Cisco Catalyst 3750G WLAN Controller
Strengths: Easy installation, versatile policy-based wireless security, superb mapping facilities, optional location tracking
Weaknesses: Separate management interfaces for switching and wireless security configuration
Verdict: A wireless security solution that offers a superb level of features, easy deployment and some of the best mapping facilities currently available
By their very nature, wireless networks are difficult to lock down, but Cisco's Catalyst 3750G Integrated Wireless LAN Controller delivers some unique management and monitoring facilities, combined with strong wireless security measures.
This solution came about after Cisco acquired AireSpace a couple of years ago and absorbed its products into its own range. The 3750G acts as the foundation of this security solution, bringing together Cisco's Catalyst 3750G Ethernet switch and 4400 Wireless LAN controller into a single, rack-based appliance. Purely from a switching perspective, Cisco delivers the goods as the system provides 24Gb Ethernet ports supporting the 802.3af point-of-entry specification. It's endowed with a high-speed 32Gbps backplane, but its main function is to look after Cisco's Aironet wireless access points (APs). Note that the switch only supports APs running the LWAPP (lightweight access point protocol), which take all their configuration details from a central location.
The system works by using the APs to monitor all wireless networks in their vicinity. They can watch out for beacon signals and identify rogue APs and ad-hoc networks. Multiple APs can band together and stop these being used. Called containment policies, these are probably the most contentious feature as they can stop clients associating with rogue APs by sending out false signals. The law now has a dim view of anyone meddling with another company's wireless network, so these policies need to be used with care.
The switch is extremely easy to deploy. The browser-based Cisco Device Manager offers full access to switch configuration, and its home page provides a detailed switch status overview. If you are adding non-Cisco devices, the SmartPorts feature will come in handy as you select a role for a port and the switch will automatically configure features such as quality of service (QoS) specifically for the attached device. The switch is also managed with the Cisco Network Assistant, which provides plenty of wizards, easy access for setting general network security and a map showing all connected devices.
The Wireless LAN Controller component has a separate management interface, which is fired up from the Device Manager.
The controller's home page is very informative, providing a complete rundown of all wireless clients plus Aironet APs, which services they are providing and any rogue APs and ad-hoc networks. The APs have an impressive operational range: during testing in our building they picked up 14 active APs and two ad-hoc networks and identified all the clients associated with each one. Security and QoS are policy-driven, so you can, for example, decide what user authentication schemes and encryption methods to enforce and limit the number of clients that can associate with specific APs.
We particularly like Cisco's wireless control system software, as this provides a full mapping service. You can import a drawing of your building and then position APs within the structure. The map uses heat signature-style mappings that reveal the coverage and signal strength of each unit and will show how walls affect wireless range and even the signal leakage through windows. It will also show identified rogues, areas of poor coverage and the chattiest APs, while wireless intrusion detection and prevention is employed using a regularly updated attack database. The optional wireless location appliance allows you to track wireless clients and build up a map of their position in the building and roaming activity.
Among the few proven wireless security products on the market, this one stands out for sheer level of features on offer. It's very simple to deploy, delivers some of the strongest management facilities we've seen and provides unbeatable mapping and tracking facilities.