Sign in with
Sign up | Sign in
Your question

can you have WEP and WPA on the same WAP?

Last response: in Wireless Networking
Share
June 6, 2004 7:00:38 PM

Archived from groups: alt.internet.wireless (More info?)

can you have WEP and WPA on the same WAP?

I would like to get a WAP that supports the older wifi client cards
that aren't upgradable to WPA and as well support the newer wifi client
cards that are WPA-able.

If it isn't possible to have both WEP and WPA on the same WAP, do I just
buy two WAPs?

Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More about : wep wpa wap

Anonymous
June 6, 2004 8:50:44 PM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 06 Jun 2004 15:00:38 +0000, mack spoketh

>can you have WEP and WPA on the same WAP?
>
>I would like to get a WAP that supports the older wifi client cards
>that aren't upgradable to WPA and as well support the newer wifi client
>cards that are WPA-able.
>
>If it isn't possible to have both WEP and WPA on the same WAP, do I just
>buy two WAPs?
>
>Thanks Joe

No, it's either WEP or WPA. If you need both, you'll need two WAPs.
Wouldn't it be better to replace the older wifi cards?

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
June 6, 2004 10:35:44 PM

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" wrote:

> >can you have WEP and WPA on the same WAP?

> No, it's either WEP or WPA. If you need both, you'll need two WAPs.
> Wouldn't it be better to replace the older wifi cards?

Thanks for your reply.

The setup I'm working on will be for random people with laptops.
I have to handle whatever people bring and I'm not in a position
to tell them that they have old gear and that they should upgrade :-)
My job is to get them linked and smile.

I personally have about 6 older wifi cards which I expected to have a
longer lifetime has turned out. I'm not exactly delighted at the prospect
of them being obsoleted.

Is this situation the result of some physical law that can't be contravened,
or is it that the manufacturers haven't written firmware to handle both
types of encryption, or the drivers for the cards don't handle it ...?

Thanks Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
Related resources
Anonymous
June 6, 2004 10:35:45 PM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 06 Jun 2004 18:35:44 +0000, mack spoketh

>"Lars M. Hansen" wrote:
>
>> >can you have WEP and WPA on the same WAP?
>
>> No, it's either WEP or WPA. If you need both, you'll need two WAPs.
>> Wouldn't it be better to replace the older wifi cards?
>
>Thanks for your reply.
>
>The setup I'm working on will be for random people with laptops.
>I have to handle whatever people bring and I'm not in a position
>to tell them that they have old gear and that they should upgrade :-)
>My job is to get them linked and smile.

For random people with random equipment, you'll have to go for the
lowest common denominator, which would be WEP.

>
>I personally have about 6 older wifi cards which I expected to have a
>longer lifetime has turned out. I'm not exactly delighted at the prospect
>of them being obsoleted.
>

I have 5 older computers, I'm not thrilled that they are obsolete, but
I'll have to live with it.

>
>Is this situation the result of some physical law that can't be contravened,
>or is it that the manufacturers haven't written firmware to handle both
>types of encryption, or the drivers for the cards don't handle it ...?
>
>Thanks Joe

An access point can only be configured with one setting for wireless
security. It's either no encryption, WEP or WPA. There are some
additional settings involving a RADIUS server, but that doesn't change
the encryption options available, it only adds authentication to the
process.



Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
June 6, 2004 11:11:40 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, mack mused:
|
| Is this situation the result of some physical law that can't be
| contravened, or is it that the manufacturers haven't written firmware to
| handle both types of encryption, or the drivers for the cards don't
| handle it ...?

From my understanding, there is something about the 11b architecture
that makes WPA more difficult. It's not impossible, since there are some
11b cards that support WPA, but (also from what I've read) those 11b
products that do not current support WPA will not be updated to support it.
Likely, though, that has more to do with marketing.
June 6, 2004 11:13:09 PM

Archived from groups: alt.internet.wireless (More info?)

An AP could theoretically support both, although it makes no sense for a
client to do so. It would add complexity and cost. The AP would have to
keep a table associating MAC address with encryption type, and it would have
to consult the table for every transmitted frame.

There is no design reason why it can't be done, but there might be practical
reasons. WEP and WPA are often implemented in silicon in newer chipsets, The
table and decision-making logic would have to live in a driver, and the chip
interface would have to permit the encryption type to be passed to the
chipset for each frame. I have no hardware manuals for any chipsets, so I
don't know if that kind of interface exists. I suspect - but I don't know -
that the hardware is simply configured during driver initialization to run
WEP or WPA, so changing it on a frame-by-frame basis might imply a reconfig
for every frame. That almost certainly would be a performance disaster! The
only alternative I can think of would involve the AP doing all of the work
at the driver level, which would mean faster cpus and more fast memory.

So, if you can find this feature at all, it will be in expensive commercial
APs and routers. There would have to be a compelling commercial reason for
any vendor to add it, with its associated costs, and I don't think there is
one. At the low end of the price range (home/SOHO), the costs would push the
price too high. At the high end of the price range, the buying community can
easily afford equipment that supports WPA, either through upgrade or
replacement.

"mack" <jmack@wm7d.net> wrote in message news:40C36400.42DD03AF@wm7d.net...
> "Lars M. Hansen" wrote:
>
> > >can you have WEP and WPA on the same WAP?
>
> > No, it's either WEP or WPA. If you need both, you'll need two WAPs.
> > Wouldn't it be better to replace the older wifi cards?
>
> Thanks for your reply.
>
> The setup I'm working on will be for random people with laptops.
> I have to handle whatever people bring and I'm not in a position
> to tell them that they have old gear and that they should upgrade :-)
> My job is to get them linked and smile.
>
> I personally have about 6 older wifi cards which I expected to have a
> longer lifetime has turned out. I'm not exactly delighted at the prospect
> of them being obsoleted.
>
> Is this situation the result of some physical law that can't be
contravened,
> or is it that the manufacturers haven't written firmware to handle both
> types of encryption, or the drivers for the cards don't handle it ...?
>
> Thanks Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
Anonymous
June 7, 2004 12:14:55 AM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 06 Jun 2004 19:13:09 GMT, gary spoketh

>An AP could theoretically support both, although it makes no sense for a
>client to do so.

APs do support both WEP and WPA, however, you can't configure the AP to
_use_ both at the same time, which I believe is the OPs question.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
June 7, 2004 2:12:40 AM

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" wrote:
>
> APs do support both WEP and WPA, however, you can't configure the AP to
> _use_ both at the same time, which I believe is the OPs question.

Thanks everyone, particularly Gary and Lars.

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
June 7, 2004 4:40:22 AM

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:5nu6c01ku3f236o70vfkg9bldtjoqmmb4p@4ax.com...
> On Sun, 06 Jun 2004 19:13:09 GMT, gary spoketh
>
> >An AP could theoretically support both, although it makes no sense for a
> >client to do so.
>
> APs do support both WEP and WPA, however, you can't configure the AP to
> _use_ both at the same time, which I believe is the OPs question.

Apparently I didn't make it clear that I was talking about the difficulty of
supporting both schemes *concurrently*. Of course, newer chipsets and
drivers support both schemes. As I tried to explain, I think the choice is
made during initialization of the chipset, and never on a
per-transmitted-frame basis, which would be necessary to support dynamic
switching between schemes.

>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"
Anonymous
June 7, 2004 10:02:44 AM

Archived from groups: alt.internet.wireless (More info?)

Pardon me if I'm not understanding this one... but if you got a WEP signal
out there then that would be the signal that the hacker would break into.
All the WPA would be useless because a WEP signal would be in the air. The
more different signals you would have the more doors there are to get in.

"mack" <jmack@wm7d.net> wrote in message news:40C33196.B78BE6AB@wm7d.net...
> can you have WEP and WPA on the same WAP?
>
> I would like to get a WAP that supports the older wifi client cards
> that aren't upgradable to WPA and as well support the newer wifi client
> cards that are WPA-able.
>
> If it isn't possible to have both WEP and WPA on the same WAP, do I just
> buy two WAPs?
>
> Thanks Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
June 7, 2004 10:02:45 AM

Archived from groups: alt.internet.wireless (More info?)

"ahh" <ahh@ahh.com> wrote in message
news:XpidnaPEmfkYCV7dRVn-hA@giganews.com...
> Pardon me if I'm not understanding this one... but if you got a WEP signal
> out there then that would be the signal that the hacker would break into.
> All the WPA would be useless because a WEP signal would be in the air.
The
> more different signals you would have the more doors there are to get in.

You're misinterpreting. The OP is asking whether or not there are APs that
support a mix of clients, some using WEP, some using WPA. There is no
architectural reason in the 802.11 standards why this could not be done,
only practical objections. AFAIK, no APs support this.

Supporting concurrent use of both schemes would not weaken security in any
way. It would remain true that WEP clients would have weaker security, but
each type of client would have to be independently cracked.

>
> "mack" <jmack@wm7d.net> wrote in message
news:40C33196.B78BE6AB@wm7d.net...
> > can you have WEP and WPA on the same WAP?
> >
> > I would like to get a WAP that supports the older wifi client cards
> > that aren't upgradable to WPA and as well support the newer wifi client
> > cards that are WPA-able.
> >
> > If it isn't possible to have both WEP and WPA on the same WAP, do I just
> > buy two WAPs?
> >
> > Thanks Joe
> > --
> > Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> > jmack (at) wm7d (dot) net - azimuthal equidistant map
> > generator at http://www.wm7d.net/azproj.shtml
> > Homepage http://www.austintek.com/ It's GNU/Linux!
>
>
Anonymous
June 7, 2004 2:00:20 PM

Archived from groups: alt.internet.wireless (More info?)

mack wrote:
> can you have WEP and WPA on the same WAP?
>

The doc for the latest WPA firmware on the Netgear site claims "yes" but
consider the source. I've tried the FWAG114 but haven't been able to
make it work. As soon as I upgrade my WG302's I'll try them too.

> I would like to get a WAP that supports the older wifi client cards
> that aren't upgradable to WPA and as well support the newer wifi client
> cards that are WPA-able.
>
> If it isn't possible to have both WEP and WPA on the same WAP, do I just
> buy two WAPs?
>
> Thanks Joe
June 8, 2004 1:59:05 AM

Archived from groups: alt.internet.wireless (More info?)

"Larry Riffle" <spamtrap47@adelphia.net> wrote in message
news:40C474F4.5000508@adelphia.net...
>
> mack wrote:
> > can you have WEP and WPA on the same WAP?
> >
>
> The doc for the latest WPA firmware on the Netgear site claims "yes" but
> consider the source. I've tried the FWAG114 but haven't been able to
> make it work. As soon as I upgrade my WG302's I'll try them too.

We really need to clarify. The OP stated in his second post:

"The setup I'm working on will be for random people with laptops.
I have to handle whatever people bring and I'm not in a position
to tell them that they have old gear and that they should upgrade :-)
My job is to get them linked and smile."

I took this to mean that he wanted a solution that would support a mix of
clients, some running WEP, some running WPA, *at the same time*. AFAIK, such
a solution does not exist. Most APs manufactured in the last year or two
will support both WEP and WPA (possibly requiring an upgrade), but the AP is
configured to run with one or the other, not both at the same time.

>
> > I would like to get a WAP that supports the older wifi client cards
> > that aren't upgradable to WPA and as well support the newer wifi client
> > cards that are WPA-able.
> >
> > If it isn't possible to have both WEP and WPA on the same WAP, do I just
> > buy two WAPs?
> >
> > Thanks Joe
Anonymous
June 8, 2004 1:32:59 PM

Archived from groups: alt.internet.wireless (More info?)

There exists an optional WPA feature called "migration mode"
where the AP can support both WPA and WEP-only clients on the
same SSID. However not all WPA clients support migration
mode. So, to support all WPA and WEP-only clients in the same
AP, you'll want an AP that can support multiple concurrent SSIDs,
one configured for WEP and another for WPA.

In a small office, it may make sense to buy two APs, one using
WEP and the other WPA, and configure them to operate on separate
channels (and with different SSIDs.)

Aaron

---

~ can you have WEP and WPA on the same WAP?
~
~ I would like to get a WAP that supports the older wifi client cards
~ that aren't upgradable to WPA and as well support the newer wifi client
~ cards that are WPA-able.
~
~ If it isn't possible to have both WEP and WPA on the same WAP, do I just
~ buy two WAPs?
~
~ Thanks Joe
June 12, 2004 3:52:10 AM

Archived from groups: alt.internet.wireless (More info?)

gary wrote:
>
>
> You're misinterpreting. The OP is asking whether or not there are APs that
> support a mix of clients, some using WEP, some using WPA.

correct.

I remember when WPA was proposed, that WEP was going to be regarded as
WPA level 0 (or something like that) and that an upgrade path was available,
so that people with old gear would accept the new standard. It sounds like
no-one ever actually delivered.

Thanks
Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
June 12, 2004 5:29:26 AM

Archived from groups: alt.internet.wireless (More info?)

"mack" <jmack@wm7d.net> wrote in message news:40CA45AA.E888CFB0@wm7d.net...
> gary wrote:
> >
> >
> > You're misinterpreting. The OP is asking whether or not there are APs
that
> > support a mix of clients, some using WEP, some using WPA.
>
> correct.
>
> I remember when WPA was proposed, that WEP was going to be regarded as
> WPA level 0 (or something like that) and that an upgrade path was
available,
> so that people with old gear would accept the new standard. It sounds like
> no-one ever actually delivered.

According to Aaron Leonard, who posted to this thread, the Cisco Aironet
supports a concurrent-use migration mode. That's a roughly $800 unit. As I
argued earlier, concurrent mixing simply isn't likely to be found on
low-cost units, and it's not standardized.

There was never any plan to officially support concurrent mixed use. WPA
("Wi-fi Protected Access") is an interim standard derived from the IEEE
802.11i project, which is a work-in-progress. WPA was always planned in two
phases. The first phase incorporated those finished parts of 802.11i that
could be offered on most existing 802.11b equipment as a software upgrade.
WPA2 - which is now available - is essentially all of 802.11i, includeing
AES encryption. It generally requires new hardware, and cannot be offered as
a software upgrade on all equipment.

WPA itself is often referred to as a migration step, because it allows
existing equipment to get some of the improvements, like TKIP. The following
quote from the Wi-fi Alliance FAQ (question 12) makes clear that they
specifically did not intend to support or test APs supporting concurrent
mixed use. The model has always been, run WEP-only if one or more clients
can't do WPA. You need to read the answer carefully, because it is poorly
worded. The key phrase is "[t]he cost of supporting both modes is that the
security is effectively at the minimum level ...". That means the AP is
expected to be running WEP only if any client is WEP.
12. Q: Will Wi-Fi Protected Access operate in a network that has both WEP
and Wi-FiProtected Access components?

A: The Wi-Fi Alliance does not test or support a "mixed mode" of both WEP
and Wi-Fi client devices. However, in a large network with many clients, a
likely scenario is that Access Points will be upgraded before all the Wi-Fi
clients can be upgraded. Some Access Points may support a mixed mode, which
supports both clients running Wi-Fi Protected Access and clients running
original WEP security. The cost of supporting both modes is that security is
effectively at the minimum level allowed by the Access Point (i.e., WEP), so
organizations will benefit by accelerating the move to Wi-Fi Protected
Access for all Wi-Fi stations, and setting their Access Points to allow only
Wi-Fi Protected Access.


>
> Thanks
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
June 12, 2004 11:12:59 PM

Archived from groups: alt.internet.wireless (More info?)

gary wrote:
>
> WPA
> ("Wi-fi Protected Access") is an interim standard derived from the IEEE
> 802.11i project, which is a work-in-progress.
..
..
> WPA itself is often referred to as a migration step, because it allows
> existing equipment to get some of the improvements, like TKIP.

So is any of the current commodity WPA-able hardware (client cards and WAPs)
going to make it past the migration step, or will it too have to be discarded
like the WEP hardware?

Thanks Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
June 13, 2004 12:13:49 AM

Archived from groups: alt.internet.wireless (More info?)

"mack" <jmack@wm7d.net> wrote in message news:40CB55BB.200EB7C3@wm7d.net...
> gary wrote:
> >
> > WPA
> > ("Wi-fi Protected Access") is an interim standard derived from the IEEE
> > 802.11i project, which is a work-in-progress.
> .
> .
> > WPA itself is often referred to as a migration step, because it allows
> > existing equipment to get some of the improvements, like TKIP.
>
> So is any of the current commodity WPA-able hardware (client cards and
WAPs)
> going to make it past the migration step, or will it too have to be
discarded
> like the WEP hardware?

Depends on what level of security you want. For home/SOHO, current WPA
supports TKIP, which is much better than ordinary WEP. Probably good enough
for most cases, if you use a long, random preshared key. It also support
802.1x authentication, which is a major improvement. If you want fullblast
WPA2, with AES, you will probably need to upgrade to equipment that uses
newer Broadcom or Atheros chipsets. These do the AES encryption in silicon.

>
> Thanks Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
Anonymous
June 13, 2004 12:41:53 AM

Archived from groups: alt.internet.wireless (More info?)

On Sat, 12 Jun 2004 20:13:49 GMT, gary spoketh


>
>Depends on what level of security you want. For home/SOHO, current WPA
>supports TKIP, which is much better than ordinary WEP. Probably good enough
>for most cases, if you use a long, random preshared key. It also support
>802.1x authentication, which is a major improvement. If you want fullblast
>WPA2, with AES, you will probably need to upgrade to equipment that uses
>newer Broadcom or Atheros chipsets. These do the AES encryption in silicon.
>

FWIW, Linksys WAP54G has WPA with AES encryption, and it works like a
charm. Works with XP and the WPA patch, as well as on W2K with newest
Linksys drivers and Funk softwares' Odyssey client (comes with the
Linksys software).

AES is done in software, so there might be a performance hit. I haven't
noticed much here at home, even with streaming audio, but then again, I
don't have too many wireless clients competing for bandwidth. Once I get
this laptop upgraded to XP, I'll be switching to WPA with radius
authentication and AES encryption :) 


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
!