In my (limited) experience with wireless bridges, as far as I'm aware, WEP is the only encryption allowed as WPA won't work because it requires direct connection to the client.
I know MAC filtering can be spoofed easily so where does this lead bridging as a possible secure way of linking mulitple branches?
Is there another alternative that has a higher level of security using standard 802.11 gear?
I appreciate any responses.
jac
Not exactly. WPA was originally intended as a temporary repair job for the deficiencies of WEP. It's implimentation was designed to NOT require any hardware modifications or protocol extensions. The theory was that WPA2 with AES encryption would require a dedicated chip for crunching the encryption. Well, processors became sufficiently powerful to do it all in software, so that prediction didn't exactly work. However WPA took so long to be implimented that the extensions crept into the spec. 802.1x authentication (e.g. RADIUS) does require an external server and might cause poblems with a point to multipoint bridge. However WPA-PSK (pre-shared key) does NOT require an external server and could easily be implimented in a point to multipoint bridge as all the keys are the same. A few bridge products do this. Why the majority of the cheap bottom of the line product do not allow just WPA-PSK seems to reek of a bug, implimentation error, or just plain cluelessness where they can't seem to distinguish between the assorted authentication schemes and just plain WPA-PSK.
Nope. WPA-PSK is "good enough".
Are you looking for products that support WPA-PSK in bridge mode? There are quite a few listed that specifically do NOT support WPA in bridge mode. However, using Google and searching for "WPA-PSK point to point bridge" I find: |
Thanks Jeff,
Thats the solution then, I'll find a model that supports WPA-PSK.
Jac
Easy,
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.