Netgear ME103 ProSafe Wireless Access Point

Model:
ME103
Price: $169
Pros: 802.1x authentication, bridging (and soon repeater) functions,
several antenna options
Cons: No syslog support, requires RADIUS server

The $169 Netgear ME103
ProSafe Wireless Access Point
is the latest product in a trend to bring
enterprise-oriented features to lower-priced WLAN devices. The ME103’s major
claim to fame is support for 802.1x authentication, but beyond that it’s a well-rounded
access point that would be a good fit for many corporate WLAN or public hotspot
environments.

The TI ACX100 chip-based ME103 announces its corporate aspirations by residing
within Netgear’s trademark blue metal case rather than the more stylish plastic
case that adorns some of Netgear’s more recent and consumer-oriented products.
Another hint: the ME103 is 802.11b-compliant only, and doesn’t even support
the TI chipset’s 22 Mbps PBCC mode.

Standard with the ME103 are a pair of 2 dBi gain antennae on reverse-SMA connectors,
but one of the strengths of the ME103 is the variety of antennae options that
are available. Should the included dipoles prove insufficient, Netgear also
offers a couple of external antennas–a 5dbi omni and an 18dBi directional–
that are compatible with the unit.

If it’s additional power that’s needed, Netgear has that covered too; in the
form of a 500 mW power booster (Model ANT24BNA). The standard ME103 output power
is 64mW. Although the booster is listed as a stand-alone product on Netgear’s
site, due to FCC regulations the power booster can only be sold together with
the ME103, can’t be offered separately, and is only available in the United
States. Netgear offer an ME103 bundle which includes the power booster.

Incidentally, The ME103 can also support Power over Ethernet (PoE) via a separate
module (the POE101).

In addition to functioning as a standard access point, the ME103 has two bridging
modes–point-to-point and point-to-multipoint. When in either of these bridging
modes, though, the ME103 can only communicate with other bridges–not with other
WLAN clients.

The ME103 offers corporate users a wireless separation feature which automatically selects a radio frequency that doesnt overlap with other nearby access pointshandy when deploying multiple units in the same area.

As mentioned, 802.1X is available for client authentication with the ME103.
In order to take advantage of 802.1X, you need to use an external RADIUS server
to authenticate users. There’s no provision to define user accounts directly
within the access point, a capability that’s found in the ZyAir
B-1000
, for example. Both approaches have pros and cons, but if you don’t
already have an authentication server, be sure to factor in the extra time and
expense of one when considering the ME103.

The ME103 supports a variety of Extensible Authentication Protocols (EAP) for authentication–MD5, TLS, TTLS, and PEAP. All but MD5 support mutual
authentication (authenticating the server to the client as well as vice-versa),
which is a good way to help combat things like rogue access points. The downside
is that all but MD5 also require a public keyinfrastructure (PKI) to issue certificates to servers and/or clients, which is something
else to factor in, whether you run your own certificate server or use an outside
vendor like Verisign.

MD5 is the easiest authentication method to implement,
requiring only a user name and password. It’s also the easiest one of the group
to break, especially if passwords like dictionary words or proper names are
allowed.

By default, the ME103 is configured as a DHCP client,
which certainly facilitates initial set-up but this becomes inadvisable when
the access point is using 802.1X and must be in communication with a RADIUS
server, so you’ll want to be sure to use a static IP
after configuration.

An activity log monitors WLAN events like card associations and authentications.
There’s a button to save the log contents to a file, but when I tried it I was
presented with an empty Notepad window and an error message saying the file
could not be found. A feature that would be appreciated in this class of product
but is unfortunately absent is syslog support.

If you don’t immediately use 802.1X and fall back to MAC filtering for client
authentication, a feature that will ease initial configuration is the ME103’s
ability to import a list of MAC addresses from
a text file. If you were unlucky enough to have to enter a pile of MAC addresses
manually, you can also export the list to a file to save you the trouble of
having to go through that again.

The WLAN throughput of the ME103 was good, and certainly commensurate with
any other 802.11b-based product I’ve tested. Using it with a Netgear WG511 b/g
CardBus NIC yielded throughput of 5.11 Mbps starting at 10 feet. It remained
steady in the mid-to-high 4 Mbps range some distance from the access point until
dropping to 3.0 Mbps at 125 feet, the farthest I can get from the access point
without leaving the building.

Enabling Wired Equivalent Privacy (WEP) encryption alone
or in conjunction with 802.1X authentication did not inflict any meaningful
performance penalty on throughput, and I successfully connected to the ME103
using a variety of b and b/g cards from Cisco, D-Link, and Buffalo.

As one might want or need, especially in a security-conscious corporate environment,
the ME103 offers six configurable levels of power output (64, 50, 30, 20, 5,
and 1mW). You can’t kill the transmitter entirely, though the 1mW level will
give the unit the range of a pea-shooter in most places.

Overall, the Netgear’s few feature omissions are largely eclipsed by the products
many pluses. The availability of 802.1X authentication, bridging modes, and
a number of antenna options make the ME103 well suited for a variety of environments
where a SOHO product might not cut it. The forthcoming addition of a repeater
mode and WPA encryption will make the ME103 stronger still.

News Around the Web