The TKIP solution is actually part of a framework called Wi-Fi Protected Access or WPA. It is an interim fix for WEP which is easily compromised. The WPA solution uses existing technologies like 802.1x and TKIP. It is meant for existing access points currently running the insecure WEP and have upgradable firmware which can then be used for WPA. With WPA, you can place your APs on the internal LAN.
The VPN solution is a very good alternative where you place your APs on the outside of the LAN. Users then have to connect via some kind of VPN client to reach the internal LAN.
The easiest and most secure solution will be 802.11i but this requires specific hardware that most current APs on the market lack. It uses AES-CCMP instead of TKIP. This IEEE standard has not been ratified yet as far as I know.
Since you are asking in a Cisco forum - currently, the Cisco APs that support WPA are the ones running IOS like the 350, 1100 and 1200. Otherwise, you can use VPN.
Check wi-fi.com and google for above terms and you will find lots of resources including on Cisco's documentation site.
I have not personally tried the VPN solution but WPA works great for me on a 350.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
email@example.com. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...