Cisco Catalyst 3750G review
When we looked at the wireless security solution from Airespace a few years ago, we liked its tough stance on wireless intruders. Evidently, Cisco thought the same, as it acquired the company shortly afterwards and merged it into its rapidly expanding wireless product portfolio. One of the end results is the Catalyst 3750G integrated wireless LAN controller, and in this exclusive review we see what Cisco has been up to with the Airespace products and technology.
The product is an amalgamation of Cisco’s wireless LAN controller and its Catalyst 3750 switch. At its foundation are 24 copper Gigabit Ethernet ports, all of which are 802.3af PoE enabled, and the switch has a meaty 32Gb/sec switching backplane. The primary purpose of the Gigabit ports is to facilitate the distribution of Cisco’s Aironet access points. These act as the system’s eyes and ears on the wireless network, but only those running the LWAPP (lightweight access point protocol) are supported.
LWAPP is designed to take the strain out of configuration, as the access points link directly to the controller unit and, once validated, receive all configuration settings from it. For testing, we used Aironet 1130 AG access points and found that all web management has been removed, so the units can’t be accessed directly. In fact, we saw the power of this system sooner than expected, since Cisco inadvertently supplied access points configured with a US country code. Our UK-configured controller saw them immediately, warned they’d been disassociated and powered them off remotely after a few minutes without us doing a thing.
With a Catalyst switch at its foundation, initial configuration is pleasantly swift. You get the full benefit of the browser-based Cisco Device Manager, which we first saw in our exclusive review of the Catalyst Express 500-24PC. The Smartports feature that impressed so much is evident here, and you also get Cisco’s Network Assistant (CNA), which offers a wealth of wizards for swiftly implementing general network security.
The next step is to configure the controller, and the switch Device Manager provides a quick link to its web interface, which hasn’t changed too much from its Airespace days and is consequently very easy to use. This kicks off with a quick-start wizard, which runs through setting up the service and management ports along with the interfaces for communicating with the access points. The homepage opens up with a status overview of all wireless clients, Aironet APs and those that are providing 802.11a/b/g services. You can see at a glance if rogue clients and APs have been identified, and selecting the latter will reveal those clients associated with it. We found the Aironet APs to be remarkably efficient: they identified no fewer than 14 active APs and two ad hoc networks over a wide area within our offices, and listed all their details.
Policies are used to manage security, QoS and wireless services, and these can be deployed to selected APs. QoS policies allow you to do things such as limit the number of users who can associate with certain APs, while security policies can enforce encryption and authentication.
A smart feature is the containment policies, which use the Aironet APs to beat rogue APs, clients and ad hoc networks into submission. They stop clients associating with rogue APs by sending out false signals and can use deauth packets to force clients to disassociate with rogue APs. However, containment policies can get you into a lot of trouble if not used responsibly, so the controller has these de-activated by default and provides plenty of warnings if you choose to go down this route.