03-19-2014 09:34 AM
I believe 1 limitation with using an IAP-93 (single radio) to perform rogue detection (for PCI) as well as provide guest access was the AP could and would never scan the other band (e.g. 5 GHz) as this would break client access.
Is this correct?
If so, it confirms my thinking that a dual radio AP (e.g. AP-105) is required to scan both 2.4 and 5 GHz bands as well as service clients.
03-19-2014 10:14 AM
Dual-radio is best. The IAP-9x can scan both bands; however, as you indicated the clients will be impacted when the radio switches back and forth. With a dual-radio you can set one radio to be a dedicated AM on its own frequency while having the other radio serve clients; however, you would be missing out on half of the threats. You could also have the dual-radio both scan and serve clients on both radios. Lastly, you could use an IAP-9x as a dedicated AM (best) with the neighboring AP be dedicated to client access.
We now have the AP-103 (controller-based) which is a dual-radio 802.11n 2x2:2 AP at the same price as the AP-9x ($395 US). The IAP-103 is not out yet but should be in the next 4 - 6 weeks or so.
03-19-2014 10:39 AM
Thanks Marcus, that was similar to our thinking.
Can you expand on what you mean by "clients will be impacted"? I imagine they may be delayed in being serviced, but should not disconnect, correct?
03-19-2014 10:44 AM
When scanning the AP goes out of service momentarily and is not servicing clients. Say, for example, the AP is serving clients on channel 6. Now it goes to scan........it changes to channel 1 and scans for threats for 110ms (variable), then goes back to Ch. 6 for clients for 10 sec. Then it goes to Ch.2 to scan and back to Ch. 6, etc.
If there are no apps that are latency sensitive, like voice, this may be just fine but if you do have sensitive apps a dedicated solution is better.
03-19-2014 10:56 AM - edited 03-19-2014 10:57 AM
Excellent! I'm still concerned, however, with servicing clients say on Ch. 6 and if the AP changes to 5 GHz to scan. Is there a bigger delay to the client vs. 110ms when changing bands, 2.4 GHz to 5 GHz? I thought there was or this was not possible with single radio APs.
03-22-2014 07:16 AM
There is no bigger delay.
Single radio access points can switch bands to scan, yes.
Scanning occurs faster with a dual-band access point so the performance is much better, like Marcus said.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs