Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Wireless Bridge Supporing WPA2-AES

Posted on 2009-02-08
12
Medium Priority
?
1,480 Views
Last Modified: 2013-12-21
I'm looking for an wireless Access Point and Bridge that can connect to each other via WPA2-AES for less than $500 USD (for both devices).

Despite the documentation, the Linksys/Cisco WAP54G (v3.1) only works in WPA2-TKIP mode.
0
Comment
Question by:Geoff Millikan
  • 7
  • 4
12 Comments
 
LVL 4

Expert Comment

by:leibinusa
ID: 23587207
If you only need a pair of wireless bridges which connect to each other, why do you want WAP2-AES? worry about security? WAP2-TKIP is secure enough. Anyway, I do not know anybody ever break it. To improve security, you can use EAP.
0
 

Author Comment

by:Geoff Millikan
ID: 23587479
TKIP is not secure enough for what we are doing.  We want WPA2-AES.  

Can anyone help us?

http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
TKIP is vulnerable to a keystream recovery attack that, if successfully executed, permits an attacker to transmit 7-15 packets of the attacker's choice on the network. The current publicly available TKIP-specific attacks do not reveal the Pairwise Master Key or the Pairwise Temporal Keys.

http://en.wikipedia.org/wiki/CCMP
CCMP is a mandatory part of the WPA2 protocol and an optional part of the WPA protocol, is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and the earlier, insecure WEP protocol.[1] CCMP is a required option for Robust Security Network (RSN) Compliant networks.  CCMP uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key and a 128-bit block.
0
 
LVL 4

Expert Comment

by:leibinusa
ID: 23591123
If you are so sensitive on security, why do you just want to spend $500 on devices.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:Geoff Millikan
ID: 23591483
Does a bear poop in the woods?  

Ok, $1000.  
0
 
LVL 4

Expert Comment

by:leibinusa
ID: 23595453
The article mentions countermeasures, which just need to change the rekey interval. By the way, you can conside to setup site-site VPN tunnel to increase security. I am Cisco guy. I do not know wireless from other vendors. if you do not mind, you can get devices from ebay, which will fit your budget.
0
 

Author Comment

by:Geoff Millikan
ID: 23595754
Thanks!  And may I ask what the name of the hardware is that supports WPA2-AES between an wireless AP and a wireless bridge?  (Site-to-site VPN is not a good option for what we're doing.)
0
 
LVL 4

Expert Comment

by:leibinusa
ID: 23596928
Cisco AIR-AP1131AG-A-K9 supports WPA2 and wireless bridge. Look at below.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
0
 

Author Comment

by:Geoff Millikan
ID: 23597438
So are you sure that the Cisco AIR-AP1131AG-A-K9 actually supports WPA2 in bridge mode? The reason I ask is because the similar specs on the Cisco (Linksys) WAP54G say on page 16 of 45 that it supports WPA2 but it actually doesn't in bridge mode (only as an AP).

Also, the best price I could find on two of these these was $962.50 which isn't cheap.  I was hoping for a Netgear/Linksys/DLINK solution which should be easily in the sub-$500 range.

http://downloads.linksysbycisco.com/downloads/WAP54G_V30_UG_A-WEB.pdf
"Security Mode: Select the security method you want to use, WPA-Personal, WPA2-Personal, WPA2-Mixed, WPA-Enterprise, RADIUS, or WEP. (WPA stands for Wi-Fi Protected Access, which is a security standard stronger than WEP encryption. WPA2 is a stronger version of WPA..."

0
 
LVL 4

Accepted Solution

by:
mikesuss earned 2000 total points
ID: 24343261
Have you looked at Buffalo routers and loading dd-wrt?  

I have used a bunch of Broadcom based routers loaded with dd-wrt firmware using WDS encrypted with WPA2 / AES with no issues.  

The added benefit is that if you want to use them as an access point you can.  
0
 

Author Comment

by:Geoff Millikan
ID: 24507759
Looks like the Buffalo WHR-HP-G54 just might do it.

It works as an AP like you say, "External Switch To Change Between Wireless Router and Wireless Access Point"

And it looks like it just might support WPA2.  The dd-wrt website says it supports this although loading a 3rd party's firmware seems dicey to me.

But you hit the nail on the head.  Nice find, very impressive.

http://www.buffalotech.com/products/wireless/wireless-g-high-power/wireless-g-high-power-router-and-access-point-whr-hp-g54/


ScreenShot006.png
0
 

Author Closing Comment

by:Geoff Millikan
ID: 31544356
Nice find, very impressive.
0
 

Author Comment

by:Geoff Millikan
ID: 25029139
Well, now I'm reading from the manual under "Configuring a WDS Bridge:"

"Note that TKIP and AES encryption schemes will not work with WDS; you must use WEP for encryption."

So no, this doesn't work.

http://cdn.cloudfiles.mosso.com/c85091/WHR-HP-G54-Manual_web.pdf
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
This program is used to assist in finding and resolving common problems with wireless connections.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question