Cisco tightens grip on WLAN standards
Cisco, Intel and BT have announced a joint initiative focused on wireless security. In particular, they aim to ensure that equipment supports the new WPA2 standard – the brand name for the 802.11i specification – from the outset. They aim to boost confidence in wireless security, but the alliance can also be seen as an attempt by a few giants to sew up the most lucrative part of the Wi-Fi market under the guise of secure platforms.
This is not the only example this week of Cisco using its weight to push its preferred standards, and therefore sideline smaller players. It has set out new details of its plans for its newly acquired wireless switch unit, Airespace, which include the revival of that company's proposed standard for interoperability of switches and access points – a proposal that had previously faded from view in favor of alternative technologies from smaller companies.
The BT/Intel collaboration will center on optimizing Intel Centrino-powered devices, Cisco routers and BT security services to work together to create a robust WPA2 platform. The companies say that, despite the supposed interoperability of standardsbased kit, in practise many products include proprietary extensions, especially to bolt on WPA2 support to existing kit, and that this can lead to insecure or broken connections, or to systems that lock the user into the original vendor's equipment. The three partners claim there will be nothing non-standard in their combined solution, but the elements will be optimized to work well together. This 'some pigs are more equal than others' approach has echoes of Intel's deal with Cisco/Linksys to ensure Centrino devices work optimally with Linksys-based access points, an arrangement widely held up as an attempt by two large players to exclude smaller companies by offering users reassurance and a ready-integrated solution.
However, whatever the marketing agenda, such moves by giants can really help to boost enterprise confidence in Wi-Fi security, which remains low despite steady improvements to standards and proprietary technology.
In order to drive uptake of wireless security, the companies are also taking part in an education campaign to engage businesses, hotspot operators and consumers, and to encourage them to demand products and services with security built-in from the start.
On the Airespace front, Cisco took the opportunity of last week's Networld+Interop show to make some clarifications about its plans for the company, whose centralized switch architecture contrasts with Cisco's homegrown Aironet 'fat' access points. The message was that both ranges would be supported for as long as was necessary, until full integration is achieved. Cisco says it is focusing on three integration areas. The first, due later this year, will be software to let current Aironet access points talk to, and be managed by, an Airespace controller. Significantly, although rival switchmakers are supporting technology from Trapeze and Aruba for a proposed IETF standard for interoperability of switches and APs, Cisco is clinging to an older technology, Lightweight Access Point Protocol (LWAPP), which was backed by Airespace. Although LWAPP has fallen out of the IETF process, it is likely that Cisco will seek to reintroduce it as a standard, since it will introduce it to the Aironet devices this year.
The second area of integration will involve moving software functions, from Cisco products and the Airespace controller, into a range of other network devices, including switches and routers. This will build on early moves in this direction, when Cisco launched the WLAN Services Module, which slots into the Catalyst 6500 switch.
The third area of integration will involve shifting a range of security functions, such as elements of 802.11i encryption and key management, 802.1X authentication, and wireless intrusion detection and prevention, into Cisco's emerging 'self-defending network' effort – another initiative widely seen as an attempt to lock customers into the giant's equipment from end to end by optimizing Cisco' varied products to work better as a single platform than in a multivendor environment.
The Airespace products have been rebranded as the Cisco 100 Access Point, the Cisco 2000 and 4100 WLAN Controllers, and Cisco Wireless Control System for network management. They join the Aironet access points, Catalyst 6500 series switch and CiscoWorks Wireless Lan Solutions Engine for management. "We're in an awkward early stage because we have two product lines," said Dave Leonard, co-general manager of Cisco's Wireless Networking Business Unit. "Investment protection is our guiding light. We'll support both Airespace and Cisco products." "It takes forever for Cisco to kill a product line," Abner Germanow, an analyst at IDC, said. "The challenge for Cisco is stepping up and explaining where each WLAN architecture is most appropriate."
Another new Cisco offering out of the Airespace labs is the Wireless Location Appliance 2700, which is designed to help customers track and locate 802.11 devices, such as laptops, PDAs and Wi-Fi enabled RFID tags, to within a few meters. This will be used for recovering lost property and for asset management applications.
New ISR routers
Other Airespace upgrades and products, under development at the time of the acquisition, will roll out in coming months, including a high end switch and an outdoor wireless mesh access point, with which Cisco hopes to target the public safety sector. Cisco also showed off new routers with built-in Wi-Fi, based on Aironet, products that fit into trends that will, eventually, kill off the dedicated wireless switch market in which Airespace was so successful as an independent. The routers, or router boards, will be able to handle Wi-Fi traffic as well as Ethernet and wide area connections. Such network-in-a-box devices are expected increasingly to replace standalone wireless switches.
The new routers are the Integrated Services Router (ISR) 800 and 1800 series. Cisco is also announcing access point modules for its larger ISR routers, as well as upgraded Power over Ethernet switch modules, and new blades for network analysis management. All ISR 1800 series routers can act as an 802.11a/b/g access point, and include an eight-port 10/100 Ethernet switch with PoE. The smaller 870 and 860 are aimed at small offices or teleworkers.
The 870 includes an 802.11g radio, QoS support for wide area traffic and a four-port 10/100 Lan switch with PoE. Some models are available with integrated DSL or an Ethernet port for cable modem connectivity. The 850 includes 802.11g, four Lan ports (without PoE) and DSL or cable modem support. The 870 series starts at $650 and the 850 series starts at $400. All Cisco's ISR products include VPN, firewall, intrusion detection and URL filtering capabilities embedded in hardware on the router, as opposed to running as software services.
Cisco claims that the ISR series, launched last year, is the company's "most successful product line ever", because it has ramped up to $600m in shipments in under three quarters.
Copyright © 2004, Wireless Watch
Wireless Watch is published by Rethink Research, a London-based IT publishing and consulting firm. This weekly newsletter delivers in-depth analysis and market research of mobile and wireless for business. Subscription details are here.