Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Migration to 802.11i Will Be a Bumpy Ride

    Written by

    Andrew Garcia
    Published January 3, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The work involved in updating wireless access points and clients for 802.11i compliance—not to mention verifying that they are compliant in the first place—is daunting, but actually migrating users to the new security framework can be equally complicated and requires a combination of strategies.

      The simplest way to enable an 802.11i pilot project is to configure a new ESSID (Extended Service Set Identifier) with the AES-CCMP (Advanced Encryption Standard-Counter Mode/CBC-MAC Protocol) settings necessary for compliance. This new ESSID would run parallel with the existing ESSID.

      /zimages/6/28571.gifClick here to read about how legacy hardware issues and costs may slow adoption of 802.11i.

      As an alternate migration strategy, Cisco Systems Inc. recommends that administrators add another cipher to existing ESSIDs. To ease the process of moving users to a new cipher, the 802.11i specification allows devices to support mixed-mode encryption. This enables administrators to configure an ESSID to support both AES and older TKIP (Temporal Key Integrity Protocol) or WEP (Wired Equivalent Privacy) encryption schemes simultaneously.

      To test these migration strategies, eWEEK Labs deployed a WPA (Wi-Fi Protected Access)-enabled network using Ciscos Aironet 1200 and Proxim Corp.s Orinoco AP-4000 access points, in conjunction with Funk Software Inc.s Steel-Belted Radius Server 4.71. For 802.1x authentication, we used EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security).

      For clients, we used a pair of Dell Inc.s Latitude D505 laptops, each of which was equipped with Intel Corp.s Pro/Wireless 2200BG internal WLAN adapters. We configured Intels ProSet/Wireless software as the 802.1x client supplicant.

      After determining that the network was working as expected, we proceeded with the upgrade, from WPA to 802.11i. We updated the access points with 802.11i-compliant firmware and ensured that each client had Version 9.0 of the Intel Pro/Set with driver Version 9.0.0.60.

      Our ability to use both the parallel network and multiple ciphers to successfully migrate to 802.11i with minimal impact to current users depended largely on the access points with which we tested. This disparity could lead to migration headaches in heterogeneous hardware environments.

      Both the Aironet and Orinoco access points support multiple encryption ciphers simultaneously. However, we preferred Proxims use of Security Profiles, which allowed us to selectively apply single or multiple encryption schemes per ESSID. Unfortunately, Proxim requires each ESSID on the same access point to use different VLAN (virtual LAN) tags. This meant we had to adjust settings on our wired infrastructure to support a separate pilot network.

      On the other hand, Cisco activates ciphers on a per-device basis, and we had trouble figuring how to apply specific encryption to an ESSID from the Web interface until Cisco engineers provided us with sample command-line scripts. The Aironet devices also allowed us more freedom to apply multiple ESSIDs to the same VLAN.

      Administrators should carefully investigate devices encryption options as well as their VLAN capabilities before embarking on an 802.11i deployment.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

      Andrew Garcia
      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected].

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.