Monday, June 9, 2014

Aruba AP225 review



  1. Intro
  2. Features
  3. Setup
  4. Wireless configuration
  5. Throughput tests (Wireless/Wired)
  6. Closing Notes

Intro: The Aruba AP225 is a enterprise level wireless access point that is  somewhat affordable for small to medium businesses, has lots of features and can tolerate a lot of heavy usage that enterprises require.

Features: The AP225 features the following:

  • Dual band 2.4Ghz and 5Ghz operation with 3 x 3 MIMO connectivity at up to 1200Mbps
  • 2 wired Gigabit LAN ports
  • 4 3x3 mimo  x 5dBi  dual band internal antennas with 21dBm output power for great wireless coverage.
  • SSIDs with configurable VLANs for each one providing more security then standard guest networks
  • Full VLAN configuration 
  • Captive portals
  • Full and extremely detailed traffic shaping (QoS) and firewall controls
  • Full client connectivity details and monitoring.
  • Fixed and DHCP client address assignments
  • Fully customizable user/group policies
  • Full Intrusion Protection Services
  • SNMP
  • And lots more


Setup:

Power brick was  like your usual one. It did, however come with plugs for other countries
Instant setup is weird. You log into the “Instant” SSID that has no password, you configure the AP with a new main SSID, then you log off and log back into the new main SSID and the “Instant” SSID is deleted.  

Let's take a look at the really helpful status page that tells us all our status. It also shows CPU usage memory usage, and throughput.




Wireless Configuration:

Here’s the WLAN config screens:
Radio Settings:

Security Settings:


The AP225 supports WPA/WPA2 and supports PSK and Enterprise authentication types that can be different for each SSID. Selecting “Enterprise” allows you to use Aruba Authentication, which allows you to define a username and password rather then a static key, allowing for more fine control over your wireless network. User based controls allow you to define limits PER USER so that if let’s say, they get fired, you just delete thier user account and not have to change the ENTIRE NETWORK’S encryption key.

There are also other further firewall options for the AP as well. Like username/pass, walled gardens, Application Layer Gateway options, protection against wired attacks, etc. Those are accessed by clicking the security link on the top right


Intrusion Protection:
The AP225 has wireless intrusion protection built in so you don’t have to worry about rogue APs, spoofs, etc. It will also protect against flood attacks, etc.

Here’s the config screens and also to note there are custom settings as well These are accessed on the more>IDS link on the top right.



The intrusion protection has been tested and when I enabled it my phone/other devices could not connect to ANY of my other SSIDs besides the ones that are on the AP225. It worked well. I disabled the IPS features and the phone was able to connect to the other non-AP225 SSIDs. This is so people can’t bring rogue access points and it works.



Throughput Tests: (Wireless)

I will be using LAN Speed test for the throughput tests and PRTG to generate the graphs. It also is a comprehensive enterprise level network monitoring software and it can record uptime, transfer rates, errors, etc.

Test environment: (Set 1)

Specs of Building: This is going through about 32 ft through 2 walls, a solid all-wood dresser, and a chimney. The room has plaster walls in some places.

Specs of server :(my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: (remote machine in other room): AGNXAndrakon/AMD Phenom 9650/4GB Corsair XMS2 DDR2 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Amped Wireless ACA1 USB WLAN connection:USB3 via a PCI-Express addon card.


5Ghz 802.11ac mode: Channel 161 -62dBm

LAN speed test: 25 stream 6GB file: 32Mbytes/sec or 256Mbits/sec




2.4 GHz 802.11n mode: Channel 6 -64dBm

LAN speed test: 25 stream 6GB file: 10Mbytes/sec or 80Mbits/sec




Test environment: (Set 2)

Specs of Building Test Run 1: 16Ft away thru a wood door hallway right outside the office where the AP225 is located.

Specs of server (my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client: HP2000-412NR/AMD E300/8GB DDR3 RAM/300 GB HDD/AMD RADEON 6310/Windows 7 x64 Home Premium/RalinkRT5390 WLAN

2.4 GHz 802.11n mode: Channel 11 -46dBm

LAN speed test: 25 stream 6GB file: 5Mbytes/sec or 40Mbits/sec


Test environment: (Set 3)

Specs of server :(my machine in the same room as theAP225): Intel i5 3570K/16GB Corsair XMS3 DDR3 1600 RAM/Nvidia Geforce 650Ti/Samsung 840 120GB SSD/Windows Server 2012 Standard/Realtek GBE NIC

Specs of client (same room as the AP225): HP /Core 2 Duo/2GB DDR2 RAM/20GB HD/Intel GMA/Windows 7 x64 Home Premium/NETGEAR A6200 WiFi USB3.0 Adapter

5Ghz 802.11ac mode: Channel 161 -42dBm
LAN speed test: 25 stream 6GB file: 28Mbytes/sec or 224Mbits/sec


2.4 GHz 802.11n mode: Channel 6 -64dBm

LAN speed test: 25 stream 6GB file: 12Mbytes/sec or 96Mbits/sec




Conclusion:

Pros:
  • Excellent management software with lots of options
  • Lots of RF tools to configure the WLAN radios to your needs
  • Powerful coverage and throughput
  • Very robust security controls and options
  • 3g/4g failover

Cons:
  • Pricey
  • No external antennas
  • No advanced logging/stats on website visits like Meraki does
  • Not very complete client info like Operating system, specs, etc. Very limited client details This has been added in a firmware update that the Aruba rep told me about! Awesome!


Rating:  8/10
Recommended: Yes









No comments:

Post a Comment