Hi All,
One of our military clients would like a dual wired/wireless LAN setup and we would like to offer a cost effective yet rugged wireless solution. Most of our products are standalone ruggedized systems(TAC-PAK www.308systems.com), thus this is a new application for us. The wLAN would need to be easily transportable and "idiot proof", operating up to 15 laptop computers and rugged laser printers up to a distance of approx .5 miles wireless(obviously closer range if wired). The network would have to have both wired and wireless options. Security is also an issue.

Thus, what would you recommend for a router/AP/firewall/security hardware architecture? will 802.11a/b work? anything else?

Thanks for the info, please call me at 310-376-2131 with any questions.
Mark

Just the frequency alone is better.

Plus the 802.11a is closer to the military radar, and they are already bothered by this.

So choose 2.4 gig based devices.

Make sure you run all traffic over a VPN or some other security encryption for LAN traffic.

Then add on the 802.x security with a RADIUS box.

The easiest might be to keep the wireless devices external and use an Ethernet cable to connect them.

This allows for external antennas to be easily attached.

This is not a recommendation for a product, but an example of what I am talking about.
Example DWL-900AP+ (http://support.dlink.com/products/view.asp?productid=DWL%2D900AP%2B)

This is an external device that supports 802.x in AP mode.
It has four other modes it can operate in: Point to point, Bridge, Point to Multipoint, and Repeater mode.
Again, it is not a recommendation, there may be other better external products.

I haven't tested all the modes yet. The 802.x security could be limited to one of the modes...not sure.

Good luck

I think it's obvious from your requirements, but you really should look at the high end APs that can support full encryption methodologies with rotating WEP keys and possibly Kerberos. Depending on what the time frame is, you may want to slow roll your progress until AES is out. There are some systems beginning to come out with initial software implementations, but the standard is not finalized, so there will be requirements for software upgrades. If possible to delay things, I suspect early summer would be a much more secure time for your customer.

US Law requires that all communications that are to be protected by cryptography and are not classified must be encrypted with a FIPS 140 validated encryption solution. If the data is classified, it must be encrypted with an NSA-Type 1 approved solution.

(For FIPS, check out http://csrc.nist.gov/cryptval)


These requirements preclude the use of any of the products mentioned in this thread. No form of WEP (including LEAP or 802.1x based solutions) can be validated since they do not meet the minimum requirements. In fact, the efforts of the IEEE Task Group "i" (which is creating the long-awaited replacement for WEP) will not be able to attain this validation either for similar reasons.

Bottom line? Those solutions are not strong enough for the U.S. Government.

Your best bet is to look at the FIPS 140 validated products list and search it for "wireless".

MESH Network (www.meshnetworks.com) products were developed specifically for the military. MESH is now marketing the commercially available solution. Self forming, self healing networks. Not your regular old 802.11 stuff. Military grade wireless broadband solutions.