In the previous, we discussed the progression of WLAN network infrastructure devices that are used to integrate an 802.11 wireless network into a wired network architecture.
The Wi-Fi marketplace has also produced many specialty WLAN devices in addition to autonomous APs and WLAN switches. Many of these devices, such as bridges and mesh routers, have become extremely popular, although they operate outside of the defined 802.11 standards. We will look at these devices.
Wireless Workgroup Bridge
A wireless workgroup bridge (WGB) is a wireless device that provides wireless connectivity for wired infrastructure devices that do not have radio cards.
The radio card inside the WGB associates with an access point and joins the basic service set (BSS) as a client station. As depicted in Figure below, multiple Ethernet devices are connected behind the wired side of the WGB.
This provides fast and quick wireless connectivity for wired devices through the association the WGB has with the access point. Because the WGB is an associated client of the access point, the WGB does not provide connectivity for other wireless clients.
It is also important to understand that only the radio card inside the WGB can contend for the 802.11 wireless medium and the wired cards behind the WGB cannot contend for the half-duplex RF medium.
Most wireless workgroup bridges can provide connectivity for as many as eight wired devices, but it depends upon the vendor. Some WGBs only provide connectivity for one wired device and are sometimes referred to as a “universal client.”
The workgroup bridge can be very useful in providing wireless connectivity for small desktop workgroups, cash registers, network printers, and any other devices with Ethernet ports.
Wireless LAN Bridges
A very common nonstandard deployment of 802.11 technology is the Wireless LAN bridge. The purpose of bridging is to provide wireless connectivity between two or more wired networks.
A bridge generally supports all the same features that a fat access point possesses, but the purpose is to connect wired networks and not to provide wireless connectivity to client stations.
Although bridge links are sometimes used indoors, generally they are used outdoors to connect the wired networks inside two buildings. An outdoor bridge link is often used as a redundant backup to T1 or fiber connections between buildings.
Outdoor wireless bridge links are even more commonly used as replacements to T1 or fiber connections between buildings due to their substantial cost savings.
Much like a switched network, an 802.11 wireless bridge utilizes Spanning Tree Protocol (STP) to prevent endless bridge loops. As a result, wireless bridges support two major configuration settings: root and non-root.
Bridges work in a parent/child-type relationship, so think of the root bridge as the parent and the non-root bridge as the child. A bridge link that connects only two wired networks is known as a point-to-point (PtP) bridge.
Figure below shows a PtP connection between two wired networks using two 802.11 bridges and directional antennas.
Note that one of the bridges must be configured as the parent root bridge while the other bridge in configured as the child non-root bridge. A point-to-multipoint (PtMP) bridge link connects multiple wired networks.
The root bridge is the central bridge with multiple non-root bridges connecting back to the parent root bridge. Figure below shows a PtMP bridge link between four buildings.
Please note that the root bridge is using a high-gain omni-directional antenna while the non-root bridges are all using unidirectional antennas pointing back to the antenna of the root bridge.
Also notice that there is only one root bridge in a PtMP connection. There can never be more than one root bridge. Besides the root and non-root modes, bridges have other vendor configuration modes:
- AP mode Converts a bridge into an access point WGB mode
- Converts a bridge into a workgroup bridge.
- Repeater mode Repeats the cell of a root bridge to a non-root bridge
- Root with clients Root bridge that also allows clients to associate
- Non-root with clients Non-root bridge that also allows clients to associate
The last two configuration settings that allow clients to associate are highly discouraged because of the security risks and the effect on the throughput of the bridge link because they allow clients to contend for the half-duplex medium.
Also, due to performance issues, the repeater mode is not a recommended mode for wireless bridging. If at all possible, a better bridge deployment practice is to use two separate bridge links as opposed to repeating the link of a root bridge to a non-root bridge.
Considerations when deploying outdoor bridge links are numerous, including the Fresnel zone, earth bulge, free space path loss, link budget, and fade margin.
There may be other considerations as well, including the IR and EIRP power regulations as defined by the regulatory body of your country. Point-to-point links in the 2.4 GHz band can be as long as 24 miles.
A problem that might occur over a very long distance link is an ACK time-out. Because of the half-duplex nature of the medium, every unicast frame must be acknowledged.
Therefore, a unicast frame sent across a 24-mile link by one bridge must immediately receive an ACK frame from the opposite bridge, sent back across the same long-distance link.
Even though RF travels at the speed of light, the ACK may not be received quickly enough. The original bridge will time-out after not receiving the ACK frame after a certain period of microseconds and assume that a collision has occurred.
The original bridge will then retransmit the unicast frame even though the ACK frame is on the way. Retransmitting unicast traffic that does not need to be resent can cause throughput degradation of as much as 50 percent.
To resolve this problem, most bridges have an ACK timeout setting that can be adjusted to allow a longer period of time for a bridge to receive the ACK frame across the long-distance link.
A common problem with point-to-multipoint bridging is mounting the high gain omnidirectional antenna of the root bridge too high, as pictured in Figure below.
The result is that the vertical line of sight with the directional antennas of the non-root bridges is not adequate. The solution for this problem is to use a high-gain omni-directional antenna that provides a certain amount of downtilt or to use directional sector antennas aligned to provide omnidirectional coverage.
Enterprise Wireless Gateway
An enterprise wireless gateway (EWG) is a middleware device used to segment autonomous access points from the protected wired network infrastructure, as pictured in Figure below.
An EWG can segment the unprotected wireless network from the protected wired network by acting as a router, a VPN end point, and/or a firewall.
The EWG can provide many of the same capabilities that a WLAN switch provides, with some key differences. Because an EWG segments fat access points and not thin access points, there is no AP management available within a EWG.
The need still exists for a third-party WNMS to provide management of the fat APs from another central location. Also, unlike most WLAN switches, an enterprise wireless gateway does not have an internal Wireless Intrusion Detection System (WIDS), and the need for an overlay WIDS remains.
An EWG also does not provide any RF spectrum management or control. There are some similarities between an EWG and a WLAN switch, including layer 3 roaming capabilities, user management, role based access control (RBAC), bandwidth throttling, redundancy support, layer 2 security support, and a captive portal.
An EWG can also support VLANs that are created on a managed wired switch. Although enterprise wireless gateway devices still exist, they are a dying breed that have been slowly replaced by the various WLAN switch solutions.
At least one of the EWG vendors has begun to add thin APs and RF management to their product line so that they can compete with the switch vendors. Effectively, they are transforming themselves into a switch vendor.
Residential Wireless Gateway
Residential wireless gateway (RWG) is a very fancy term for a home wireless router. The main function of a residential wireless gateway is to provide shared wireless access to a SOHO Internet connection while providing a level of security on the Internet.
These SOHO Wi-Fi routers are generally inexpensive, yet they’re surprisingly full featured. The following features are supported by a residential wireless gateway:
- Configurable 802.11 radio card
- Support for simple routing protocols such as RIP
- Network Address Translation (NAT)
- Port Address Translation (PAT)
- Port forwarding
- Firewall
- L2 security support (WEP or WPA1 Personal or WPA2 Personal)
- DHCP server
- Multiport Ethernet switch for connecting wired clients
Keep in mind that any type of wireless router is a very different device than an access point. Unlike access points, which use a Bridged Virtual Interface (BVI), wireless routers have separate routed interfaces. The radio card exists on one subnet while the WAN Ethernet port exists on a different subnet.
VPN Wireless Router
Much like the residential wireless gateway, enterprise-class wireless routers exist that can also act as an end point for a VPN tunnel. These enterprise VPN wireless routers have all of the same features that can be found in a SOHO wireless router.
And they provide secure tunneling functionality in addition to 802.11 layer 2–defined security capabilities. Supported VPN protocols may include PPTP, L2TP, IPSec, and SSH2. VPN wireless routers are typically used as edge router solutions in remote or branch offices.
Wireless LAN Mesh Routers
Another specialty WLAN device gaining in popularity is the WLAN mesh router. Wireless mesh routers communicate with each other using proprietary layer 2 routing protocols, creating a self-forming and self-healing wireless infrastructure (a mesh) over which edge devices can communicate, as shown in Figure below.
A self-forming WLAN mesh network automatically connects access points upon installation and dynamically updates routes as more clients are added. Because interference may occur, a self-healing WLAN mesh network will automatically reroute data traffic in a Wi-Fi mesh cell.
Proprietary layer 2 intelligent routing protocols determine the dynamic routes based upon measurement of traffic, signal strength, hops, and other parameters.
Although a WLAN mesh network usually comprises a mesh of repeater-like access points that all operate on one frequency, dual-band mesh routers also exist.
With dual-band WLAN mesh routers, typically the 802.11a radios are used for the mesh infrastructure and to provide backhaul while the 802.11b/g radios are used to provide access to the client stations.
Although the 802.11s Task Group is currently working on standardizing WLAN mesh networking, all current vendor solutions are proprietary.
Enterprise Encryption Gateway
An enterprise wncryption gateway (EEG) is an 802.11 middleware device that provides for segmentation and encryption. The EEG typically sits behind several fat access points and segments the wireless network from the protected wired network infrastructure.
Proprietary encryption technology using the AES algorithm at layer 2 is provided by the enterprise encryption gateway. Figure below shows a picture of an EEG.
All the access points are managed from the unencrypted side of each gateway and special client software is required for the end user client stations.
EEGs can also offer data compression and are typically certified to meet government security regulations such as FIPS 140-2. A central management server is also used so that user and device authentication methods are also provided.
Virtual AP System
One major wireless switching provider has a system know as a virtual AP. A virtual access point solution uses multiple access points that all share a single basic service set identifier (BSSID) MAC address.
Because the multiple access points advertise only one single virtual MAC address (BSSID), client stations believe they are connected to only a single access point, although they may be actually roaming across multiple APs.
The main advantage is that clients experience a “zero handoff” time and many of the latency issues associated with roaming are resolved.
All the handoff and management is handled by a central WLAN switch. It should be understood that a virtual AP solution is extremely proprietary and operates way outside of the defined 802.11 standard.