Cisco Catalyst 3750G review

Dave Mitchell Read more October 7, 2009

£10292

Price when reviewed

When we looked at the wireless security solution from Airespace a few years ago, we liked its tough stance on wireless intruders. Evidently, Cisco thought the same, as it acquired the company shortly afterwards and merged it into its rapidly expanding wireless product portfolio. One of the end results is the Catalyst 3750G integrated wireless LAN controller, and in this exclusive review we see what Cisco has been up to with the Airespace products and technology.

The product is an amalgamation of Cisco’s wireless LAN controller and its Catalyst 3750 switch. At its foundation are 24 copper Gigabit Ethernet ports, all of which are 802.3af PoE enabled, and the switch has a meaty 32Gb/sec switching backplane. The primary purpose of the Gigabit ports is to facilitate the distribution of Cisco’s Aironet access points. These act as the system’s eyes and ears on the wireless network, but only those running the LWAPP (lightweight access point protocol) are supported.

LWAPP is designed to take the strain out of configuration, as the access points link directly to the controller unit and, once validated, receive all configuration settings from it. For testing, we used Aironet 1130 AG access points and found that all web management has been removed, so the units can’t be accessed directly. In fact, we saw the power of this system sooner than expected, since Cisco inadvertently supplied access points configured with a US country code. Our UK-configured controller saw them immediately, warned they’d been disassociated and powered them off remotely after a few minutes without us doing a thing.

With a Catalyst switch at its foundation, initial configuration is pleasantly swift. You get the full benefit of the browser-based Cisco Device Manager, which we first saw in our exclusive review of the Catalyst Express 500-24PC. The Smartports feature that impressed so much is evident here, and you also get Cisco’s Network Assistant (CNA), which offers a wealth of wizards for swiftly implementing general network security.

The next step is to configure the controller, and the switch Device Manager provides a quick link to its web interface, which hasn’t changed too much from its Airespace days and is consequently very easy to use. This kicks off with a quick-start wizard, which runs through setting up the service and management ports along with the interfaces for communicating with the access points. The homepage opens up with a status overview of all wireless clients, Aironet APs and those that are providing 802.11a/b/g services. You can see at a glance if rogue clients and APs have been identified, and selecting the latter will reveal those clients associated with it. We found the Aironet APs to be remarkably efficient: they identified no fewer than 14 active APs and two ad hoc networks over a wide area within our offices, and listed all their details.

Policies are used to manage security, QoS and wireless services, and these can be deployed to selected APs. QoS policies allow you to do things such as limit the number of users who can associate with certain APs, while security policies can enforce encryption and authentication.

A smart feature is the containment policies, which use the Aironet APs to beat rogue APs, clients and ad hoc networks into submission. They stop clients associating with rogue APs by sending out false signals and can use deauth packets to force clients to disassociate with rogue APs. However, containment policies can get you into a lot of trouble if not used responsibly, so the controller has these de-activated by default and provides plenty of warnings if you choose to go down this route.
Things get even more interesting with Cisco’s WCS (wireless control system) software, as this provides a full mapping service, allowing you to keep a close eye on the location of APs and wireless clients. The Aironet APs provide RF signal strength measurements, which are incorporated into a central database and used by WCS to identify wireless client and AP locations. Importing drawings of your building layout into WCS allows you to customise it and provide accurate heat signature-style mappings of radio coverage and even signal leakage through windows.

Cisco’s additional location-tracking appliance allows you to track wireless clients and build up a map showing location and movement. The system uses features such as RF fingerprinting and can highlight the physical location of rogue access points and networks. However, the possibilities go way beyond this, as combining these with third-party products and technology such as RFID tagging allows you to create a complete tracking system for goods and company assets.

During testing, we found the 3750G extremely interesting to work with thanks to its easy management and range of wireless security features. The price tag puts this device firmly in the mid-sized business and enterprise sectors, but small businesses should note that Cisco also offers a lower-cost 2106 controller, which delivers a similar level of features and supports up to six access points.