Broadly speaking, there are two price classes of access points in the marketplace. A low-cost tier consisting of home devices is sold widely through retail channels directly to the end user. These low-cost devices are often specialized computing platforms with only limited memory and storage.[*] The higher-cost tier incorporates additional features required to support large deployments; frequently, these devices have additional memory and storage and incorporate more general-purpose hardware. The difference between the two price tiers is that the higher-cost devices are meant to work together as a system to build a much more reliable, secure, and manageable network. To use a somewhat simplistic analogy, the small-scale wireless LANs that have proliferated in homes and small offices are like cordless phones. They extend a single network out over a limited range, and that is all. Large-scale wireless LANs are much more like cellular telephony, with a strong focus on maintaining a network connection in a much more demanding environment. Frequent user motion and and hand-off between APs is a given, as is a much higher standard of management and troubleshooting tools.
[*] For cost savings, many of the low-cost run a stripped-down version of Linux, and have been the subject of a great deal of software hacking. See, for example, the HyperWRT (http://www.hyperwrt.org) and wifi-box (http://sourceforge.net/projects/wifi-box) projects.
Cutting across the different market segments, however, is a set of generic features that are required to fulfill the service promises made in the 802.11 standard. Configuration of these features, of course, is vendor-specific, but many products are fairly similar to each other in purpose and design.
Most obviously, access points are bridges between the wireless world and the wired world. As bridges, then, all access points have features that one would expect to see on a network bridge. They have at least two network interfaces: a wireless interface that understands the details of 802.11 and a second interface to connect to wired networks. I am not aware of any access point that does not use Ethernet as the wired back-end, though it is certainly not required by any part of the standard. As wireless LANs have grown up, more of the high-end access points have begun to support VLANs on the network uplink. Lower-end access points may have a "WAN" port, which is usually a second Ethernet port for use with a cable modem or DSL, though I have seen a few products that have RS-232 serial ports to support dial-up modems.
All wireless interfaces must provide basic support for the 802.11 channel access rules, but the similarity ends there. Early access points implemented the entire 802.11 protocol at the edge of the network; many newer devices have moved some of the 802.11 processing away from the edge of the network and have split the 802.11 MAC across multiple system components. Most access points offer the ability to use external antennas to fine-tune range and coverage area.
Bridges have some buffer memory to hold frames as they are transferred between the two interfaces, and they store MAC address associations for each port in a set of internal tables. Bridging tables are, of course, highly implementation-specific, and there is no guarantee of similarities across the industry. The most basic and inexpensive devices will usually assume that they are the only access point in the network, and bridge accordingly. When access points support roaming, it may be necessary to move sessions and user data in between access points. High-end access points may need to augment a basic bridging table with VLAN information on the wired interface, as well as information about how users authenticate their connections.
Commercial-grade devices are also designed to work cooperatively; the most common feature is a vendor-proprietary method to move association data from access point to access point without interrupting link-layer connectivity. Network management is generally much more sophisticated on commercial-grade products to enable network engineers to manage the tens or hundreds of devices used to create a large-scale coverage area.
Initially, management through a TCP/IP network interface was a standard feature. One of the big innovations in the past few years has been the development of "thin" access point solutions that move management functions from access points to central concentration devices.
Depending on the market for which an access point is developed, it may offer services to its wireless clients. The most popular service is DHCP; wireless stations may be assigned addresses automatically upon association. Larger-scale devices often rely on existing DHCP servers on the network to ensure consistence across access points. Many access points can also perform network address translation (NAT), especially the "home gateway"-type products that can connect to a modem and dial up an ISP.
Security has been a sore point for wireless network managers since before the advent of 802.11's success. Access points have a privileged position with respect to security concerns because they are the gateways to the wired network and are ideally positioned to implement security policies. In addition to first-generation security approaches such as MAC address filtering, most products now implement stronger user-based authentication. Wi-Fi Protected Access (WPA) can be run with a pre-shared key in most home products, and with an external authentication server in large corporate deployments. Many high-end devices now offer significant integration with the existing wired network. Using those features to best extend the wired network will be discussed in the next chapter.
Management interfaces often leave something to be desired. Configuration of access points tends to be challenging because access points must be manufactured cheaply, and low-cost devices tend not to have the processing power to run an easy-to-use configuration engine. Most vendors use lightweight operating systems running on low-powered hardware, but one of the trade-offs of using a lightweight operating system is that it does not provide the programming environment necessary to build rich functionality. Early access points offered both a command-line interface and a web-based management interface. The recent development of "Wi-Fi switches" offers some hope for network administrators. Rather than requiring management of individual APs as standalone network elements, stripped-down (or "thin") access points are managed through a handful of centralized control switches. With greater processing power and functionality, the switches can support more functionality and much improved management interfaces.
Debugging and troubleshooting tools are as advanced as management tools, which unfortunately means that they often leave network administrators mired in inconclusive or irrelevant information. Ideally, products should maintain detailed logs of activities, but it is common to find vague logs of results that give very little insight into failures. Counters can be helpful, but only if the right counters are accurately maintained. Tools such as ping and traceroute are common, but network analyzers and packet capture tools are not.
Types of Access Points
Broadly speaking, there are three major types of access points. Many of the best-known devices are low-cost access points sold at major consumer electronics outlets. Although these devices make up the bulk of the market, they are unsuited for use in a large-scale deployment. Just as consumer electronics-class Ethernet switches are not suitable for building a major network, cheap APs cannot offer the features needed to build a major wireless netowrk. Higher-priced devices with significant additional functionality exist for the corporate enterprise market.
For the home: residential gateways
The low-cost tier is composed of devices often called residential gateways. Residential gateways are designed to be as low-cost as possible, so only the basic features required for the typical small or home office are included. To further reduce cost, most of the residential products are based on "reference designs" from 802.11 chipmakers. Equipment manufacturers may (or may not) customize a reference design, the external case, and sell the resulting device under their own brands.
Residential gateways generally share the following characteristics:
[*] The NAT implementation is usually restrictive. It is able to translate many internal devices to varying ports on the external IP address, and fixed ports on the external IP address to specific internal addresses (for, say, inbound web or SSH requests). Some vendors may refer to this as port address translation (PAT) instead of NAT.
As this book was written, residential gateways typically cost $35 to $100. Common manufacturers are D-Link, Linksys, and Netgear. Apple's AirPort is sometimes placed in this category as well, although it is priced significantly higher and has more features.
For the office: enterprise access points
Enterprise gateways, which often go by many other names that imply the buyer values features over cost, provide everything residential gateways do, plus additional features useful for larger-scale environments. Enterprise gateways generally share the following characteristics:
[*] For information on flame tests, see http://www.houwire.com/catalog/technical/cable_flame.asp.
Naturally, these additional capabilities do not come without a price. Most enterprise-grade APs list for $500 to 1,000, though they are often available at significant discounts. Over time, the price of high-end APs does fall, but it is not subject to the same downward pressure as residential-class products. The canonical example of an enterprise-grade AP is the Cisco 1200 or Cisco 1100. Both are built on relatively generic hardware, run a full-blown version of the Internetwork Operating System, and are given new features on a regular basis. Proxim, Symbol, 3Com, and HP produce competing products with similar feature sets.
For the large office: wireless switches
One of the biggest changes in the time since the first edition of this book was published is the emergence of the "wireless switch" or "thin AP" architecture, in which relatively lightweight access points are controlled by a centralized switch. The driver behind the thin AP or wireless switch architecture is increased efficiency over first-generation products. Part of the efficiency is based on the technology itself. Thin AP architectures remove processing from the AP and move it to an aggregation device. Eliminating processing at the AP removes components and cost from the AP, increasing service lifetime. If configuration is removed from the AP as well, there are fewer managed elements in the network.
Centralizing capabilities in the controller can also lead to increased flexibility. For the same cost, concentrated hardware in the controller can provide more processing power than distributed processing at the access point. Coordinating activity between access points allows network managers to load-balance clients between APs, monitor radio activity centrally, and extend the existing network more easily.
The cost of a wireless switch-based solution may depend a great deal on its size. Most vendors offer a variety of controllers, which may range from just a few APs up to hundreds of APs. The original switch solution was Symbol's Mobius product; solutions were later built from the ground up by Airespace, Aruba, and Trapeze.
Introduction to Wireless Networking
Overview of 802.11 Networks
11 MAC Fundamentals
11 Framing in Detail
Wired Equivalent Privacy (WEP)
User Authentication with 802.1X
11i: Robust Security Networks, TKIP, and CCMP
Management Operations
Contention-Free Service with the PCF
Physical Layer Overview
The Frequency-Hopping (FH) PHY
The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)
11a and 802.11j: 5-GHz OFDM PHY
11g: The Extended-Rate PHY (ERP)
A Peek Ahead at 802.11n: MIMO-OFDM
11 Hardware
Using 802.11 on Windows
11 on the Macintosh
Using 802.11 on Linux
Using 802.11 Access Points
Logical Wireless Network Architecture
Security Architecture
Site Planning and Project Management
11 Network Analysis
11 Performance Tuning
Conclusions and Predictions