Draytek Wireless Management: Innovative no-cost add-on for SME wi-fi
Some vendors will sell you a custom controller and extra licences to get central wi-fi management, but Draytek has put the functionality into its routers to make wireless management a no-cost option for buyers of its small-business networking products.
Wi-fi networks comprising standalone access points (APs) may be cheap to build, but they don't scale well because the APs have to be individually configured and controlled. Conversely, managed solutions — where access points report into a custom central controller — can cope with hundreds of APs, but cost a lot more. Draytek is looking to address this issue by ditching the custom controller and putting the intelligence for wireless management into its routers instead.
Sum of the parts
Available as a bundle if required, Draytek's wireless management solution is made up of two distinct components: a Vigor router plus one or more wireless access points.
Currently only two of Draytek's Vigor routers come with the required software: the Vigor 2860, with both internal ADSL and VDSL modems, and the Vigor 2925 with Ethernet WAN ports for use with external modems. Both can also be had with optional built-in wi-fi interfaces, but these are single-band and don't add much to the solution so most buyers will opt for a wi-fi-free base model.
The basic Vigor 2860 we tested is available online for under £150 (ex. VAT). Existing routers can also have their firmware upgraded to add the wireless management capability for free. Moreover, unlike most other managed solutions there are no hidden licensing costs, just a limit of 20 managed access points per router.
On the AP front, two models are supported: the Vigor AP-800 and the AP-900, with the newly released AP-900 the preferred option. This is partly because it features dual-band 802.11a/b/g/n wi-fi and Gigabit wired connectivity, but also because it supports all of the new wireless management options, whereas the AP-800 is limited to a much smaller subset.
Wall-mountable and available for around £110 (ex. VAT), the Vigor AP-900 is a competitively priced business-class AP in its own right, able to handle wireless clients connecting over both 2.4GHz and less-congested 5GHz WiFi channels. PoE support means it can also be powered over the LAN, added to which it has a built-in 4-port Gigabit switch to, for example, bridge to wi-fi repeaters for extended coverage.
As well as the Vigor 2860, Draytek sent us three AP-900 access points to see how everything fitted together. The 2860 we attached to our test LAN and configured it to work with a BT Infinity broadband service, although for companies happy with their existing internet gateway it can simply be added to manage the access points. We then plugged our AP-900s into the LAN and set about getting them to work.
That process turned out to be remarkably easy, the Vigor 2860 discovering our three access points without any help from us at all. A default WLAN profile also made sure we had a working wi-fi network straight away, with the option of either editing this later or adding additional profiles to fine-tune our access point settings.
There's no support for the latest-generation 802.11ac wi-fi, but that won't be a major issue until more 802.11ac clients are introduced. Instead, the Draytek access points can be configured to handle up to 802.11n with all the usual security options, including WPA/WPA2 encryption using either pre-shared keys or 802.1x authentication with an external RADIUS server. Up to four SSIDs can be assigned per waveband and bandwidth limits applied to each.
We opted to configure our own SSIDs and separate guest from corporate users, all of which can be done via the WLAN profile. Then, once happy with our settings, we simply pushed them out to selected APs. Again, this was very straightforward, but we did forget to take this last step on a couple of occasions — an error that Draytek could remedy by adding a reminder when you're saving the profile.
Managed in action
From the client perspective, our Draytek managed network worked very well indeed with no problems when either connecting or moving around — the access points seamlessly handing over connections as we roamed. The range was as good as other 802.11n business products we've tried; throughput was, similarly, what we'd expect from an 802.11n setup.
Bear in mind, however, that we were limited to a few test clients and performance, will drop as numbers rise and on networks with heavy traffic volumes. Moreover, although theoretically able to handle up to 1,280 users (20 APs with 64 clients each) we don't see anyone stretching it that far. Not least because, although very usable, the management options are basic and limited in functionality compared to a full-blown managed wireless solution.
Those options start with the ability to configure and push wireless profiles out to access points and provision new APs automatically, plus the ability to see what APs are connected and their status. However, the interface is very basic here, showing only the default SSID on one waveband and the total number of active connections for each AP. Additional status information is available but only by drilling down from the initial screen.
Access to the management interface on individual APs is also still possible and can't be blocked, although you can also perform routine tasks, such as upgrading the firmware, backing up the AP configuration and rebooting, remotely.
A wireless traffic monitor is another useful option, sampling traffic at preset intervals for display on a graph with an associated load-balancing tool that lets you limit the number of concurrent stations per AP or set bandwidth limits.
Lastly, in common with other managed wireless platforms, the Draytek solution can scan for unidentified and, potentially, rogue access points to help identify users, for example, using their phones as WiFi hotspots. Unfortunately it's a somewhat undiscriminating tool, our router finding a long list of access points, mostly, in nearby broadband routers. These can be manually categorised as either friendly or rogue, but there are no options to apply security policies to, for example, quarantine suspect APs automatically.
One small step
Compared to having to manually configure access points, Draytek's new central management tools are a step in the right direction, especially as they don't add significantly to the overall cost. Indeed, for existing Vigor users and those looking to buy a broadband router as well as wi-fi, it's a no-cost option.
When compared to full-blown managed wireless solutions, however, the Draytek implementation comes up short in terms of both feature set and scalability and, in its current format, is very much a small-business solution. That said, it's an innovative and interesting approach to a very common requirement from a well-respected vendor, and a solution that can only improve with further development.