InReach MAPs enforce QoS and security policies, both of which are configurable on a per-service basis. Customers can set a variety of WLAN operating parameters to suit the needs of each service, including Delivery Traffic Information Map (DTIM) signals, which client devices use to conserve battery power. This per-service configurability enables customers to integrate the broadest range of client devices into their network, from legacy barcode scanners to new-generation laptops and PDAs, while accommodating the varying security, QoS, and power management capabilities of each device.

Customers can also configure InReach MAPs to tag the traffic associated with each WLAN service for a separate wired network VLAN, enabling network operators to leverage existing network security and traffic management capabilities.

Security

InReach MAPs enforce multi-layer security policies to create a secure WLAN/wired network perimeter. This "defense-in-depth" approach secures the airwaves using strong WLAN client authentication and encryption. It protects the backbone network by restricting access to specific destinations and by leveraging existing VLAN-based security mechanisms.

At the same time, hardware-assisted layer 2 encryption processing ensures InReach MAPs deliver high performance when using WEP, WPA and WPA2 (802.11i) security protocols. Client devices can be authenticated by MAC address or industry-standard 802.1x port authentication protocols with support for popular EAP types (TLS, TTLS, PEAP, SIM). InReach MAPs also support a standard RADIUS AAA interface, which provides compatibility with popular enterprise authentication servers, including Microsoft Active Directory and LDAP.

To complement WLAN security mechanisms and strengthen the network perimeter, InReach MAPs can apply layer 2/3 filtering and VLAN tagging on a per-service basis. VLAN tagging enables customers to enforce a range of end-to-end security policies so that traffic from devices with weak security capabilities can be integrated into a single infrastructure. VLAN tags can also be applied on a per-user basis, giving network managers the flexibility to implement coarse- or fine-grained VLAN security.

Manageability and Monitoring

Centralized management of InReach MAPs is performed by the InCharge Colubris Network Management System (CNMS), an advanced WLAN management platform that configures, monitors, and manages an entire CIMS infrastructure. During installation, InCharge automatically discovers each InReach MAP and assigns it to a group for fast configuration and deployment.

To protect the system from compromise, all InCharge management interfaces are secured. The embedded web GUI and CLI interfaces are secured using SSL, IPSec protects the SNMP interface, while secure FTP protocols protect downloadable firmware and configuration files.

In addition to these centralized management and control features, InReach MAPs feature comprehensive client device monitoring and powerful troubleshooting tools that minimize operations costs:

• Colubris' unique Client Data-Rate matrix summarizes the distribution of transmit and receive packets by data rate for each client associated with an AP, providing an easy method to diagnose performance problems.
• The Client Event Log provides a detailed history of 79 different association, security, and DHCP handshake events for each client, with plain English explanations that simplify debugging.
• A packet capture tool grabs packets off the air or the LAN interface and saves them in PCAP file format for offline analysis using Ethereal.

QoS and VoWLAN Support

InReach MAPs provide the most comprehensive QoS support in the industry, enabling customers to converge a range of real-time and nonreal-time applications on a single WLAN infrastructure. Certified support for the Wireless MultiMedia (WMM) specification provides four levels of priority, enabling multiple applications - including voice and video - to share the same infrastructure. A multi-layer classifier enables administrators to leverage wired network QoS policies by mapping 802.1p and DiffServ packet markings to WLAN priority queues.

Customers can also use InReach MAPs to deliver enterprise-class VoWLAN service because they support both the SpectraLink Voice Priority (SVP) and Wireless MultiMedia (WMM) protocols, which ensure voice quality and provide compatibility with emerging VoWLAN telephones.

RF Management

InReach MAPs automate the configuration and operation of the RF network. Each MAP automatically selects a channel within the desired frequency band based on an interference scan. Once a channel has been selected, the InReach MAP continuously optimizes performance by scanning the environment in background mode and changing channels as needed to avoid sources of interference.

InReach MAPs can also be dedicated to continuous real-time rogue scanning across the full 2.4 and 5 GHz spectrums. They instantly report rogue devices to the InCharge centralized network management system, or any other SNMP manager, for immediate action.

Installation Flexibility

Because InReach MAPs are available with one or two software-selectable a/b/g radios and a choice of plenum-rated indoor or outdoor enclosures, customers can install them in almost any environment. Their support for a range of wireless network topologies also minimizes installation costs.

Because they support WDS, InReach MAPs can be installed in areas where Ethernet cabling is either unavailable or cost prohibitive. The Colubris secure WDS implementation supports point-to-point and point-to-multipoint configurations, affording customers a range of price/performance options.