Overview

The Modern Wireless Network

Enterprise-class Wireless LANs (WLAN) have arrived and they're giving IT managers the ability to provide "anywhere, anytime" connectivity to their users.Wireless LANs provide many benefits including:

• Mobile computing
• Increased productivity
• Rapid setup and deployment of network connectivity
• Lower long term capital networking costs
• Solves traditional cable plant issues

However, with the many different solutions available in today's rapid growing WLAN market, the decision of which WLAN solution is best for your company may be a difficult choice.Thereare many questions to be answered.

• Thick, intelligent, or thin access points?
• WLAN switch or no WLAN switch?
• WLAN appliance with 3rd party APs?
• Where should the authentication be?
• Where should the encryption be?
• Can the solution scale to fill future needs?
• Is the solution upgradeable to future 802.11 standards?

As enterprise-class wireless technology matures and changes, the WLAN solution you select today may not scale to meet your wireless needs of tomorrow. And that can be a serious problem in today's cost conscious business models.The nswer for many companies is not easy and there are many benefits and drawbacks to each approach. Foundry IronPoint wireless solutions provide the answers by allowing flexible topology configuration with software upgradeable functionality. IronPoint APs can adapt to any wireless topology architecture by simply changing their software modules—from Full-Featured AP to Intelligent AP to Real-time RF Monitoring Sensor. IronPoint wireless solutions are fully backed with enterprise-class central provisioning, management and reporting features.

The Topology Debate

The rapid growth of WiFi has spawned several different approaches for adding wireless technology to your existing enterprise wired networks. There is the age old debate of Full-Featured Thick APs verses Thin or Dumb APs. There are solutions requiring the implementation of dedicated WLAN appliances. Some solutions allow the use of any 3rd party AP offering plug & play capabilities, but little or no management of the APs. Multiple vendors new to networking have centralized critical security functions back into the WLAN switch to create a new piece of networking equipment—the dedicated WLAN Switch.

Truth be told, the WLAN topology debate is new and not well understood by many IT professionals. There are benefits and drawbacks to each of these topology models and the topology the customer selects will depend on their company's current and future WLAN requirements.

The Full-Featured Thick AP

Full-Featured Thick APs provide the following benefits:

• Simple rapid deployment using existing network architecture
• Lower cost with no WLAN Switch or dedicated WLAN Appliance to purchase
• Self contained APs with radios, authentication, security, POE, and management
• Better data encryption scalability
• With central management and provisioning, they can scale to meet large deployment needs

The traditional drawbacks of Full-Featured Thick APs have been:

• SoHo-class APs don't offer the strong radio support and security required by enterprise customers
• Without central management and provisioning, they are good for small WLAN deployments and remote branch offices with a small number of employees
• Many SoHo and Small to Medium Business (SMB) solutions do not provide strong centralized management with enterprise-class reporting capabilities

Foundry recognized the benefits of deploying Full-Featured access points and the needs they help fulfill. The IronPoint 200 APs are created with strong enterprise-class radio, security, and management features to overcome the traditional short falls of Thick APs. Coupled with Foundry's IronView Network Manager (INM), customers can deploy wireless LANs ranging from a just a few APs to thousands of APs—greatly simplifying deployment, provisioning, management, reporting and lowering Total Cost of Ownership (TCO).

For detailed information on Foundry's IronPoint 200 AP, see the Foundry IronPoint 200 Data Sheet.

The Thin AP...

Thin APs working with a dedicated WLAN Switch or WLAN Appliance can provide the following benefits:

• Better scalability with centralized management
• Centralization of security and radio management
• Sophisticated features such as Layer 3 roaming, user access control policies, Power-over-Ethernet, and location-based services
• Optional security features such as WEB-based authentication, VPN termination, or VPN Pass-Through

But there are drawbacks to this topology as well. There has been no standardization of which functions should be performed by the access point and which should be performed by the WLAN switch. Lack of standards have created proprietary approaches in the industry and have led to incompatible solutions amongst vendors. Depending on where each major WiFi function is performed, AP or WLAN switch, the benefits and drawbacks differ between vendor solutions.

WLAN switch and appliance solutions that perform authentication and encryption functions in the dedicated WLAN component may not scale as well when more throughput is required. As additional APs are added to the central WLAN switch and the demand for more bandwidth increases, the ability to perform the authentication, encryption, and policy management may degrade—sacrificing performance and throughput for strong security.

Certain centralized WLAN switch solutions offer the ability to add Remote Thin APs to allow remote offices to share a centralized WLAN switch management system.By centralizing authentication on a WLAN switch or appliance far away from the Remote Thin AP, higher risks for downtime become a reality. Any outages to the wide area network or backbone connections that link the WLAN switch and Remote Thin AP together will likely cause outages at the remote site for all wireless users—as authentication and encryption to the WLAN switch or appliance is no longer possible.

Customers need to fully understand their current and future wireless LAN and topology requirements before designing and selecting their wireless LAN vendor.

Back to top

Features

Foundry Networks' IronPoint Wireless Solutions are truly revolutionary and provide all the features that enterprises are demanding in a leading edge, enterprise-class wireless network.

• Strong Security
• Seamless Mobility
• Enhanced User Policies
• Centralized Management
• RF Monitoring & Management
• Leading Standards-based Solutions
• Seamless Integration With Wired Networks
• Flexible Topology Configuration
• Strong Investment Protection
• Ease-of-Use
• Backed By An Industry Leading Profitable Networking Company

Foundry Networks is the first network solutions provider to eliminate the confusion of wireless topologies and offer customers an industry first, "best-in-class" approach for both Thick and Thin WLAN architectures. By allowing customers to load different software images onto both the FastIron Edge Switch and the IP200 AP, the WLAN network can be quickly re-formulated to suit their needs as requirements change.

All equipment is reusable and adaptable to architectural changes to gain the benefits of Thick and Intelligent APs where they are needed.

The Foundry IronPoint-FES

Foundry IronPoint Wireless Solutions are built upon Foundry's legacy of performance and "best-of-breed" price/performance value. With the introduction its latest wireless component, the IronPoint-FES, Foundry expands the capabilities of its IronPoint 200 Access Points and moves the enterprise closer to a truly integrated wired and wireless network. IronPoint-FES is a software upgrade for Foundry's award winning and feature-rich Layer 2 FastIron Edge Switch (FES) platform.

IronPoint-FES offers all of the wire-speed switching and security benefits that comes with the FastIron Edge Switch plus the integral parts of wireless technology. Through port-based WiFi Enablement, the FES switch seamlessly integrates Intelligent IronPoint 200 APs into the wired infrastructure.

IronPoint-FES allows the customer to fully customize every switch port to its fullest capabilities to create a fast and secure network for both wired and wireless clients.

Integrated IronPoint Flexibility

Customers control which ports are "WiFi Enabled". When switch ports are programmed as a WiFi Enabled ports, the FES switch automatically turns on the necessary wireless features needed to fully integrate the IronPoint 200 APs. All other non-WiFi Enabled ports that are not supporting IronPoint APs can be used for wired workstation, file server, or uplink support. Non-WiFi Enabled ports can even provide connectivity for any other 3rd party thick AP and be fully managed through its WEB interface with IronView Network Manager's Element Manager.

Foundry's IronPoint solution removes the need for dedicated WLAN switches and appliances through topology flexibility. Remote offices or small wireless LANs can be deployed with the centrally managed IP200 APs while larger campus environments requiring enhanced enterprise-class features can deploy the IronPoint-FES solution. For enterprises with remote offices or campus buildings supporting a lower number of users, the savings of not having to deploy dedicated WLAN switches or appliances in each location may be substantial.

There is no longer the need to purchase expensive dedicated WLAN switches or appliances to add wireless capabilities to your enterprise network. Customers can now take advantage of Foundry's class-leading FES switch to perform both wired and wireless networking and lower initial capital investment and obtain the industries best Total Cost of Ownership (TCO).

Best of all, Foundry's IronPoint-FES capabilities are offered through a simple software upgrade to both the FastIron Edge Switch (POE and non-POE) and the IronPoint 200 access points. For customers who already own FES switches, this is a great leap forward in lowering of TCO and centralization of management. The ability to gain the features and benefits of an integrated WLAN switch architecture without the cost of dedicated WLAN switches or appliances is truly an "industry first" with Foundry's IronPoint-FES wireless solution.

Enterprise-class Network Management

With Foundry's IronView Network Manager (INM), management of all wireless and/or wired components is just as flexible. INM allow customers to completely centralize management or create distributed departmental management with tiered management levels and functional privileges. INM gives customers full control of AP and switch deployment, provisioning, device management, change management, real time and historic reporting, RF management, and troubleshooting functions.

Customers who already own Foundry switches and routers can now leverage INM's ability to manage both the wired and wireless infrastructure—taking control of their entire network and managing it as one single entity. By managing both the wired and wireless network seamlessly, customers can reduce the costs associated with learning and managing separate dissimilar networking components and isolate faults and security flaws much faster.

IronPoint Wireless Solutions managed with IronView Network Manager offer customers the most flexible centrally managed wireless architecture in the industry.

For detailed information on Foundry's IronView Network Manager, see the Foundry INM-IP Data Sheet.

Maximizing Performance—Distributed Model

By leveraging the same principles used in high performance "distributed computing" models, Foundry has created an extremely scalable wireless LAN architecture. IronPoint-FES Wireless Solutions use powerful intelligent APs to perform critical functions to allow the entire network to scale linearly as each access point is added to the wireless infrastructure.

By not moving all of the critical authentication and security functions to the backend WLAN switch or appliance, network performance, scalability, and resiliency are enhanced.Unlike thin APs, the Foundry IP200 AP is designed with powerful CPUs and ample memory allowing it to perform many of the strong security and throughput demands. By leveraging all CPUs in both the APs and the FES switch, wire-speed performance is retained and heavy processing of data encryption is distributed— just like the modern super computing platforms.

The advantages of Foundry's distributed IronPoint wireless technology include:

• Distributed Authentication—By allowing each IronPoint 200 AP to be setup with a primary and secondary authentication server, satellite offices can authenticate locally or to a remote central authentication server.This flexibility helps eliminate the service outages that can be caused by backbone or WAN link outages.
• Distributing Data Encryption—Centralized data encryption with a single WLAN device is usually associated with performance bottlenecks or expensive encryption co-processors.By not centralizing CPU intensive data encryption protocols such as TKIP/MIC, AES, or IPSEC into the IronPoint-FES, performance bottlenecks are removed from the network and linear scaling of encryption performance is achieved with each new IP200 AP added.
• Built-in Resiliency—With each IronPoint 200 AP performing authentication and data encryption, not only are performance bottlenecks removed,but redundancy and network resiliency is naturally built in. Failure of one intelligent AP will not affect the remainder of the network. With centralized WLAN solutions providing authentication and data encryption in a single device, failure of either the authentication or data encryption modules will affect all APs and users attached to the device—causing wider outages.
• Lowest "High-Performance" TCO—Leveraging each AP's powerful CPU and memory architecture eliminates expensive WLAN switches or appliances required to perform high-speed data encryption. IP200 APs perform TKIP and AES encryption in hardware without the cost of dedicated encryption boards inside each IronPoint-FES. Single points of failure for data encryption are removed.
• Maximizes Capital Investment—IronPoint-FES functionality is achieved through a simple software upgrade to existing POE or non-POE FastIron Edge Switches.This helps to lower the cost of each WLAN enabled port and allows all non-AP ports to be fully utilized by other wired hosts. Apply wireless where your enterprise needs it without deploying dedicated expensive WLAN switches or appliances.
• Unparalleled Flexibility—Hybrid design capabilities combining both Full-Featured IP200 APs and IronPoint-FES Intelligent APs offer customers the greatest flexibility when designing their wireless network.With INM, flexible management of the entire network is made possible – for both wired and wireless Foundry components.

IT Professionals Now Have a Choice

With Foundry's IronPoint Wireless Solutions, customers now have the freedom to design and implement their wireless LANs to fully suite their business requirements.If requirements change, IronPoint's flexible adaptive technology allows the wireless hardware to change—eliminating the unnecessary cost of new hardware.

Combining leading edge industry-standard wireless technology with an award winning FES switching architecture gives customers the "best-of-breed"wireless and wired solutions they are demanding today. Strong security, seamless mobility, centralized management, flexible topology, ease-of-use, and strong investment protection all backed by a mature and profitable networking company that knows how to integrate wired and wireless.

Back to top

Specifications

Standards Compliance

• 802.1d Bridging
• 802.1D-1998
• 802.1q/p VLAN Tagging and Priority
• 802.1w Rapid Spanning Tree
• 802.1x Port-based Authentication
• 802.3 10Base-T
• 802.3 Ethernet Like MIB
• 802.3ad Link Aggregation
• 802.3u 100Base-TX
• 802.3z 1000Base-SX/LX/TX

Protocol Support

• AppleTalk
• DNS Client
• IP (RFC 1812)
• IPX RIP/SAP
• OPSF NSSA (RFC 1587)
• OSPF (RFC 1583)
• OSPF Database Overflow (RFC 1765)
• OSPF Traps (RFC 1850)
• OSPFv2 (RFC 2328v2)
• RIPv1 (RFC 1058)
• RIPv2 (RFC 1723)
• VRRP (RFC 2338)
• VRRPE (Foundry VRRP Enhanced)

IP Multicast

• DVMRP Host Requirements (RFC 1122)
• DVMRPv2
• IGMP Snooping
• IGMPv1 (RFC 1112)
• IGMPv2 (RFC 2236)
• PIM-DM (draft-ietf-v2-dm-03)
• PIM-SM (RFC 2362)

Layer 2 Enhancements and Features

• 4,096 VLANs
• 64,000 MAC Addresses
• Address Lock Filtering
• Dual Mode VLANs
• Fast Port Span
• Fast Uplink Span
• Generic VLAN Registration Protocol
• MAC-Layer Filtering
• Mirror/Monitor Ports
• Per VLAN Group Spanning Tree (PVGST)
• Per VLAN STP (PVST/PVST+)
• Server Trunk Groups
• Single-instance Spanning Tree
• Hardware-based Inbound and Outbound Access Control List

Layer 3 Enhancements

• 64,000 IP Routes
• DiffServ Support
• ToS/DSCP Control via ACLs

Management and Control

• 802.3 MAU MIB (RFC 2239)
• Architecture for Describing SNMP Framework (RFC 2571)
• BootP (RFC 951 & RFC 1542)
• BootP/DHCP Relay (RFC 2131)
• Bridge MIB (RFC 1493)
• Configuration Logging
• Ethernet Interface MIB (RFC 1643)
• Ethernet MIB (RFC 1643)
• HTTP (RFC 2068)
• ICMP Router Discovery Protocol (RFC 1256)
• Industry Standard Command Line Interface (CLI)
• Integration with HP OpenView for Sun Solaris, HP-UX, IBM's AIX, and Windows NT Standalone Windows NT
• IP Forwarding Table MIB (RFC 1354)
• IronView Network Manager (INM) Web based graphical user interface
• JetScope/ sFlow (RFC3176)
• MIB-II (RFC 1213)
• Repeater MIB (RFC 1516)
• RIPv2 MIB (RFC 1724)
• RMON MIB (RFC 1757)
• SNMP Message Processing and Dispatching (RFC 2572)
• SNMP MIB II (RFC 1573)
• SNMP View-based Access Control Model SNMP (RFC 2575)
• SNMPv1/v2c (RFC 1157)
• SNMPv3 Applications (RFC 2573)
• SNMPv3 Intro to Framework (RFC 2570)
• SNMPv3 User-based Security Model (RFC 2574)
• Support for Multiple SysLogD Servers
• TELNET (RFC 854)
• TFTP (RFC 783)

Element Security Options

• Authentication, Authorization, & Accounting (AAA)
• Bi-level Access Mode (Standard and EXEC Level)
• Protection for Denial of Service attacks
• RADIUS
• Secure Copy (SCP)
• Secure Shell
• TACACS/TACACS+
• Username/Password

Performance

• FES2402:
  • Switching Capacity 38.4Gbps
  • Forwarding Rate 6.6 Mpps
• FES4802:
  • Switching Capacity 38.4Gbps
  • Forwarding Rate 10.2 Mpps
• FES9604:
  • Switching Capacity 76.8Gbps
  • Forwarding Rate 20.4 Mpps
• FES12GCF:
  • Forwarding Rate 17.8Mpps

Physical Dimensions

• FES2402:
  2.63" (H) x 17.5" (W) x 19.6" (D)
  6.68cm (H) x 44.45cm (W) x 49.78cm (D)
• FES4802:
  2.63" (H) x 17.5" (W) x 19.6" (D)
  6.68cm (H) x 44.45cm (W) x 49.78cm (D)
• FES9604:
  4.38" (H) x 17.5" (W) x 19.6 (D)
  11.12cm (H) x 44.45cm (W) x 49.78cm (D)
• FES12GCF:
  2.63" (H) x 17.5" (W) x 19.6" (D)
  6.68cm (H) x 44.45cm (W) x 49.78cm (D)

Weight

• FES2402:
  • 25 lbs (11.36 kg) Fully Loaded including dual redundant power
  • 17.5 lbs (7.95 kg) Empty
• FES4802:
  • 25 lbs (11.36 kg) Fully Loaded including dual redundant power
  • 17.5 lbs (7.95 kg) Empty
• FES9604:
  • 31 lbs (14.09 kg) Fully Loaded including dual redundant power
• FES12GCF:
  • 25 lbs (11.36 kg) Fully Loaded including dual redundant power
• RPS5:
  • 3.75 lbs (1.70 kg)
• RPS5DC:
  • 3.75 lbs (1.70 kg)

Environmental Ranges

• Operating temperature: 32° to 104°F (0° to 40°C)
• Relative Humidity: 5% to 90%, non-condensing
• Storage temperature: -23° to 158°F (-25° to 70°C)
• Maximum BTUs: 340 BTU/Hr (100W) per supply
• Storage altitude: 10,000ft (3,000m) maximum

Power Requirements

• AC input voltage: 100vAC @ 3.5A MAX, 240vAC @ 1.5A MAX, 50-60Hz per auto-sensing, auto-switching power supply
• DC input voltage: -36vDC to -48vDC @ 9.0A MAX

Safety Certifications

• EN 60950
• IEC 950
• UL 1950
• CSA 950

Electromagnetic Emission Certifications

• FCC Class A
• EN 55022
• CISPR-22 Class A
• VCCI Class A

Immunity

• Generic: EN 50082-1

Warranty

• 5-year Hardware
• 90-days Software

Back to top

System Options

• FES2402-POE-WLAN: 24-port 10/100Base-TX IEEE 803.2af-based PoE plus 2-ports Gigabit (X or 1000Base-T) Layer 2 & IronPoint WLAN and AC Power
• FES4802-POE-WLAN: 48-port 10/100Base-TX IEEE 803.2af-based PoE plus 2-ports Gigabit (X or 1000Base-T) Layer 2 & IronPoint WLAN and AC Power
• FES2402-WLAN: 24-port 10/100Base-TX plus 2-ports Gigabit (X or 1000Base-T) Layer 2 & IronPoint WLAN and AC Power
• FES4802-WLAN: 48-port 10/100Base-TX plus 2-ports Gigabit (X or 1000Base-T) Layer 2 & IronPoint WLAN and AC Power
• FES9604-WLAN: 96-port 10/100Base-TX plus 4-ports Gigabit (X or 1000Base-T) Layer 2 & IronPoint WLAN and AC Power

Back to top

Literature

Datasheets

• IronPoint-FES Datasheet (PDF 162K)

White Papers

• Leveraging the Advantages of a Multi-vendor Network Strategy (PDF 181K)
• WPA & Funk Odyssey Installation Guide (PDF 1.34MB)
• WPA & MS IAS Installation Guide (PDF 1.80MB)
• Dynamic VLAN Installation Guide (PDF 1.29MB)

Back to top