Products: Wireless LAN controllers – Cisco Catalyst 3750G WLAN Controller

July 30, 2007

Supplier: Cisco Systems; Price: From £10,077 exc VAT for 25 APs, £12,540 for 50 APs; Contact: www.cisco.com.

By their very nature, wireless networks are difficult to lock down, butCisco's Catalyst 3750G Integrated Wireless LAN Controller delivers someunique management and monitoring facilities, combined with strongwireless security measures.

This solution came about after Cisco acquired AireSpace a couple ofyears ago and absorbed its products into its own range. The 3750G actsas the foundation of this security solution, bringing together Cisco'sCatalyst 3750G Ethernet switch and 4400 Wireless LAN controller into asingle, rack-based appliance. Purely from a switching perspective, Ciscodelivers the goods as the system provides 24Gb Ethernet ports supportingthe 802.3af point-of-entry specification. It's endowed with a high-speed32Gbps backplane, but its main function is to look after Cisco's Aironetwireless access points (APs). Note that the switch only supports APsrunning the LWAPP (lightweight access point protocol), which take alltheir configuration details from a central location.

The system works by using the APs to monitor all wireless networks intheir vicinity. They can watch out for beacon signals and identify rogueAPs and ad-hoc networks. Multiple APs can band together and stop thesebeing used. Called containment policies, these are probably the mostcontentious feature as they can stop clients associating with rogue APsby sending out false signals. The law now has a dim view of anyonemeddling with another company's wireless network, so these policies needto be used with care.

The switch is extremely easy to deploy. The browser-based Cisco DeviceManager offers full access to switch configuration, and its home pageprovides a detailed switch status overview. If you are adding non-Ciscodevices, the SmartPorts feature will come in handy as you select a rolefor a port and the switch will automatically configure features such asquality of service (QoS) specifically for the attached device. Theswitch is also managed with the Cisco Network Assistant, which providesplenty of wizards, easy access for setting general network security anda map showing all connected devices.

The Wireless LAN Controller component has a separate managementinterface, which is fired up from the Device Manager.

The controller's home page is very informative, providing a completerundown of all wireless clients plus Aironet APs, which services theyare providing and any rogue APs and ad-hoc networks. The APs have animpressive operational range: during testing in our building they pickedup 14 active APs and two ad-hoc networks and identified all the clientsassociated with each one. Security and QoS are policy-driven, so youcan, for example, decide what user authentication schemes and encryptionmethods to enforce and limit the number of clients that can associatewith specific APs.

We particularly like Cisco's wireless control system software, as thisprovides a full mapping service. You can import a drawing of yourbuilding and then position APs within the structure. The map uses heatsignature-style mappings that reveal the coverage and signal strength ofeach unit and will show how walls affect wireless range and even thesignal leakage through windows. It will also show identified rogues,areas of poor coverage and the chattiest APs, while wireless intrusiondetection and prevention is employed using a regularly updated attackdatabase. The optional wireless location appliance allows you to trackwireless clients and build up a map of their position in the buildingand roaming activity.

Among the few proven wireless security products on the market, this onestands out for sheer level of features on offer. It's very simple todeploy, delivers some of the strongest management facilities we've seenand provides unbeatable mapping and tracking facilities.

SC MAGAZINE RATING
Features: *****
Performance: *****
Ease of use: ****
Documentation: ***
Support: ****
Value for money: ****
Overall Rating: ****

For: Easy installation, versatile policy-based wireless security, superbmapping facilities, optional location tracking

Against: Separate management interfaces for switching and wirelesssecurity configuration

Verdict: A wireless security solution that offers a superb level offeatures, easy deployment and some of the best mapping facilitiescurrently available.

prestitial ad