Madge Wireless Enterprise Access Server 100 review
As the only remaining supporter of Token Ring networks, Madge realised a couple of years ago that it needed to diversify. So the company recently made a tentative move into the volatile world of wireless network access security. The wireless Enterprise Access Server (EAS) family comprises three security appliances. The EAS 100 is the entry point, and key features are ease of use and better value than comparable products such as the BlueSocket WG-400.
Madge is coming at wireless AP (access point) management from an entirely different angle to BlueSocket. The WG-400 acts as a conduit through which all wireless access is passed and provides authentication services to wireless users. But the EAS 100 interacts directly with each AP and provides a central location from where all their individual security settings can be managed. You can automatically implement 802.1x authentication using a RADIUS server plus dynamic WEP encryption, and use IPsec VPNs for wireless connections to the LAN. Madge will only work with APs that support SNMP and the EAS 100 must have full read-write access. At the time of writing, Madge had only successfully tested with 19 APs, and we were advised that only those on this list can be discovered and managed. Fortunately, our Proxim ORiNOCO AP-2000 test AP was on the list.
Installation certainly is simple. You connect the appliance to the LAN and use the bundled utility to search the network for Madge devices. The appliance supports up to five access points connected via a switch to its single WLAN port and can act either in controller or gateway mode. For the latter, all wireless traffic passes through the appliance, which acts as an IP router and can perform NAT if required. You can ignore the third Ethernet port as this is currently disabled.
The quick-start utility takes you straight to the browser interface. Here, you select from three security policies or create your own and set up a server certificate for 802.1x authentication and wireless IPsec VPNs. Our Proxim AP was automatically discovered by the appliance and placed in a group where it could receive a set of instructions such as its new SSID name, whether the SSID should be broadcast, the wireless channels it should use and transmit power.
The use of 802.1x and dynamic WEP encryption can be enforced and two independent firewalls are provided for both 802.11 and Bluetooth devices. These can be used to block specific protocols from passing through the AP. Once all APs have been discovered, you can set them to be managed with a single click. As soon as this option was selected our AP-2000 test AP immediately received its new instructions from the EAS 100 and proceeded to enforce the selected security and authentication settings to our test XP wireless clients. RADIUS and 802.1x settings were also automatically configured in the AP, including the address of the EAS 100 as the primary authentication server.
Madge’s appliances clearly make light work of deploying security settings to multiple APs. A reasonably detailed event log is also maintained and alarms can be sent via SNMP trap to a single email address or to an XML server. The EAS 100 is better value than the BlueSocket alternative, although a downside is the limited AP support.