Netgear ProSafe Smart Wireless Controller
Seamless roaming, centralised policy management, good AP detection, low cost
Rubbish manual, tortuous configuration process, badly designed web interface, rogue AP blocking feature present but disabled - the list is endless
Plenty of wireless security and management features for the price but if you value your sanity don't try installing this solution without a trained engineer
Netgear's latest WFS709TP controller aims to deliver a complete wireless management and security solution suited to a wide range of businesses. This 1U-rack appliance is based around an Aruba Networks MC-800 Mobility Controller and designed to work with Netgear's WGL102 and WAGL102 light access points.
Being the lightweight variety, the APs cannot be locally managed and will only take their firmware and configurations from the controller. This allows you to easily manage your wireless security policies and deploy them all from a central location. The product also provides seamless roaming, allowing wireless clients to wander freely, simply be moved from one AP to the next to ensure network connectivity is maintained.
Deploying your APs so their coverage overlaps allows you to build in redundancy so if one AP fails another one on standby can be automatically fired up to take its place.
The controller offers a single Gigabit uplink port, but all the action centres round the octet of switched Fast Ethernet ports, as these provide power over Ethernet to the light APs, with up to 16 supported. To test the solution we placed the controller in our lab and located three WGL102 APs throughout our office complex at distances of up to 50 metres apart, powered via the controller through the building network infrastructure. That is the easy part as we found all too soon that initial configuration and deployment hasn't been handled at all well by Netgear. One of the biggest problems, apart from the badly designed web management interface, is the manual. Even though this is a complex product, the documentation makes no effort to explain and doesn't even mention a large number of the features. We had to resort to Netgear's support, which for this product is currently only available from the US.
We were advised not to deploy the APs, but to run through the AP planning procedures at the web interface first. You provide the dimensions of your building and enter details such as the overlap between APs, required wireless speeds and the type of services you want to offer. Using a JPEG map of our offices we also added areas where we didn't want wireless coverage. Icons representing suggested positions for APs are then placed on the map and each is assigned a location code.
Now you need to physically deploy and connect your APs and then use the installation wizard, which downloads a basic configuration and a location code to each one. Our problems were exacerbated as the physical and suggested location codes were different, which meant we had to use the provisioning option to manually change these individually for each AP so they matched the suggested codes and use their IP and MAC address to make sure that we had the right AP in the correct map location.
At last we could view the map and see heat signatures for each light AP showing their coverage. The monitoring page reveals all detected APs and, if they have a wired connection to the protected LAN, they will be classified as rogues. Make sure that the ARM (adaptive RF management) setting is enabled for the light APs, otherwise they will only monitor the wireless channel they are set for. If you search for this feature in the manual, note that it actually refers to it as IRM (IntelliFi RF management). Confused? You will be.
We tested client roaming by deploying a basic security policy to the light APs and logging on from a laptop. We set up a continuous ping with our domain controller and then went for a wander through the building. Sure enough, as we reached the overlapping areas of coverage we were moved over to the next AP. Our ping did time out a couple of times during the transition, but to the user this will be virtually transparent.
Netgear picked up 19 APs in our building that were correctly classified as interfering because they did not have a wired connection to our LAN. We then connected a 3Com AP to our LAN and this was duly identified as a rogue. The light APs use signal strength measurements and triangulation to pinpoint the APs position, but the locate option is another grind, as you first choose a map and then select the locate button underneath. Unbelievably, you have to either write down the MAC address of the AP you want to find and enter it manually or copy and paste it from the monitoring page.
Whatever you do, don't buy this solution if you want rogue AP containment. A protect option is present in the web interface and this feature is discussed in the manual in as far as activating it causes the light APs to initiate a DoS attack on a rogue to stop wireless clients associating with it. However, it didn't do anything to our rogue when we tested it, and we were subsequently advised by Netgear that although it hasn't been removed, the protect option has been disabled in firmware and the vendor has no immediate plans to activate it.
Netgear's wireless monitoring and security solution certainly offers a lot of features and is competitively priced, but it is very poorly presented. The installation and deployment process needs to be explained much more clearly in the documentation and small businesses that buy this directly and attempt to install it themselves will almost certainly have problems.