Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Welcome to the Cisco Networking Professionals “Ask the Expert” conversation. This is an opportunity to discuss Wi-Fi (802.11b) wireless technologies with Lorie Jurkovich, Product Marketing Manager for Cisco’s Wireless Networking Business Unit. She is responsible for programs that promote the adoption of Wi-Fi technologies across all market segments for current and next generation Cisco Aironet Series of Wireless Local Area Network (WLAN) products. Feel free to post any questions relating to Cisco Wi-Fi technologies.

Lorie may not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through March 1. Visit this forum often to view responses to your questions and the questions of other community members.

29 REPLIES
New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie,

What's the First Customer Ship date for 802.11a Access Points and cards?

When will Cisco post specifications for the AP, the cards and the approved antennas?

Matthew Wheeler

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Cisco has not yet announced a date for 802.11a products. Cisco is committed to the 5 GHz market though, as evident by its acquisition of Radiata, a 5 GHz chip developer.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie,

What is the maximum roaming delay for the Aironet 350 AP, and how would this effect a wireless VoIP call?

Would there be an additional roaming delay when roaming between different IP subnets and using Mobile IP?

Thanks,

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

The roaming delay of the Cisco Aironet 350 Series APs is negligible. If 802.1x is utilized however, the roaming delay could be several hundred milliseconds. Most VoIP installations do not employ 802.1x, though. Cisco currently only supports the Spectralink QoS protocol and roaming delays with Spectralink products and the 350 AP do not effect the quality of the call. Also be aware that many of the roaming timing constraints are limited by the roaming device (phone, pc card, etc)

Roaming delays with Mobile IP are not a wireless issue. Mobile IP is supported by the wired infrastructure and the client (wireless phones for example), not the access points. The IP stack on the roaming client (known as Mobile Node) is tunneled by the Home and Foreign agents, which reside on the Router (or other infrastructure device) that supports Mobile IP.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie -

Thanks for taking the time to answer some questions. What will the security mechanism be for the new 802.11a wireless devices? Since we just bought the ACS software, I'm hoping that LEAP will still be an option. Moreover, is there any time frame on when 802.1x (LEAP) will become a standard that other companies will adopt? I'm sorry if I have not researched this enough on my own. But I'm sure that you can provide the answers we need...

Thanks

STU

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

While I can't talk specifically about any future products, I can assure you that Cisco is committed to the ongoing support of IEEE 802.1x and EAP authentication types such as LEAP. Apple has adopted LEAP, but Cisco also supports other EAP authentication types such as EAP-TLS.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Are there any Cisco printed materials (books, etc)specific to all Cisco wireless network equipment?

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

There are no books specific to Cisco wireless equipment, but you can check out other Cisco Aironet product information at http://www.cisco.com/go/aironet

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie

Is CISCO Aironet Wirless solution Provide the true Multi-point to point link?

Is there any White papers or guidlines to choose the CISCO Aironet Wireless Product?

Regards,

MMA

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

The Cisco Aironet Wireless Bridges do provide point-to-multipoint links. They are not, however, full duplex links. For more information on bridges, see: http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/a350m_ds.htm

For wireless deployment information, see the Cisco Aironet solutions guides at http://www.cisco.com/go/aironet

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Is there truth to configuring linux to act as AP? I f you can do this by attaching a wireless card, how do you configure it to do so? If you need a driver, where can you download this? tnx

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie, is it possible to use two 342 bridges to connect my network with a clients network even thou we are using different IP schemes?

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Connecting these two networks with the wireless bridge is not a problem, as they are physical/datalink devices, they can filter at higher layers but you should just look at them the same as a piece of wire. If you want to connect to IP hosts on a different subnet you will need a router at one end of the bridge link.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lori,

I have a customer who wishes to use Cisco Aironet APs and have several different types of point of sale (POS) devices such as Symbol and Intermac devices connect via wireless to the APs. The question of security comes up. Obviously LEAP does not seem to be an option as it is Cisco proprietary. What options do I have ? Static WEP keys and WEP encryption ? Any other obvious solutions ? What are other customers doing ?

Thanks,

Russ

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

You are correct. You can employ static WEP and WEP encryption. You can also utilize MAC address authentication to a RADIUS server. In addition, the IEEE 802.11 task group i has proposed a mechanism to strengthen WEP, called TKIP(temporal key integrity protocol), that all wireless vendors will most likely soon adopt.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Hi,

is it possible to secure Communication via EAP and an ACS Server on a Bridging Solution(Building to Building) with 350 Series Products ?

Regards Markus

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Using the latest code, 11.10T and the Cisco Aironet 350 Series Wireless Bridges, this is possible.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie -

I'm sure that you have heard that the University of Maryland have recently "cracked" 802.1x. I myself have just learned this information. Here is a URL of the information I learned http://www.idg.net/go.cgi?id=641766. Does Cisco have a response to this?

Thanks! STU

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

We have written a response to the paper from the University of Maryland. In short, the paper did not take into account many of the features that are now available in the WLAN products like the Cisco 350. we will be posting the complete response in a few days to www.cisco.com/go/aironet. As a summary, I have put some highlights here.

Cisco recognizes the vulnerabilities discussed in the paper and has addressed them with the EAP-Cisco authentication algorithm (also known as Cisco LEAP) and Cisco WEP enhancements such as the message integrity check (MIC) and per packet keying. This document will review the vulnerabilities the paper highlights as well as the practical implementations of them. This document will then illustrate that implementing Cisco wireless LAN security enhancements mitigates these vulnerabilities by discussing how:

EAP-Cisco and EAP-TLS defeat Man-In-Middle attacks by use of mutual authentication. The RADIUS server authenticates the client, and the client then authentications the RADIUS server.

EAP-Cisco protects the client so local data cannot be exploited. EAP-Cisco dynamically derives a WEP session key locally on the client and on the RADIUS server after authentication, so all subsequently transmitted frames are encrypted with the derived key. An attacker does not have visibility to the keying material, and therefore cannot derive the key.

EAP-Cisco and EAP-TLS maintain network integrity. Attackers cannot leverage the vulnerabilities described in the paper to compromise the APs and protected network.

Cisco enhances WEP encryption. Pre-standards implementation of per packet keying and message integrity checks on all WEP encrypted frames mitigates known attacks against existing WEP and 802.11 vulnerabilities. Per packet keying and the MIC are proposed enhancements to the 802.11i wireless LAN security standard.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie:

thank you for taking my question. Can you tell us anything about Cisco's future adoption of the 802.11g spec that is supposed to double the data throughput on the existing 2.4ghz frequency? Also, will any type of new equipment be needed or will it just be software modification.

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

While I can't discuss any future Cisco products, I can let you know that we are working with Intersil on an 802.11g chip. See this link for more information: http://www.intersil.com/pr/shell/0,1091,596,00.html

Yes, new equipment will be needed, as a new radio will be required.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie,

the WLAN market is growing in a very rapid way.

Manufacturers are strating now to think of interoperability between WLAN networks and other Wireless WAN networks.

Nokia is working on its PCMCIA card with 802.11b, GPRS, HSCSD support http://nokia.sparklist.com/scripts/nph-t.pl?U=39&M=100755&MS=40067.

I've heard rumors that Lucent is working on a CDMA, W-CDMA, 802.11 integrated network offering for Telcos.

What about CISCO in this area?

CISCO is the market leader on WLAN with its Aironet series product, but integration with othr networks?

Thanks,

Carlo

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

In this forum, I can't discuss any future product plans.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Please comment on the Wireless Security Paper from University of Maryland.

The 802.1X security standard for wireless LANs has two gaping holes that will give hackers a field day, according to researchers in the US

A new set of security measures aimed at making 802.11-type wireless LANs safe from hackers is fundamentally flawed, according to researchers from the University of Maryland.

Professor William Arbaugh and Arunesh Mishra say in a paper published last week that the new 802.1X security system has two basic problems -- one where a hacker can hijack an existing connection, and another where they can interpose themselves during authentication and steal access information as it's being set up.

In the first case, the hacker monitors the transmissions and when a session is established between a client and an access point, the hacker sends a fake packet to the client purporting to be from the access point saying "Session closed". The client just reconnects with a new session: meanwhile, the legitimate access point thinks the old session is still open and the hacker can use it.

The other way -- a 'man in the middle' attack -- again involves the hacker pretending to be an access point, this time relaying messages between the client and the real access point while monitoring their contents, having "... completely bypassed any higher-layer authentication and render(ing) the authentication mechanism ineffective," according to Arbaugh and Mishra.

The paper, An Initial Security Analysis of the IEEE 802.1X Standard, says that the standard needs to be modified to include symmetric authentication -- where the client and the access point both prove to each other who they are --- and better handling of access point authentication. Without this, it says, 802.1X and 802.11 cannot provide sufficient levels of security. The 802.1X standard itself -- and its associated standard, Extensible Authentication Protocol -- is already in use for wireless networking in Cisco 802.11b products, for example. 802.1X has already been under investigation for its vulnerability to a number of different potential attacks, including several potential denial-of-service flaws.

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Security is certainly a very hot topic for wireless LANs. I responded to a similar question on Feb.22, but I'll repost it for your conveniance.

We have written a response to the paper from the University of Maryland. In short, the paper did not take into account many of the features that are now available in the WLAN products like the Cisco 350. we will be posting the complete response in a few days to http://www.cisco.com/go/aironet. As a summary, I have put some highlights here:

Cisco recognizes the vulnerabilities discussed in the paper and has addressed them with the EAP-Cisco authentication algorithm (also known as Cisco LEAP) and Cisco WEP enhancements such as the message integrity check (MIC) and per packet keying. This document will review the vulnerabilities the paper highlights as well as the practical implementations of them. This document will then illustrate that implementing Cisco wireless LAN security enhancements mitigates these vulnerabilities by discussing how:

EAP-Cisco and EAP-TLS defeat Man-In-Middle attacks by use of mutual authentication. The RADIUS server authenticates the client, and the client then authentications the RADIUS server.

EAP-Cisco protects the client so local data cannot be exploited. EAP-Cisco dynamically derives a WEP session key locally on the client and on the RADIUS server after authentication, so all subsequently transmitted frames are encrypted with the derived key. An attacker does not have

visibility to the keying material, and therefore cannot derive the key.

EAP-Cisco and EAP-TLS maintain network integrity. Attackers cannot leverage the vulnerabilities described in the paper to compromise the APs and protected network.

Cisco enhances WEP encryption. Pre-standards implementation of per packet keying and message integrity checks on all WEP encrypted frames mitigates known attacks against existing WEP and 802.11 vulnerabilities. Per packet keying and the MIC are proposed enhancements to the 802.11i wireless LAN security standard.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Hi Lori,

I've heard that you can use VLANS to provide additional security to a WLAN. Is there any documentation on Cisco's website that can detail how this is done? Thanks.

Cisco Employee

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

You can segment your WLAN users with a VLAN. However, VLAN segmentation is done at the switch or router point, not through the access point. We currently have no documentation that specifically shows this application.

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Lorie,

I have a client that is using a Cisco broadband cable backbone (uBR7246 & uBR924). I would like to integrate Cisco APs from the remote uBR924s, are you aware of any inoperability issues or application concerns with this type of design?

Jay

New Member

Re: ASK THE EXPERT – WI-FI WIRELESS TECHNOLOGIES

Hi,I am looking for a technical spec for 802.11 cards: the 'rx-tx turnaround time'. I could not find this in data-sheets. IEEE 802.11 standard says that this value should be less than 5 mu sec. But I am looking for the exact value of a real transceiver. My guess that it should be much smaller than 5 mu sec, may be around 1 mu sec range.I will be thankful if you could provide the information, or let me know some pointers.Thanks again.Saikat Ray

43
Views
0
Helpful
29
Replies
CreatePlease to create content