Wireless Switching System-Level Deployment · wireless LAN design. As wireless LANs in the enterprise proliferate, IT managers must apply the same structured, scalable approach to

WHITE PAPER

1

The Limits of CurrentWireless LAN Design

Most wireless LAN designers traditionallyrely on a trial-and-error approach to designand deploy wireless LANs (WLANs).Initially, an IT manager performs aninformal survey of the site, consideringradio frequency (RF) obstacles andbuilding materials, followed by an ad-hoclocation evaluation coupled with estimatesof where to place the wireless access points(APs). A time-consuming staging processfollows, during which the IT managerunpacks APs, individually configuresthem, assigns channels, and installs themin their approximate locations. Next, the ITmanager performs a more formal sitesurvey, walking around the office with awireless-enabled laptop and using sitesurvey software to take manual RF signalmeasurements at various points throughoutthe building. Manual site surveys can takea great deal of time, and address only oneaspect of wireless network requirements—the area the RF signal covers.

After the site survey, the IT managercompares the results of the formal surveyto the initial estimates and initiates a fine-tuning process of attempting to select thecorrect channels to provide the maximumcoverage with a minimum of co-channelinterference. Then AP placement is manu-ally adjusted and rechecked for coverage.

This iterative approach is especially prob-lematic for large organizations with manyusers or with very large areas. For mostorganizations, this entire process requiresperiodic checking to make sure that condi-tions haven’t changed, and that anemployee hasn’t installed any unauthorizedequipment that interferes with thenetwork.

Today’s StructuredApproach

Growing, successful businesses demand amore structured and scalable approach towireless LAN design. As wireless LANs inthe enterprise proliferate, IT managersmust apply the same structured, scalableapproach to planning and design as theydo to the wired infrastructure. 3Com’swireless switching solution, the 3ComWireless LAN Mobility System, enables ITto employ a structured approach to movebeyond time-consuming, hit-or-missmanual design processes.

This approach consists of the followingsteps:

• Step 1: Determine the topology

• Step 2: Initiate network planning

• Step 3: Configure the WLAN

• Step 4: Deploy the network

• Step 5: Manage the network

As today’s IT managers seek to empower an increasingly mobile workforce, there is an urgentneed to deploy wireless solutions that provide the same degree of traffic control, security, andmanageability as wired networks. Until recently, providing this level of business-class perform-ance in a wireless network required IT to proceed through an array of time-consuming, manualdesign and deployment steps followed by time-consuming management and troubleshooting tosolve ongoing wireless network issues.

The 3Com® Wireless LAN Mobility System embeds intelligence directly into the network,enabling IT staff to automate the manual processes of the past and quickly design, deploy, andmanage their wireless LANs. Using this structured approach to wireless LAN development,organizations of all sizes can quickly deploy the wireless environment that’s best suited to meettheir changing business needs.

Wireless Switching System-Level Deployment

C O N T E N T S

The Limits of Traditional Wireless LAN Design.......................................1

Today’s Structured Approach...........................1

Step 1: Determine a Topology.........................2

Step 2: Initiate Network Planning ...................5

Step 3: Configure the WLAN ..........................7

Step 4: Deploy the Network ...........................9

Step 5: Manage the Network .........................9

Conclusion ...................................................11

F R E E D O M T O C H O O S E A B E T T E R N E T W O R K

3COM® WIRELESS SWITCHING SYSTEM-LEVEL DEPLOYMENT WHITE PAPER

2

Every business environment is different interms of the number of users, the officefloorplan, or even the materials used toconstruct the building. That’s why the 3ComWireless LAN Mobility System gives ITadministrators flexible deployment optionsfor designing a WLAN. Its architectureensures that security, mobility, and othercritical WLAN functions will operate in anytopology and in any building site.

Key to the 3Com Wireless LAN MobilitySystem are the 3Com WLAN switches andcontrollers, where some key system intelli-gence resides. These platforms can support avariety of data center and wiring closettopologies.

The centralized deployment in Figure 1features the 3Com Wireless LAN ControllerWX4400 in the data center, at the networkcore. Organizations can also deploy 3Comwireless LAN controllers or switches inwiring closets for a distributed environment,as shown in Figure 2. 3Com Wireless LANManaged Access Point 2750 devices supportboth topologies because they can be directlyand/or indirectly attached to 3Com WLANswitches or controllers, ensuring that thesolution will operate well in any design.Many organizations will choose a combina-tion of centralized and distributed networkdesign.

Factors Impacting Topology Choice A variety of factors impact the decision ofwhich wireless platform to use.

Topology PreferenceIT organizations often advocate one topologyover another. Some prefer a centralizeddeployment with as many resources in thedata center as possible. Others prefer adistributed topology where networkresources are in the wiring closet. An organi-zation’s topology preference will helpdetermine its choice of wireless platforms.

As a general rule, consider the advice“centralize for price, distribute for perform-ance”. A centralized approach can initiallybe more cost effective, but since all trafficmust pass through the controller, there canbe performance issues. Placing wirelessswitches closer to the network edge supportsfaster roaming and higher performancebetween managed APs by distributing thetraffic. However, this approach can initiallybe more expensive.

The 3Com Wireless LAN Controller WX4400and the 3Com Wireless LAN Switch WX1200are designed to be effective in both central-ized and distributed topologies, and can bemixed and matched in any combination.


Corporate Backbone

3Com Wireless LAN

Managed Access Point

2750 devices

LAN Clients

Authentication

Server

3Com SuperStack 3

Switch 4400 PWR

3C17203 SuperStack 3



Aggregation

Switch

Switch 4007

3Com Wireless

LAN Controller WX4400LAN Clients

3Com® SuperStack® 3

Switch 4400 PWR

Wireless Clients




Floor 1

Floor 2 Data Center

3CRWX440095A Wireless LAN Controller WX4400

3Com Wireless LAN


2750 devices

3Com Wireless LAN

Switch Manager

Wireless LAN

Switch Manager

FIGURE 1 . Centralized WLAN Deployment: The 3Com Wireless LAN ControllerWX4400 is deployed at or near the enterprise network, in the data center.

Step 1: Determine theTopology

3


Initial Wireless LAN SizeCentralized deployment is an ideal startingpoint for large organizations that wish tocreate a wireless foundation then build on it.A business can install a WX4400 WLANcontroller in the data center and populateonly specific areas, such as conference roomsor common areas, with 3Com managedaccess points (managed APs).

IT staff can monitor usage growth and trafficpatterns and then decide to purchase an addi-tional managed AP license or to purchase anddeploy 3Com wireless switches in a distrib-uted configuration. Upgrade licenses for eachWX4400 controller can be purchased in 24-managed AP increments; each controllersupports up to a total of 96 managed APs perWX4400 for cost-effective scalability.

Smaller or remote branch office LANs wouldtypically deploy a distributed topology withthe 3Com Wireless LAN Switch WX1200.The wireless switch ships with a maximumsupport for 12 managed APs.

Access Point DensityThe number of managed APs needed in awireless LAN depends on the level ofperformance an organization requires and the

number of users that must be supported,balanced against cost considerations. A fewmanaged APs will usually suffice for simplecoverage that allows many users to shareeach radio. With a few managed APs in agiven area, organizations can centralize thewireless switch in the data center. Additionalmanaged APs might be required for largernumbers of users and for VoIP capability.

Power Over Ethernet and DeviceManagementPoE alleviates the need for a power plug-inat each individual AP. A switch with PoEports, such as the 3Com SuperStack® 3Switch 4400 PWR, or any standard 802.3af-compatible device (3Com offers a variety ofexternal and alternate PoE sources), willsupply both power and data over theEthernet cable.

For long-term flexibility, PoE devices shouldsupply enough power for dual-radio accesspoints, which require about 8-10 watts. ForIT organizations that put a premium onmanaging fewer devices, distributed 3ComWX1200 switches with integrated PoE are anexcellent fit. Any deployment utilizing3Com WX4400 controllers should have PoEin the wiring closets.


3Com Wireless LAN


2750 devices

LAN Clients

3Com SuperStack 3

Switch 4400 PWR




3Com Wireless LAN


2750 devices

LAN Clients

3Com® SuperStack® 3

Switch 4400 PWR

Wireless Clients



3C17203 SuperStack 3 3Com Wireless

LAN Controller WX4400

3Com Wireless

LAN Controller WX4400



Corporate Backbone

Authentication

Server

Aggregation

Switch

Switch 4007

Floor 1

Floor 2

Data Center

3Com Wireless LAN

Switch Manager

Wireless LAN

Switch Manager

FIGURE 2 . Decentralized WLAN Deployment: The 3Com Wireless LAN Switch WX1200is deployed at the edge of the enterprise network, in the wiring closet on each floor.


4

Data SecurityAlthough physical links can be used tolaunch an attack, the wired network is tradi-tionally considered a trusted medium.Physical access to the premises is restricted,wires and cables are hidden in conduits, andassets are locked away in wiring closets anddata centers. This is not the case withWLAN radio transmissions, which arebroadcast over open airwaves. Data sent overa WLAN is accessible to RF sniffers; andconnections can be spoofed by “rogue”(unauthorized) APs.

However, the 3Com Wireless LAN MobilitySystem fortifies 3Com’s already strong wire-less security features. Its 3Com WirelessSwitch Manager WLAN management soft-ware and associated network componentsprotect WLAN transmissions from intruderswith strong encryption and authenticationcapabilities while RF scanning tools willsearch for unauthorized APs.

Link ResiliencyWith the 3Com Wireless LAN MobilitySystem, organizations can group multiplecontrollers and switches into a MobilityDomain to communicate with one anotherand with the wired network’s authentica-tion, authorization, and accounting (AAA)systems to share user and group authentica-tion information across the entire networkinfrastructure.

For organizations that require a high degreeof robustness, the solution’s MobilityDomain architecture supplies networkresiliency with load balancing and trafficrouting among controllers and switches.

Using the 3Com Wireless Switch Manager,IT can plan for sufficient capacity so thatthe failure of a given AP reduces capacitybut not availability of the WLAN in theaffected coverage area. During deploymentplanning, IT managers can use the applica-tion’s software tools to illustrate the impactof reduced RF coverage by hiding the RFcontours for a selected AP. They can alsoreview the coverage of each AP’s RFcontours at the minimum association rate,highlighting the overlap of radio signals, toaccount for any possible failures before thesolution is deployed.

IT managers can also choose to implementredundant software protocols such as Per-VLAN Spanning Tree (PVST+) andLoad-Sharing Port Groups to supportcompatible redundant physical interfacesinto the wired network. Support for PVST+allows traffic belonging to individualVLANs to flow over different paths withinthe virtual bridged LAN. The IT managercan configure Load-Sharing Port Groups toprovide load sharing and link redundancyfrom the wireless switch to the wirednetwork. In addition, IT can configure theSpanning Tree Protocol (STP) Sticky Bitenhancement to keep links from constantlyresetting (flapping) on STP topologychanges.

Voice and Quality of ServiceOrganizations that are deploying a wirelessLAN to support voice services shouldconsider the impact of their wired networkinfrastructure on wireless Voice over IP(VoIP) traffic. The 3Com Wireless LANMobility System supports voice applicationstoday and provides the seamless roamingsupport needed for wireless-based voicetraffic. 3Com WLAN switches andcontrollers use sophisticated Quality ofService (QoS) features to mark prioritytraffic, and 3Com managed APs, withmultiple queues per user, prioritize voicetraffic as well.

Capital CostCost is always an issue for businesses, andthe initial capital expenses for distributingwireless switches in wiring closets may behigher than selecting a centralized approachin the data center. 3Com supports eitherchoice, with capital equipment expensesmore than offset by the ongoing deploymentand administrative cost savings garneredfrom the configuration and managementcapabilities of the 3Com Wireless LANMobility System.


5


Step 2: Initiate NetworkPlanning

Wireless LAN planning is the next step in astructured deployment approach. The 3ComWireless Switch Manager offers a full-featured planning and pre-deployment toolsuite that automates this step, providingeverything IT managers need to design andmanage a wireless network.

The planning step involves these tasks:

• Defining site requirements using importedfloor plans

• Designing the wireless LAN by deter-mining managed AP number and location

• Generating a work order

Import the Floor Plan and CreateRF ObstaclesFirst, the IT manager imports AutoCAD, JPEG,or GIF floor plan files to design the wirelessLAN offline. The 3Com Wireless SwitchManager includes a wizard-based Virtual SiteSurvey and automated coverage and capacityplanning tools to simplify the planning stage.The management application also includes alibrary of attenuators for building obstacles,including doors, walls, ceilings, and otherphysical obstructions which absorb RF signals.Software factors in the impact these objectshave on RF flow and signal loss through agiven facility. IT managers can convert objectsin the drawing into RF obstacles or createcustom RF obstacles not on the floor plan andassign each an obstacle type and attenuationfactor. They can also customize attenuationfactors to accommodate unique requirementsfor their organization.


FIGURE 3 . Creating a WLAN Plan: Importing AutoCAD Floor plans help ensurescaled, accurate RF planning and modeling

Calculate Placement and Numberof Managed APs The 3Com Wireless Switch Manager auto-matically determines how many 3Commanaged APs need to be installed in any partof a building, taking into consideration theRF obstacles, RF coverage for a given datarate and protocol (802.11a, 802.11b or802.11g), and capacity plan based on thenumber of users and their bandwidthdemands to find the optimal balancebetween radio density and user perform-ance.

Using an iterative algorithm process, APcoverage is automatically checked using themaximum allowable transmit power. If 90percent or more of the area is not covered,the program adds another managed AP, andre-positions existing managed APs. Theprocess repeats until the defined area isadequately covered, then AP coverage atmaximum power is checked to determine ifany APs can be removed. With the powerfulgraphical interface, IT staff can accuratelyevaluate coverage levels and base wirelessassociation rates, and see how they changewhen managed APs are moved to differentlocations. IT can also specify redundantmanaged AP connections to one or moreWLAN controllers or switches for addednetwork resiliency.


6

The 3Com Wireless Switch Manager alsoautomatically assigns Service Set Identifiers(SSIDs), radio frequency channels, andpower levels to each managed AP. Thechannel assignment algorithm assigns non-overlapping channels to neighboringmanaged APs, including APs on differentfloors and third-party APs, from the selectedchannel set, minimizing same-channelassignment. IT can factor in cross-floorattenuation and 802.11 recommendations inassigning channels.

Create a Work OrderNext, the 3Com Wireless Switch Managercreates a work order that shows exactly whereto install every managed AP, as well as thelocation of the WLAN switches and/orcontrollers. This detailed work order lets ITstaff easily install the WLAN, in the rightphysical locations. Administrators can create awork order as an HTML file, or as a printabledocument, for use both online and offline.

Additionally, the work order also includesreference WLAN switch and controller setupconfiguration information and projectedReceived Signal Strength Indication (RSSI)information, useful for verifying installation.However, there is no need to manuallyconfigure the individual managed APs aspart of the installation. managed AP configu-ration will occur as a centrally directedautomated process in a later step.


FIGURE 4 . Creating a Work Order: The work order provides all of the necessaryinformation for the physical installation of the WLAN.

7



Step 3: Configure the WLAN Wireless LAN configuration is the next majorstep after choosing a network topology anddeveloping the network planned equipment.Using the 3Com Wireless Switch Manager, ITstaff perform the next two tasks in the process:

• Creating and configure virtual LANs (VLANs)

• Configuring authentication, authorization,accounting (AAA)

Create Virtual LANsThe first important configuration task iscreating and configuring VLANs. A VLANpermits a group of clients to share a commonbroadcast domain regardless of their phys-ical location in the network. The 3ComWLAN Mobility System lets IT managersseamlessly integrate the WLAN into theirexisting wired networks.

One critical factor in providing seamless inte-gration is the level of effort needed to supportVLANs wirelessly. With the 3Com solution,the IT managers can support all existing wiredVLANs without changing any existing routerport configurations, adding any new routingprotocols to the network, or modifying anyclient configurations. The solution supportsVLANs that span multiple physical LANs andall portions of the WLAN, regardless of theirphysical attachment to different Layer 2 orLayer 3 switches. No switch or router portsneed to be reconfigured to support VLANs inthe 3Com solution.

VLANs must have a connection to the 3ComWireless Mobility System through one wire-less switch, the 3Com infrastructure thenmakes the assigned VLANs dynamicallyavailable to users wherever they roam. ITmanagers can use 802.1Q tagging support onthe wireless switches to interoperate withthe wired LAN switches and thereby extendall VLANs to the WLAN. The systemsupports the full 4,096 VLANs available inthe 802.1Q standard release.

IT staff can also add ports or groups to aVLAN. After adding a port or port group,they can also assign one or more tag valuesto the port or port group. A tag is a numericvalue that identifies a virtual port within theVLAN. The same VLAN can have differenttag values on different ports. The 3ComWireless Switch Manager has the uniquecapability to handle different 802.1Q frametags for the same VLAN ID on the same port.This allows the VLAN to support wirelessusers with different encryption types on asingle port. IT can also use the 3ComWireless Switch Manager to move or modifyVLAN members, using pull-down menus.

Configure AAAThe 3Com Wireless LAN Mobility Systemintegrates tightly with an organization’sexisting back-end AAA infrastructure,making use of attributes that reside in AAAservers to prove user identity and user-basedservices. The 3Com wireless solutionsupports 802.1X authentication and MAC-based authentication for clients that do notsupport 802.1X. Examples of supported802.1X authentication protocols includeEAP-TLS, PEAP, and EAP-TTLS. The wire-less solution also supports Webauthentication and bonded authentication.

3Com’s Identity-Based Networking approachto secure mobility uses information from theauthentication system to map users to theirnative VLAN, regardless of where they areconnected in the wireless network. 3Com’sinnovative approach gives IT the ability tolocate and follow users as they move, andapplies security contexts unique to that user.This a fundamental change: attributes suchas VLAN membership that are traditionallyassociated with physical ports now followthe user, independent of the network attach-ment point or medium (wired or wireless).

The Identity-Based Network architectureseamlessly integrates into the wired networkinfrastructure. IT managers do not have tochange the backbone configuration orspread VLANs everywhere as otherapproaches require. Router configurationsand access control lists (ACLs) do not changeor have to be recreated. A subnet remains asubnet—it includes the same group of userswhether wired or wireless. Nor do AAA-based solutions require changes to IPaddressing. WLAN users get their IPaddresses from the same DHCP server or awireless switch, whether they are wired orwireless, and not from a NAT appliancewhere the IP address constantly changes asthey move.

IT staff can centrally configure MobilityDomain AAA policies for wireless networkusers and groups using the 3Com WirelessSwitch Manager and then propagate thoserules to 3Com WLAN switch and controllerdatabases to enforce the security of theenterprise network.


8 F R E E D O M T O C H O O S E A B E T T E R N E T W O R K

AuthenticationAuthentication provides user identificationand assurance that users are who they saythey are using methods such as checkingusernames and passwords or initiating achallenge-response mechanism. Networkusers can be authenticated by 802.11 pre-shared key, Web authentication, 802.1X,MAC address, or other methods if the userdevice does not support 802.1X.Authentication is performed by a centralRemote Authentication Dial-In User Service(RADIUS) server or by the local user data-base in the 3Com WLAN switch orcontroller. However, 3Com recommendsusing RADIUS servers to accommodate largernumbers of users in enterprise networks.

Although Web authentication is not assecure as 802.1X, it still allows completeAAA functionality, including directing auser to a particular VLAN or subnet andenforcing other security authorization attrib-utes, such as time of day, encryption type,ACLs, and location-specific policies.

Authorization Authorization controls network access bymethods such as per-user ACLs, VLANmembership, and session timeouts.Authorization must always be performed fornetwork users because, at a minimum, theymust be authorized to use a VLAN.Authorization is automatically configured touse the AAA method defined in the corre-sponding 802.1X authentication method.

Using the 3Com Wireless Switch Manager, ITcan add user-specific attributes to the centralWLAN database:

• VLAN name – The VLAN the user isassigned to by default.

• Mobility Profile – Specifies whichmanaged AP or LAN authentication ports auser or group can use, allowing adminis-trators to dynamically apply accesspermissions based on attributes returnedby the AAA server.

• Encryption type – Specifies one or moreencryption protocols—TKIP, WPA, orAES—assigned to each user or group.

• Time-of-day access – Controls and restrictsuser or group access to the WLAN atpredetermined times on an hourly, daily,or weekly basis.

Accounting Accouting records the start and/or end of auser’s session and stores the records on thelocal 3Com WLAN switch or controller data-base or central RADIUS server.

After administrators have defined individualusers, they then define RADIUS servergroups. The 3Com Wireless LAN MobilitySystem lets them specify up to four RADIUSserver groups for AAA services; at least onegroup must be assigned to each user.

9



Step 4: Deploy the Network After planning and configuring the WLAN,the next major step is to deploy the network.Using the detailed work order created by the3Com Wireless Switch Manager, IT managerscan deploy scores of switch configurationsand thousands of Mobility Profile configura-tions in one step from a central point. Thesoftware automatically applies security poli-cies, radio channel and power settings, androaming profiles for users.

Key deployment steps are as follows:

• Install and initialize 3Com Wireless LANSwitch WX1200 and 3Com Wireless LANController units and configure them for IPand SSL connectivity.

• Install 3Com Wireless LAN ManagedAccess Point AP2750 units and connectthem to the wired network. Connect themeither directly to a 3Com wireless switchport, or to a wiring closet switch withmid-span PoE.

• Propagate the network plan to the 3Commanaged APs, WLAN WX1200 switches,and WX4400 controllers and update thewireless switch connection information tothe “managed” state.

After installing and connecting the wirelessnetwork infrastructure, IT staff can thenverify their network configurations. Thenetwork management suite includes tools toenable them to quickly resolve any synchro-nization errors, as well as change tools toupload additional wireless equipment config-urations if needed.The 3Com Wireless SwitchManager tool suite automates the configura-tion and deployment of wireless equipment,building configuration files during the plan-ning process. Once IT approves the plan,those configuration files are complete, andthe software provides a one-click deploymentprocess for sending the files to the equip-ment. And because the system providescentralized image and configuration deploy-ment, upgrades and downgrades are also easyfor administrators to perform.

Step 5: Manage the Network After the network has been configured anddeployed, the 3Com Wireless SwitchManager greatly simplifies running the wire-less LAN, using advanced networkmanagement, reports and statistics to easeongoing RF and user administration—signif-icantly reducing the total cost of owning andoperating a wireless network.

RF ManagementTo provide automated air and RF manage-ment, the 3Com Wireless Switch Managerautomates a variety of functions, including:

• Dynamic RF channel assignment

• Automatic transmit power control

• Auto load balancing

• Self healing around managed AP outage

• RF redundancy

• RF source detection and classification,including rogue APs

The enterprise tool suite collects sessioninformation across the Mobility Domain,providing instant access to location andperformance statistics by user, user group,VLAN, or any other grouping IT desires.

Detecting RF SourcesIT staff can use the 3Com Wireless SwitchManager to identify possible RF sources thatcan jeopardize either the performance orsecurity of the network. Some examples ofthese include:

• Adjacent WLAN implementations fromother corporations

• Benign sources such as cordless phones,Bluetooth wireless devices, microwaveovens, baby monitors

• Sources of more concern, such as ad-hocWLAN user groups and rogue access points


10 F R E E D O M T O C H O O S E A B E T T E R N E T W O R K

Detecting Rogue APsA rogue access point is an access point thatis not authorized to operate in the airspace.Rogue APs undermine the security of anenterprise network by potentially allowingunchallenged access to the network by anywireless user or client in the physicalvicinity. These APs can also interfere withthe operation of the wireless network. The3Com Wireless Switch Manager alertsnetwork administrators when rogue APsappear, enabling them to detect and managethese security risks.The application alsoenables administrators to use RF counter-measures to deny service to or from atargeted rogue AP. When a rogue AP isdetected, the closest 3Com managed APperforms the RF countermeasure. Byspoofing various 802.11 control messages,the countermeasures prevent client associa-tion and authentication attempts to therogue AP and disrupt communicationsbetween them.

Network MonitoringThe 3Com Wireless Switch Manager enablesadministrators to exercise pinpoint controlover the complete WLAN Mobility Domain.IT staff can verify network status, using thetool to create topology reports, inventoryreports, and provide a status summary. Theycan manage network events, filteringaccording to event type, and maintainingand exporting log files. Administrators canalso monitor network statistics using thePerformance Monitoring tool, which allowsthem to collect data for an object that theyselect and enable load balancing.

User ManagementAfter adding users to a watch list, administra-tors can see information about users and themanaged APs that they have been associatedwith during their sessions. Administrators canselect a specific user and view his or hersession roaming details.

The 3Com Wireless Switch Manager locatesusers by performing an RF sweep of theenvironment and collecting all the RF signalsheard throughout the network. IT can find aspecific user by querying the software usingthe user’s login name, IP or MAC address, orboth. The program will display the user’slocation on the floor plan based on thereceived signal strength. It also displaysother user information, such as the AP theuser is currently associated with; IP andMAC address; network usage statisticsincluding data about packets, octets, anderrors; and current session state, such asfully authenticated, attempting to authenti-cate, and so on. When the user is logged intomultiple devices, the program displays allinstances of that user.

The 3Com Wireless Switch Manager alsomaintains user data over multiple sessionswith the WLAN. The software tracksroaming history, listing all APs each userassociated with. This historical data helps ITto isolate network problems on trou-bleshooting calls.

IT staff can also define a session timeout forusers as a specific authorization attributedefined in the AAA server, or terminate anunauthorized user’s session and force themoff the network. The IT manager can use the3Com Wireless Switch Manager graphicaluser interface or command-line interfacecommands to end the session by de-authen-ticating and de-associating the user.

11



Conclusion The 3Com Wireless LAN Mobility Systemdelivers the intelligence and features that letIT managers design, deploy, and managewireless networks without the time-consuming, manual processes of the past. Byemploying a structured approach to plan-ning and deployment, IT can provide a widearray of benefits to their organizations:

• Easier planning and deployment -Automated planning tools ease design,configuration, and deployment headaches,while reducing deployment time andcontrolling administrative costs.

• Comprehensive network and user management - Intelligence embedded in3Com WLAN switches, controllers,managed APs, and administrative toolsenables IT managers to exercise completenetwork and user control, applying thesame standards to the wireless network asthey do on their wired infrastructure.

• Enterprise-grade security - Advanced AAAand encryption helps administrators safe-guard critical business resources formaximum network reliability and perform-ance.

• Standards-based implementation - Thewireless switching solution has no propri-etary vendor lock-in, ensuring maximuminteroperability and scalability.

• Scalability with growth - Designed forgrowing organizations, the 3Com solutionscales easily to support thousands of usersand future wireless LAN capabilities,including voice and other multiserviceapplications.

3Com Corporation, Corporate Headquarters, 350 Campus Drive, Marlborough, MA 01752-3064

To learn more about 3Com solutions, visit www.3com.com. 3Com is publicly traded on NASDAQ under the symbol COMS.

The information contained in this document represents the current view of 3Com Corporation on the issues discussed as of thedate of publication. Because 3Com must respond to changing market conditions, this paper should not be interpreted to be acommitment on the part of 3Com, and 3Com cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only; 3Com makes no warranties, express or implied, in this document.

Copyright © 2005 3Com Corporation. All rights reserved. 3Com, the 3Com logo, and SuperStack are registered trademarks of3Com Corporation. Exercise Choice is a trademark of 3Com Corporation. All other company and product names may be trademarksof their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject tochange without notice. 503137-01 01/05


Documents

Wireless Switching System-Level Deployment · wireless LAN design. As wireless LANs in the enterprise proliferate, IT managers must apply the same structured, scalable approach to