Com Web site to be more up-to-date for this product.
The bundled software from 3Com on the CD, that apparently allows you to perform WLAN site surveys to determine the best location in which to install the AP unit; unfortunately it failed to launch despite trying to install this software on two systems. There is also a utility included called 3Com wireless infrastructure device manager, which in theory sounds like it would save you a lot of time by automatically detecting your network settings, IP range, and subnet, and basically configuring the 8000's IP properties so that you can access it via a Web browser. Initially the software that was bundled with the AP continually gave the error that no NIC could be detected in the system (despite two NICs being installed in the test system). Upon further investigation at the 3Com Web site it was discovered that this was a known bug with that release of the software and once we had downloaded the updated version and installed and run it, we were given the choice of both NICs, all well and good. However no matter how hard we tried to get this utility to work it simply would not detect our settings, even plugging it in directly to the NIC on the local system with a crossover cable did not do the trick.
The second option available (as with the other devices tested) is to set the IP address on your NIC to the same range as the AP, however upon reading the PDF manual that we downloaded, the IP address range of the 8000 is based on the MAC address of the unit, ie 169.254.xxx.1 where xxx is the decimal conversion of the last two hexadecimal digits on the access point (we are serious here, the PDF even goes to the trouble of telling you how to perform this conversion with the aid of a scientific calculator!). By this stage we were beginning to think that this was getting a little too complex for the relative simplicity of the task at hand. However, we dutifully decided to proceed, converting the MAC address' last two digits and entering that range into our LAN NIC. Suddenly, we could access the AP via the wireless infrastructure device manager and also via the Web browser.
| The 3Com Wireless LAN Access Point 8000 provides basic entry-level security at a reasonable price. |
Issues to consider: The built-in 11Mb Wireless Access Point limits the customer to future possible upgrades, ie speed or distance. Should a client wish to change they will need to replace the whole unit. The removable antenna connections were very flimsy where they screwed/attached to the plastic casing. The Dynamic Security Link may be quite effective but obviously relies on proprietary firmware within the 3Com wireless NIC in the client device and as we were not supplied this for the review we could not evaluate its effectiveness.
Type of client this unit would suit: small to medium enterprise (SME) who have an existing LAN and want to add a small relatively secure W-LAN easily installed with no-frills units (ie, no WAN port, no integrated switch, etc) and is very easily wall or ceiling mounted with only one cable needing to be run to the unit.
Bluesocket WG-1000
Bluesocket's gateway prevents unauthorised access to wired network resources by authenticating each user attempting to access the network via a wireless connection.
Actual installation could not have been easier despite its complex capabilities and specifications. Simply plug in the power, a network cable from the ETH0 port to your wired LAN, and a network cable from the ETH1 port to your wireless LAN equipment, and turn the server on. It takes a few minutes to start up, but once it is going it shows the current IP address on the front panel display. Open an Internet browser on the client system attached to the same LAN to enter the address (providing your client system is on the same IP range/subnet as per the documentation) and you can then reconfigure the server for your needs. Not only can configuration be performed via an Internet browser but the WG1000 also supports SNMP for administration by applications such as HP Openview and Tivoli NetView.
Redundancy and failover is provided for by the WG Mesh facility that will allow you to link multiple WG-1000 units with a single management/configuration, the slave systems will obtain the changed settings from the master in real time.
The WG-1000 also handles network address translation (NAT) and port mapping for your wireless devices that may need to either act as servers for outgoing traffic or utilise applications that require specific ports to be open such as IRC or, dare we say it, network games.
| The Bluesocket WG-1000 is a medium- to large-corporation wireless security device that will definitely block most if not all intruders if implemented correctly. |
One of the benefits of authenticating individual users is that you can give them separate permissions to network resources, such as Internet only, and individual server or shared resources only. Once users are authenticated, they are placed in a group. This group can be configured with different access privileges that are then valid for that user sessions. These can include time restrictions, bandwidth limits, and resource limits. For example, if you run a corporation that has R&D, manufacturing, sales, and distribution you could block access to the Internet for the users in the manufacturing and distribution systems but have it available for the sales and R&D.
The Bluesocket WG-1000 is capable of supporting up to 100 users with its maximum encrypted throughput being rated at 30Mbps.
Issues to consider: The WG-1000 is based on an Intel integrated server platform and uses a standard 3.5in IDE hard disk drive and 150w power supply unit, therefore could be subject to normal server maintenance issues such as mechanical drive or fan failures possibly causing downtime.
Best suited for: Large companies with several access points and relatively large volumes of wireless traffic requiring fast efficient and dedicated authentication and encryption with virtually bulletproof security between wireless and wired LAN traffic.
Cranite Software Suite
The Cranite software was relatively easy to installâ€"it took around 30 to 45 mins. However you need to provide two servers, one to act as a policy server and the other as an access controller. The policy server must have Microsoft Windows 2000 Server with Internet Information Server (IIS) and Internet Access Server (IAS) installed and running. Also the policy server must be a member of the domain or Active Directory if you are using a separate domain controller or Active Directories on your LAN. Alternatively you can also install Active Directory Services on your policy server to function as a standalone directory. Cranite also recommends running RADIUS software if required on the same Windows 2000 server.
The required access controller server hardware is described by Cranite as being a blank generic hardware plat-form; note that two 100Mb NICs need to be installedâ€"one to provide the link to your LAN the other to your WLAN. It is installed via two CDs and installs and runs a modified version of Linux Red Hat.
| The Cranite Software Suite gives you the ability to choose your own hardware platforms. |
As for the configuration of the access controller software one of the more annoying points is that you need to grant your access controller server Internet access while configuring the software simply so that it can attach to Cranite's licensing server and verify the correct license information has been supplied to you. According to the documentation, there is a way Cranite can manually issue you with valid licensing in case you are in an organisation that does not have LAN access to the Internet. They should make this manual licensing applicable for all users or at least make the policy server responsible for completing the registration as this is the server that is more likely to have a valid Internet connection.
The maximum number of wireless APs supported by the Cranite solution is 15.
Issues to consider: Security and administration issues may increase depending on security of underlying server hardware and software (ie, Win 2K server and Linux Redhat). Also, due to the nature of the hardware, it would require more routine maintenance over some of the other products. Providing your client hardware is running Microsoft Windows 98, ME, 2000, or XP you are fine; however, if you have PDAs with wireless cards or are running Mac or Linux OSes then you may run into difficulties.
Best suited for: A mid- to large-sized organisation with existing reliance and preference for Windows 2000 servers and Windows-based clients.
D-Link AirPlus DI-614+
The D-Link DI-614+ is fundamentally an all-in-one WAN/Internet Router, 22Mbps wireless access point, and 4-port 10/100Mb LAN switch. The wireless security features of this unit are basically negligible and could be compared to most other wireless APs currently in the market. This article is about wireless security and wireless security gateways and the D-Link only supports WEP, which as previously mentioned is no longer very secure to a determined hacker.
| The D-Link AirPlus would require additional security measures for complete confidence. |
Installing the D-Link was very easy as were all the integrated products that we received. All ports were clearly marked on the unit therefore it was just a matter of plugging in the applicable cables. The D-Link configuration process is handled via a Web browser and going to the default IP address and reconfiguring it to suit your organisation.
Issues to consider: Built in 22Mbps Wireless Access Point limits the customer to future possible upgrades, ie speed or distance. Should a client wish to change to 55Mb WLAN, they would need to replace the whole unit. Due to the inbuilt wireless AP should you need to install the unit on a wall or ceiling to get better wireless coverage then you will need to run network, power, and your broadband modem cables all the way up to the AP or purchase and run separate external antennas and connection cables. Also for a totally integrated solution (LAN, WAN, WLAN etc) there was not enough visual LED information on the front of the unit.
Type of client this unit would suit: This unit would best suit the home user or small office home office (SOHO), due to the limits of the integrated hub, WAN router, and built-in wireless access point.
Netgear FVM-318
Installation was virtually identical to the D-Link unit. The auto uplink switching on all eight LAN ports is a handy feature when connecting to extra hubs or an existing LAN.
Configuration was via a Web browser again and provided no major dramas as all features, particularly the security end of the VPN connections, were very straightforward with excellent guidance and help provided via the built-in window of the browser. Something to be aware of is that this is not a normal wireless APâ€"it is a wireless VPN AP, so you must install client software onto your notebooks in order to even pick up the AP. The unit was not picked up by two of the wireless scanning applications until the client software had been installed, which is great news for people who are perhaps not looking for such a large or complex deployment of wireless equipment on the scale of the Bluesocket or Cranite solutions, however require a very secure wireless environment. Using 3DES IPSec for the WLAN VPN security, the maximum client data throughput is around 4.2Mbps.
| The Netgear FVM-318 is an affordable solution aimed at the small business. |
Type of client this unit would suit: Small offices with fewer than 20 wired LAN users and fewer than 15 wireless LAN users utilising the WLAN within a relatively limited area.
Subscribe now to Australian Technology & Business magazine.
