Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Difference between 340 & 350 Bridges


I'm trying to understand the specific differences between the 340 & 350 bridges. We currently have (3) 340 Bridges installed which perform flawlessly. We're being told by our home office that we need to install 350s for security purposes. I'd like to know what, if any, security features exist in the 350s that the 340s don't have. If, in fact, there are improved security features with the 350 we'll gladly ante up. Thanks much.

New Member

Re: Difference between 340 & 350 Bridges

There are many security enhancements that have been made with the 350. If you have a 340 bridge deployment now... there are some things you can do to make your 340 bridges more secure but migrating to the 350 product is certainly worth considering. The BR-340 Bridge is an older bridge device (utilizing an earlier radio and a different operating system). Therefore; support for dynamic WEP keying through a Radius Authentication method (LEAP) and newer firmware enhancements to make WEP more robust have not been incorporated into the 340 Bridge series products.

Although the legacy 340 bridge *DOES* use 128 bit WEP, there are methods that you *COULD* employ to make the 340 bridge link *more* secure. Some methods that come to mind are....

1. A bridge pair could be configured to use a different key for transmit and receive (utilizing two WEP keys for communications).

2. Broadcast SSID could be disabled in the bridge so that it will not advertise it's SSID to programs such as Netstumbler or Operating Systems such as Microsoft XP and Apple OS. Although the link might still be seen with a sniffer, most attacks (in my opinion) start off with Netstumbler or other methods to "discover or attempt to detect the link" before sniffers are typically used.

3. Bridge can be set to "BRIDGE ONLY" mode (This prevents wireless clients from associating).

4. Directional antennas can be used to limit the coverage area.

5. Transmitter power output can be reduced again to limit the coverage area.

6. MAC address filtering can be enabled to limit association.

7. VPN can be run across the bridge link.

8. Hardware data encryption (external hardware) could be used before sending the data through the bridge.

Hope this helps.