Seems like you can hardly turn around these days without bumping into a startup with a wireless LAN "switch."

The newest kid on the block is Aruba Networks Inc., a San Jose, Calif., company, backed by $10 million in VC funding from Matrix Partners and Sequoia Capital; it's staffed with former Alteon, Cisco Systems Inc. (Nasdaq: CSCO), and Tahoe Networks employees. Aruba is working on some of the management, security, and deployment problems that have dogged wireless LAN implementations in the enterprise, using -- you guessed it! -- a wireless LAN switch.

For those of you that missed the memo, a wireless LAN switch is a device that sits in the wiring closet, between the management console and the wireless access points set up around the office. The switch is connected to the access points via Ethernet cabling and handles tasks like deciding how much of the available bandwidth will be allocated to each user and which users should be allowed on the network, as well as implementing security features like data encryption. Essentially, a WLAN switch is one centralized brain that "thinks" for the whole wireless network. Currently a WLAN network has lots of little radio nodes that think -- a little -- for themselves, but they don't "talk" to one another.

Other companies working on this type of product include Symbol Technologies Inc. (NYSE: SBL) (see Symbol's Cisco Killer?), Trapeze Networks Inc. (see Trapeze's Wireless Bait & Switch), and AirFlow Networks (see AirFlow's WLAN Switch Packs a Big MAC).

"What all these people are trying to do is put together enterprise-class wireless LAN systems," says Abner Germanow, wireless LAN research manager at IDC. "They're wrestling with the problems of a technology that is moving from the home to the enterprise, rather than the other way around."

Security and controlling who gets on a wireless network is a major focus for Aruba. This is hardly surprising, since the security problems of the 802.11 standard are a major headache for IT managers setting up wireless LAN networks. In fact, over 70 percent of respondents to our recent wireless LAN poll said that security was their main concern (see Poll: WLAN Has Limited Life).

Time and again, the Wired Equivalent Privacy (WEP) portion of the 802.11 standard, which uses a single encryption key to secure multiple access points, has proved inadequate for heavyweight security jobs. (See this Berkeley University paper for all the gory details on how easy WEP is to crack.)

Today, vendors either add security and access control features to their individual access points, or additional security functions are delivered by third-party software from the likes of ReefEdge Inc. and Vernier Networks Inc.

Aruba is looking to deal with security at the switch level and has implemented a hardware data encryption engine that supports security standards such as IPsec and AES (Advanced Encryption Standard) on its box. The benefit of this, according to founder and CEO, Pankaj Manglik, is that if the engine needs to be updated it only has to be done once.

"Rogue" access points -- unauthorized 802.11 transceivers, often brought in by employees from home -- are another problem in the corporate environment, which is why Aruba is talking up its "air monitoring" abilities. The company is using the radios in each WLAN access point -- controlled by the Air Monitor software supplied with the switch -- to do a kind of wireless intrusion detection, monitoring all the channels on a wireless network.

After every successful login, the system learns which 802.11 Media Access Control (MAC) layer addresses it should allow on the network. It is always looking for rogue addresses trying to jump on. "We can pick them up instantly," claims Manglik. So, if it finds an alien MAC address in its midst, "we can spoof the rogue access point and send it a disconnect command."

All of these security features can be implemented with the Aruba switch and the Air Monitor software and work with other vendors' access points. This is important; Aruba recently had a "show-and-tell" day for potential customers at the swanky Tribeca Grill in New York. In between munching through the free food, your correspondent did happen to notice that there was one question everyone was asking: Does it work with Cisco?The answer is, mostly. However, some of the most interesting radio mapping aspects of the technology will only work with Aruba's own access points.

One of the hidden costs ($3,000 a floor) of rolling out access points, Manglik says, is doing a site survey to map out the radio range of each node and ensuring that the entire floor space is covered. Using the Aruba system and access points, an IT administrator can balance the radio signal strength among the different nodes, ensuring even coverage in between the hotspots. However, this only works with the Aruba access points, which have been optimized to work like plug-and-play devices with the switch. "We work around other access points," Manglik says.

AirFlow Networks takes a similar plug-and-play approach to deployment: if you need more coverage, stick another hotspot there. However, AirFlow's founder Harry Bims, says that his system does away with the need for site surveys because it handles all the signal overlap and interference problems internally. However, as neither system is commercially available yet, and Unstrung has seen only the briefest of demonstrations of the Aruba box (expected to be launched in the second quarter of this year), it's impossible to say which approach will work best.

Indeed, as one of the industry sources that Unstrung spoke to recently on the topic of wireless LANs says, the only competitor any of these startups has to worry about is "Cisco, Cisco, Cisco."

So, is Manglik expecting to see Cisco extend its Aironet product line to encompass a switch? "Cisco has a few options in front of them," he says. "Develop a product in-house, which would take them, conservatively, 14 months [ed. note: this process might have started already, according to some people] or buy their way into the market."

— Dan Jones, Senior Editor, Unstrung