Optical/IP Networks

Colubris's Enterprise Ambitions

Wireless LAN hardware provider Colubris Networks Inc. is getting into the enterprise network management software game with a $3,500 application aimed at controlling networks of access points (APs).

The company unveiled its Colubris Networks Management System (CNMS) software, which has been developed by Wavelink Corp., as part of a launch of a new line of multimode enterprise APs and hotspots today (see Colubris Intros Access Devices). The move means the somewhat Canadian firm will now lock antlers with wireless LAN appliance vendors such as Bluesocket Inc. and ReefEdge Inc., as well as switch startups like Airespace Inc., Aruba Wireless Networks, and Trapeze Networks Inc..

Like many of the newer WLAN overlay products, the CNMS software can be used to configure access points and set security and management policies for networks of Colubris and third-party access points without being directly connected to the radio nodes via a switch. Instead, APs can be connected to the software and security databases like Radius over a existing wired switch.

Many of the security elements can be strengthened at the edge of the network when the software is used in conjunction with Colubris access points such as the CN1250, which has an embedded VPN server onboard. Like Cisco Systems Inc.'s SWAN plans, Colubris's full hardware and software offering combines centralized management functions while keeping a soupçon of security out on the WLAN frontier (see Cisco's SWAN Song).

The company is also pushing a new "virtual AP" technology that can be used to ensure that specific users can only get the services that they are permitted by the network administrators (so that, for instance, a guest only gets Internet access, while registered users are allowed to the corporate intranet).

"It’s the industry's first implementation allowing virtual services from a single physical access point," says Colubris CEO Barry Fougere.

The "virtual AP" technology works by spoofing the network into believing that there are up to 16 service set identifiers (SSIDs) being broadcast by a single device. SSIDs are the network names that identify separate wireless LANs. So, using VLAN tagging, network administrators can deliver different services to users on the same access points.

The Colubris enterprise hardware and software package is being rolled out over the course of this month and next month.

— Dan Jones, Site Editor, Unstrung

xip 12/5/2012 | 2:39:03 AM
re: Colubris's Enterprise Ambitions How is this different from the Cisco approach - 1200 for example do support multiple ESSId's and they are mapped to VLAN. In fact 16 I think.

I think this is not the true "virtual AP" - true virtual AP implies multiple MACs.

Could somebody clarify

ptrudeau 12/5/2012 | 2:38:57 AM
re: Colubris's Enterprise Ambitions The Colubris implementation of Virtual on the newly announced products is a true implementation where each SSID has its own MAC address. This means that each SSID can carry its own security settings (WPA, VPN Termination, WEP or Open) for the right mix of services. This is not possible on APs that rely on a single MAC address for each of the broadcast SSID

Hope this clarifies
andy777 12/5/2012 | 2:38:24 AM
re: Colubris's Enterprise Ambitions
They finally implemented a feature any real wireless vendor has had for a year anyway.
lrmobile_skeptic 12/5/2012 | 2:38:04 AM
re: Colubris's Enterprise Ambitions using *gah* VLANs for security, no less.
ptrudeau 12/5/2012 | 2:37:48 AM
re: Colubris's Enterprise Ambitions Who said anything about using VLAN for security? The security is enforced either via WPA or by terminating VPN IPSEC or L2TP directly in the AP.

Then and only then, once you can trust the user, you put the traffic onto a VLAN

lrmobile_skeptic 12/5/2012 | 2:37:37 AM
re: Colubris's Enterprise Ambitions Guest users? Colubris isn't actually enforcing policy at the AP, right? So you are using VLANs to segregate the guest users...
ptrudeau 12/5/2012 | 2:35:44 AM
re: Colubris's Enterprise Ambitions The AP can enforce policies for various users authenticated against a RADIUS AAA Server (any 802.1x/EAP method or VPNs terminated in the AP either IPSec/L2TP or PPTP). The mapping to a VLAN is based on the reply from RADIUS (Access-Accept).

Of course, if you use NONE or WEP only for a specific SSID and you map it to a VLAN then you don't really have security (although the end user device actually cannot control the VLAN tag settings).

Sign In