Switch Vendor Builds in Encryption Chip

Legra Systems of Burlington, Mass., said this
week that its product line, announced in April 2003 with the first wave of WLAN switches, is now generally available. Since that initial announcement,
the company has added a couple of things to spice up the products, not the least of
which is a built-in chip devoted entirely to traffic encryption.

The Legra switch is a Layer 2/3 unit which controls a series of light access
points called Legra Radios. These "thinAPs" follow the Lightweight
Access Point Protocol
(LWAPP) an Internet
Engineering Task Force
(IETF) draft standard developed with Legra’s competition
at Airespace. LWAPP is not yet finalized,
but the Legra Radios will be upgradeable to the final spec when available.

Being relatively late to the market against other switch vendors like Airespace,
Aruba, Trapeze, and many other startups (and established companies like Nortel),
Legra wants to set itself apart with "high speed performance for security"
according to Paul DeBeasi, Legra’s vice president of marketing.

"We’ve looked at WLAN networking and seen it for what it is: it’s traditional
Layer 2 switching with some cryptography, security and radio technology. It’s
not enough to just have switching. So we’ve integrated all the security in the
switch itself. Other solutions have security in the access point."

In-house, Legra has developed a Parallel Priority Cryptography (PPC) chip
called CryptoFlex to handle performance issues with security, by working to
encrypt or decrypt multiple streams of traffic at the same time. DeBeasi says
the parallel nature of the chip beats the single input/single output of off-the-shelf chips used in other switch products.

The central Legra Switch (model LS2012) will also include its own wireless
network processor, a 30GB hard drive, and run an embedded Linux-based wireless
operating system called WOS that can be used to do fast upgrades to
the system. The system also includes a network management appliance (LM6000)
to monitor multiple switches for larger deployments. It can integrate with management
systems like HP OpenView and CA’s Unicenter. The manager appliance also can
take plug-in applications. The first one Legra will ship is called Automatic Optimizer,
which will automatically configure Legra Radios to reduce interference or kill
rogue APs.

LS2012 will work with 12 Legra Radios directly, and can also handle up to 60
remote connections sprinkled throughout a building or campus.

The Legra Radios do not need a direct connection via Ethernet back to the switch.
"Our competitors need a cable between the two," says DeBeasi. "This
just lets you plug in. As a manager, you manage just the switch. You never know
where the radio even is; you don’t have to."

There are two types of Legra Radios: an 802.11b version (model LR11b) and a
high-speed dual-band version (model LR54a/g). Both use Atheros chips — the only
third-party chips in Legra’s products. Since they don’t have to connect to the
Legra Switch itself, the Radios will work off power from any secondary 802.3af
Power over Ethernet (PoE) switch on the network. Each radio is agnostic to any
security protocols in use, from WEP up to 802.1X for authentication, since all
the security is run by the switch. The CryptoFlex chip will run all of the security
types needed simultaneously.

The company is not announcing any pricing for the product line, instead saying
that channel partners will be setting the street price to avoid setting a price
ceiling artificially. DeBeasi says they’ll be "less than some" others
on the market.

News Around the Web