RUCKUS FROM PAGE 25 a minimum of administrator to authenticate to the local tors can easily configure the
locate potential rogue APs, interaction needed on the cli- authentication server in key expiry interval for each
a set of user and guest pass ent machines—as long as the the Zone Director. Still, user, thereby creating an
management pages, and a clients are running Windows using Zero I T was the automated, periodic, key
viewer for logs that report XP with Service Pack 2. easiest way I’ve seen to rotation.
unusual activities of exter- Users configure their deploy enterprise-grade, Each user’s PSK appears
nal devices. wireless security by first certificate-based wireless to be tied to both the client
I also liked the speedy plugging into the wired security, as the applet computer and the wireless
search function that powers network, where they log includes a certificate to cli- adapter itself, since in tests I
the log, which enabled me into the ZoneDirector, then ent machines to use EAP- could not successfully install
to quickly find all instances download a client configu- TLS (Extensible Authenti- the applet on a PC other than
of a particular kind of alert ration applet. The applet cation Protocol-Transport the one from which I gen-
or of activities pertaining to ensures the client is running Layer Security). Users will erated the applet, nor could
a specific device. I use a different wireless
By default, users of the adapter in the same PC.
guest network are redirected With firmware Release
to a captive portal Web page, 3.0.1.0 build 109, Ruckus
where they are required to also added 802.11n support
enter temporary guest cre- into the ZoneFlex solution.
dentials to access the net- With that release, I could join
work. Corporate users are andmanageanew ZoneFlex
allowedtocreateguestpasses, 7942 802.11n AP (priced at
providedthe wirelessadmin- $699) to my ZoneFlex net-
istrator has assigned them work in the same manner as
the proper permissions (via legacy APs. In ZoneDirector,
a Role). The wireless admin- the only management dif-
istratorcanalsocentrallycon- ference for 802.11n was an
trol the life of guest passes by additional field that allowed
expiring the passes a certain me to define whether the
ZeroIT enables creation of certificates for full EAP-TLS implementation.
amount of time after the pass 11n AP used a standard
is either created or first used. Microsoft Windows XP with need to be walked through a 20MHz channel or a wide
Once guest users connect, SP2, and then automatically Windows Certificate installa- 40MHz channel.
they are denied access to any configures the operating tion wizard to complete the Although most business-
networked resources on the system’s integrated wireless setup—a potentially daunt- class 802.11n solutions oper-
local subnet—and adminis- supplicant with the appro- ing step, even if the wizard ate in both the 2.4GHz or
trators can further customize priate network and encryp- only requires the user to click 5GHz bands, the ZoneFlex
the network to deny access to tion settings. through the default settings 7942 operates only in the
other subnets as well. I did notice that the to get the wireless network 2.4GHz band. Customers
While the ZoneFlex solu- applet does not check for running. that want to reduce the
tion certainly eases WLAN Microsoft’s WPA 2/Wire- IT administrators may potential for interference
deployment and manage- less Provisioning Services insteadoptfor ZeroITusing may therefore opt to stick
mentforlesstechnicalshops, Information Element Ruckus’ DynamicPSK, with standard 20MHz
Ruckus has truly set a high (Microsoft KB 893357), a which automatically gener- channels, which will limit
bar for innovation on the patch that adds WPA2 sup- ates a unique PSK for each their network’s top-end per-
client side. Ruckus’ ZeroIT port to Windows XP, and user. In an ordinary PSK- formance. ´
feature makes it simple to that is required to enable secured network, every-
deploy the strongest levels ZeroIT to work properly. one would use the same On to 10G
of wireless security, allowing While administrators key—meaning that every Cisco’s Catalyst 4900M can
customers to deploy WPA2 can choose to pass through computer would need to be help network engineers
(Wi-Fi Protected Access 2) authentication requests reconfigured when the key navigate the transition, e WEEK
usingeithercertificate-based to an existing RADIUS is changed. With Dynam- Labs Technical Director
authentication or dynamic server or an Active Direc- icPSK, users have their Cameron Sturdevant writes.
PSKs (preshared keys) with tory, ZeroIT requires users own keys, and administra- At eweek.com
