Review: Agere ORiNOCO AS-2000, part 3 - Page 2

By Lisa Phifer | Posted Sep 7, 2001
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Looking Ahead
Anyone investing in wireless infrastructure must be concerned about protecting that investment as technology matures. The cost of a single AS-2000 and a few ORiNOCO cards is modest. But consider the university purchasing hundreds of AS-2000s to outfit the entire campusthey must be convinced that this infrastructure can evolve.

The AS-2000 dual-slot design and downloadable firmware make it conceivable to support new 5 GHz PC cards when available, increasing transmission rate. Existing 2.4 GHz PC cards can be updated with new firmware and drivers to support Wi-Fi standards evolutionfor example, adding support for 802.1x in Windows/XP drivers.

The relationship between AS-2000 security features and the evolving 802.1x standard is more difficult to explain. 802.1x provides a framework for port-based authentication and key distribution. Using the Extensible Authentication Protocol (EAP) over Ethernet, a port access entity (an Ethernet switch or wireless bridge) authenticates a "supplicant" by consulting a back-end authentication server. This generic framework can be implemented with different EAP typesexamples include EAP-MD5 for Ethernet port authentication or EAP-TLS for Wi-Fi port authentication.

According to Agere's Dorothy Stanley, Microsoft's Windows/XP implements EAP-TLS for mutual authentication by digital certificate. First, each PC connects to a wired network to download a machine certificate. Thereafter, PCs use certificates for 802.1x wireless port authentication. Customers must deploy and maintain a certificate infrastructure, including Microsoft authentication servers (IAS and AD). TLS provides secure key exchange, but standard WEP is used for payload encryption.

In contrast, the AS-2000 does not require digital certificatesAS Clients authenticate with any method compatible with RADIUS and CHAP, including SecurID. With the AS-2000, CHAP rides over an encrypted associationin 802.1x, identity is sent as cleartext. Both solutions automate key exchange, but the AS-2000 uses them to initialize a stateful RC4 encryption engine, avoiding the weakest part of WEP. Microsoft is releasing 802.1x for Windows XP and 2000Agere's AS Client is available now for other Windows platforms.

Nonetheless, we believe that integrated OS support is important to simplify installation and configuration, creating the so-called "zero configuration" plug-and-play environment. Agere is on-board with XP - it supports 802.1x/EAP-TLS in beta XP drivers now and will add it to access point products like the new AP-2000 later this year.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter