can you have WEP and WPA on the same WAP?

Archived from groups: alt.internet.wireless (More info?)

can you have WEP and WPA on the same WAP?

I would like to get a WAP that supports the older wifi client cards
that aren't upgradable to WPA and as well support the newer wifi client
cards that are WPA-able.

If it isn't possible to have both WEP and WPA on the same WAP, do I just
buy two WAPs?

Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
18 answers Last reply
More about tomshardware
  1. Archived from groups: alt.internet.wireless (More info?)

    On Sun, 06 Jun 2004 15:00:38 +0000, mack spoketh

    >can you have WEP and WPA on the same WAP?
    >
    >I would like to get a WAP that supports the older wifi client cards
    >that aren't upgradable to WPA and as well support the newer wifi client
    >cards that are WPA-able.
    >
    >If it isn't possible to have both WEP and WPA on the same WAP, do I just
    >buy two WAPs?
    >
    >Thanks Joe

    No, it's either WEP or WPA. If you need both, you'll need two WAPs.
    Wouldn't it be better to replace the older wifi cards?

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  2. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" wrote:

    > >can you have WEP and WPA on the same WAP?

    > No, it's either WEP or WPA. If you need both, you'll need two WAPs.
    > Wouldn't it be better to replace the older wifi cards?

    Thanks for your reply.

    The setup I'm working on will be for random people with laptops.
    I have to handle whatever people bring and I'm not in a position
    to tell them that they have old gear and that they should upgrade :-)
    My job is to get them linked and smile.

    I personally have about 6 older wifi cards which I expected to have a
    longer lifetime has turned out. I'm not exactly delighted at the prospect
    of them being obsoleted.

    Is this situation the result of some physical law that can't be contravened,
    or is it that the manufacturers haven't written firmware to handle both
    types of encryption, or the drivers for the cards don't handle it ...?

    Thanks Joe

    --
    Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    jmack (at) wm7d (dot) net - azimuthal equidistant map
    generator at http://www.wm7d.net/azproj.shtml
    Homepage http://www.austintek.com/ It's GNU/Linux!
  3. Archived from groups: alt.internet.wireless (More info?)

    On Sun, 06 Jun 2004 18:35:44 +0000, mack spoketh

    >"Lars M. Hansen" wrote:
    >
    >> >can you have WEP and WPA on the same WAP?
    >
    >> No, it's either WEP or WPA. If you need both, you'll need two WAPs.
    >> Wouldn't it be better to replace the older wifi cards?
    >
    >Thanks for your reply.
    >
    >The setup I'm working on will be for random people with laptops.
    >I have to handle whatever people bring and I'm not in a position
    >to tell them that they have old gear and that they should upgrade :-)
    >My job is to get them linked and smile.

    For random people with random equipment, you'll have to go for the
    lowest common denominator, which would be WEP.

    >
    >I personally have about 6 older wifi cards which I expected to have a
    >longer lifetime has turned out. I'm not exactly delighted at the prospect
    >of them being obsoleted.
    >

    I have 5 older computers, I'm not thrilled that they are obsolete, but
    I'll have to live with it.

    >
    >Is this situation the result of some physical law that can't be contravened,
    >or is it that the manufacturers haven't written firmware to handle both
    >types of encryption, or the drivers for the cards don't handle it ...?
    >
    >Thanks Joe

    An access point can only be configured with one setting for wireless
    security. It's either no encryption, WEP or WPA. There are some
    additional settings involving a RADIUS server, but that doesn't change
    the encryption options available, it only adds authentication to the
    process.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  4. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, mack mused:
    |
    | Is this situation the result of some physical law that can't be
    | contravened, or is it that the manufacturers haven't written firmware to
    | handle both types of encryption, or the drivers for the cards don't
    | handle it ...?

    From my understanding, there is something about the 11b architecture
    that makes WPA more difficult. It's not impossible, since there are some
    11b cards that support WPA, but (also from what I've read) those 11b
    products that do not current support WPA will not be updated to support it.
    Likely, though, that has more to do with marketing.
  5. Archived from groups: alt.internet.wireless (More info?)

    An AP could theoretically support both, although it makes no sense for a
    client to do so. It would add complexity and cost. The AP would have to
    keep a table associating MAC address with encryption type, and it would have
    to consult the table for every transmitted frame.

    There is no design reason why it can't be done, but there might be practical
    reasons. WEP and WPA are often implemented in silicon in newer chipsets, The
    table and decision-making logic would have to live in a driver, and the chip
    interface would have to permit the encryption type to be passed to the
    chipset for each frame. I have no hardware manuals for any chipsets, so I
    don't know if that kind of interface exists. I suspect - but I don't know -
    that the hardware is simply configured during driver initialization to run
    WEP or WPA, so changing it on a frame-by-frame basis might imply a reconfig
    for every frame. That almost certainly would be a performance disaster! The
    only alternative I can think of would involve the AP doing all of the work
    at the driver level, which would mean faster cpus and more fast memory.

    So, if you can find this feature at all, it will be in expensive commercial
    APs and routers. There would have to be a compelling commercial reason for
    any vendor to add it, with its associated costs, and I don't think there is
    one. At the low end of the price range (home/SOHO), the costs would push the
    price too high. At the high end of the price range, the buying community can
    easily afford equipment that supports WPA, either through upgrade or
    replacement.

    "mack" <jmack@wm7d.net> wrote in message news:40C36400.42DD03AF@wm7d.net...
    > "Lars M. Hansen" wrote:
    >
    > > >can you have WEP and WPA on the same WAP?
    >
    > > No, it's either WEP or WPA. If you need both, you'll need two WAPs.
    > > Wouldn't it be better to replace the older wifi cards?
    >
    > Thanks for your reply.
    >
    > The setup I'm working on will be for random people with laptops.
    > I have to handle whatever people bring and I'm not in a position
    > to tell them that they have old gear and that they should upgrade :-)
    > My job is to get them linked and smile.
    >
    > I personally have about 6 older wifi cards which I expected to have a
    > longer lifetime has turned out. I'm not exactly delighted at the prospect
    > of them being obsoleted.
    >
    > Is this situation the result of some physical law that can't be
    contravened,
    > or is it that the manufacturers haven't written firmware to handle both
    > types of encryption, or the drivers for the cards don't handle it ...?
    >
    > Thanks Joe
    >
    > --
    > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    > jmack (at) wm7d (dot) net - azimuthal equidistant map
    > generator at http://www.wm7d.net/azproj.shtml
    > Homepage http://www.austintek.com/ It's GNU/Linux!
    >
  6. Archived from groups: alt.internet.wireless (More info?)

    On Sun, 06 Jun 2004 19:13:09 GMT, gary spoketh

    >An AP could theoretically support both, although it makes no sense for a
    >client to do so.

    APs do support both WEP and WPA, however, you can't configure the AP to
    _use_ both at the same time, which I believe is the OPs question.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
  7. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" wrote:
    >
    > APs do support both WEP and WPA, however, you can't configure the AP to
    > _use_ both at the same time, which I believe is the OPs question.

    Thanks everyone, particularly Gary and Lars.

    Joe

    --
    Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    jmack (at) wm7d (dot) net - azimuthal equidistant map
    generator at http://www.wm7d.net/azproj.shtml
    Homepage http://www.austintek.com/ It's GNU/Linux!
  8. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" <badnews@hansenonline.net> wrote in message
    news:5nu6c01ku3f236o70vfkg9bldtjoqmmb4p@4ax.com...
    > On Sun, 06 Jun 2004 19:13:09 GMT, gary spoketh
    >
    > >An AP could theoretically support both, although it makes no sense for a
    > >client to do so.
    >
    > APs do support both WEP and WPA, however, you can't configure the AP to
    > _use_ both at the same time, which I believe is the OPs question.

    Apparently I didn't make it clear that I was talking about the difficulty of
    supporting both schemes *concurrently*. Of course, newer chipsets and
    drivers support both schemes. As I tried to explain, I think the choice is
    made during initialization of the chipset, and never on a
    per-transmitted-frame basis, which would be necessary to support dynamic
    switching between schemes.

    >
    > Lars M. Hansen
    > www.hansenonline.net
    > Remove "bad" from my e-mail address to contact me.
    > "If you try to fail, and succeed, which have you done?"
  9. Archived from groups: alt.internet.wireless (More info?)

    Pardon me if I'm not understanding this one... but if you got a WEP signal
    out there then that would be the signal that the hacker would break into.
    All the WPA would be useless because a WEP signal would be in the air. The
    more different signals you would have the more doors there are to get in.

    "mack" <jmack@wm7d.net> wrote in message news:40C33196.B78BE6AB@wm7d.net...
    > can you have WEP and WPA on the same WAP?
    >
    > I would like to get a WAP that supports the older wifi client cards
    > that aren't upgradable to WPA and as well support the newer wifi client
    > cards that are WPA-able.
    >
    > If it isn't possible to have both WEP and WPA on the same WAP, do I just
    > buy two WAPs?
    >
    > Thanks Joe
    > --
    > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    > jmack (at) wm7d (dot) net - azimuthal equidistant map
    > generator at http://www.wm7d.net/azproj.shtml
    > Homepage http://www.austintek.com/ It's GNU/Linux!
  10. Archived from groups: alt.internet.wireless (More info?)

    "ahh" <ahh@ahh.com> wrote in message
    news:XpidnaPEmfkYCV7dRVn-hA@giganews.com...
    > Pardon me if I'm not understanding this one... but if you got a WEP signal
    > out there then that would be the signal that the hacker would break into.
    > All the WPA would be useless because a WEP signal would be in the air.
    The
    > more different signals you would have the more doors there are to get in.

    You're misinterpreting. The OP is asking whether or not there are APs that
    support a mix of clients, some using WEP, some using WPA. There is no
    architectural reason in the 802.11 standards why this could not be done,
    only practical objections. AFAIK, no APs support this.

    Supporting concurrent use of both schemes would not weaken security in any
    way. It would remain true that WEP clients would have weaker security, but
    each type of client would have to be independently cracked.

    >
    > "mack" <jmack@wm7d.net> wrote in message
    news:40C33196.B78BE6AB@wm7d.net...
    > > can you have WEP and WPA on the same WAP?
    > >
    > > I would like to get a WAP that supports the older wifi client cards
    > > that aren't upgradable to WPA and as well support the newer wifi client
    > > cards that are WPA-able.
    > >
    > > If it isn't possible to have both WEP and WPA on the same WAP, do I just
    > > buy two WAPs?
    > >
    > > Thanks Joe
    > > --
    > > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    > > jmack (at) wm7d (dot) net - azimuthal equidistant map
    > > generator at http://www.wm7d.net/azproj.shtml
    > > Homepage http://www.austintek.com/ It's GNU/Linux!
    >
    >
  11. Archived from groups: alt.internet.wireless (More info?)

    mack wrote:
    > can you have WEP and WPA on the same WAP?
    >

    The doc for the latest WPA firmware on the Netgear site claims "yes" but
    consider the source. I've tried the FWAG114 but haven't been able to
    make it work. As soon as I upgrade my WG302's I'll try them too.

    > I would like to get a WAP that supports the older wifi client cards
    > that aren't upgradable to WPA and as well support the newer wifi client
    > cards that are WPA-able.
    >
    > If it isn't possible to have both WEP and WPA on the same WAP, do I just
    > buy two WAPs?
    >
    > Thanks Joe
  12. Archived from groups: alt.internet.wireless (More info?)

    "Larry Riffle" <spamtrap47@adelphia.net> wrote in message
    news:40C474F4.5000508@adelphia.net...
    >
    > mack wrote:
    > > can you have WEP and WPA on the same WAP?
    > >
    >
    > The doc for the latest WPA firmware on the Netgear site claims "yes" but
    > consider the source. I've tried the FWAG114 but haven't been able to
    > make it work. As soon as I upgrade my WG302's I'll try them too.

    We really need to clarify. The OP stated in his second post:

    "The setup I'm working on will be for random people with laptops.
    I have to handle whatever people bring and I'm not in a position
    to tell them that they have old gear and that they should upgrade :-)
    My job is to get them linked and smile."

    I took this to mean that he wanted a solution that would support a mix of
    clients, some running WEP, some running WPA, *at the same time*. AFAIK, such
    a solution does not exist. Most APs manufactured in the last year or two
    will support both WEP and WPA (possibly requiring an upgrade), but the AP is
    configured to run with one or the other, not both at the same time.

    >
    > > I would like to get a WAP that supports the older wifi client cards
    > > that aren't upgradable to WPA and as well support the newer wifi client
    > > cards that are WPA-able.
    > >
    > > If it isn't possible to have both WEP and WPA on the same WAP, do I just
    > > buy two WAPs?
    > >
    > > Thanks Joe
  13. Archived from groups: alt.internet.wireless (More info?)

    There exists an optional WPA feature called "migration mode"
    where the AP can support both WPA and WEP-only clients on the
    same SSID. However not all WPA clients support migration
    mode. So, to support all WPA and WEP-only clients in the same
    AP, you'll want an AP that can support multiple concurrent SSIDs,
    one configured for WEP and another for WPA.

    In a small office, it may make sense to buy two APs, one using
    WEP and the other WPA, and configure them to operate on separate
    channels (and with different SSIDs.)

    Aaron

    ---

    ~ can you have WEP and WPA on the same WAP?
    ~
    ~ I would like to get a WAP that supports the older wifi client cards
    ~ that aren't upgradable to WPA and as well support the newer wifi client
    ~ cards that are WPA-able.
    ~
    ~ If it isn't possible to have both WEP and WPA on the same WAP, do I just
    ~ buy two WAPs?
    ~
    ~ Thanks Joe
  14. Archived from groups: alt.internet.wireless (More info?)

    gary wrote:
    >
    >
    > You're misinterpreting. The OP is asking whether or not there are APs that
    > support a mix of clients, some using WEP, some using WPA.

    correct.

    I remember when WPA was proposed, that WEP was going to be regarded as
    WPA level 0 (or something like that) and that an upgrade path was available,
    so that people with old gear would accept the new standard. It sounds like
    no-one ever actually delivered.

    Thanks
    Joe

    --
    Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    jmack (at) wm7d (dot) net - azimuthal equidistant map
    generator at http://www.wm7d.net/azproj.shtml
    Homepage http://www.austintek.com/ It's GNU/Linux!
  15. Archived from groups: alt.internet.wireless (More info?)

    "mack" <jmack@wm7d.net> wrote in message news:40CA45AA.E888CFB0@wm7d.net...
    > gary wrote:
    > >
    > >
    > > You're misinterpreting. The OP is asking whether or not there are APs
    that
    > > support a mix of clients, some using WEP, some using WPA.
    >
    > correct.
    >
    > I remember when WPA was proposed, that WEP was going to be regarded as
    > WPA level 0 (or something like that) and that an upgrade path was
    available,
    > so that people with old gear would accept the new standard. It sounds like
    > no-one ever actually delivered.

    According to Aaron Leonard, who posted to this thread, the Cisco Aironet
    supports a concurrent-use migration mode. That's a roughly $800 unit. As I
    argued earlier, concurrent mixing simply isn't likely to be found on
    low-cost units, and it's not standardized.

    There was never any plan to officially support concurrent mixed use. WPA
    ("Wi-fi Protected Access") is an interim standard derived from the IEEE
    802.11i project, which is a work-in-progress. WPA was always planned in two
    phases. The first phase incorporated those finished parts of 802.11i that
    could be offered on most existing 802.11b equipment as a software upgrade.
    WPA2 - which is now available - is essentially all of 802.11i, includeing
    AES encryption. It generally requires new hardware, and cannot be offered as
    a software upgrade on all equipment.

    WPA itself is often referred to as a migration step, because it allows
    existing equipment to get some of the improvements, like TKIP. The following
    quote from the Wi-fi Alliance FAQ (question 12) makes clear that they
    specifically did not intend to support or test APs supporting concurrent
    mixed use. The model has always been, run WEP-only if one or more clients
    can't do WPA. You need to read the answer carefully, because it is poorly
    worded. The key phrase is "[t]he cost of supporting both modes is that the
    security is effectively at the minimum level ...". That means the AP is
    expected to be running WEP only if any client is WEP.
    12. Q: Will Wi-Fi Protected Access operate in a network that has both WEP
    and Wi-FiProtected Access components?

    A: The Wi-Fi Alliance does not test or support a "mixed mode" of both WEP
    and Wi-Fi client devices. However, in a large network with many clients, a
    likely scenario is that Access Points will be upgraded before all the Wi-Fi
    clients can be upgraded. Some Access Points may support a mixed mode, which
    supports both clients running Wi-Fi Protected Access and clients running
    original WEP security. The cost of supporting both modes is that security is
    effectively at the minimum level allowed by the Access Point (i.e., WEP), so
    organizations will benefit by accelerating the move to Wi-Fi Protected
    Access for all Wi-Fi stations, and setting their Access Points to allow only
    Wi-Fi Protected Access.


    >
    > Thanks
    > Joe
    >
    > --
    > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    > jmack (at) wm7d (dot) net - azimuthal equidistant map
    > generator at http://www.wm7d.net/azproj.shtml
    > Homepage http://www.austintek.com/ It's GNU/Linux!
  16. Archived from groups: alt.internet.wireless (More info?)

    gary wrote:
    >
    > WPA
    > ("Wi-fi Protected Access") is an interim standard derived from the IEEE
    > 802.11i project, which is a work-in-progress.
    ..
    ..
    > WPA itself is often referred to as a migration step, because it allows
    > existing equipment to get some of the improvements, like TKIP.

    So is any of the current commodity WPA-able hardware (client cards and WAPs)
    going to make it past the migration step, or will it too have to be discarded
    like the WEP hardware?

    Thanks Joe

    --
    Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    jmack (at) wm7d (dot) net - azimuthal equidistant map
    generator at http://www.wm7d.net/azproj.shtml
    Homepage http://www.austintek.com/ It's GNU/Linux!
  17. Archived from groups: alt.internet.wireless (More info?)

    "mack" <jmack@wm7d.net> wrote in message news:40CB55BB.200EB7C3@wm7d.net...
    > gary wrote:
    > >
    > > WPA
    > > ("Wi-fi Protected Access") is an interim standard derived from the IEEE
    > > 802.11i project, which is a work-in-progress.
    > .
    > .
    > > WPA itself is often referred to as a migration step, because it allows
    > > existing equipment to get some of the improvements, like TKIP.
    >
    > So is any of the current commodity WPA-able hardware (client cards and
    WAPs)
    > going to make it past the migration step, or will it too have to be
    discarded
    > like the WEP hardware?

    Depends on what level of security you want. For home/SOHO, current WPA
    supports TKIP, which is much better than ordinary WEP. Probably good enough
    for most cases, if you use a long, random preshared key. It also support
    802.1x authentication, which is a major improvement. If you want fullblast
    WPA2, with AES, you will probably need to upgrade to equipment that uses
    newer Broadcom or Atheros chipsets. These do the AES encryption in silicon.

    >
    > Thanks Joe
    >
    > --
    > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
    > jmack (at) wm7d (dot) net - azimuthal equidistant map
    > generator at http://www.wm7d.net/azproj.shtml
    > Homepage http://www.austintek.com/ It's GNU/Linux!
  18. Archived from groups: alt.internet.wireless (More info?)

    On Sat, 12 Jun 2004 20:13:49 GMT, gary spoketh


    >
    >Depends on what level of security you want. For home/SOHO, current WPA
    >supports TKIP, which is much better than ordinary WEP. Probably good enough
    >for most cases, if you use a long, random preshared key. It also support
    >802.1x authentication, which is a major improvement. If you want fullblast
    >WPA2, with AES, you will probably need to upgrade to equipment that uses
    >newer Broadcom or Atheros chipsets. These do the AES encryption in silicon.
    >

    FWIW, Linksys WAP54G has WPA with AES encryption, and it works like a
    charm. Works with XP and the WPA patch, as well as on W2K with newest
    Linksys drivers and Funk softwares' Odyssey client (comes with the
    Linksys software).

    AES is done in software, so there might be a performance hit. I haven't
    noticed much here at home, even with streaming audio, but then again, I
    don't have too many wireless clients competing for bandwidth. Once I get
    this laptop upgraded to XP, I'll be switching to WPA with radius
    authentication and AES encryption :)


    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
Ask a new question

Read More

Wireless Access WEP Wireless Networking