DEMYSTIFYING 802.11N AND WPA/WPA2
Upcoming SlideShare
Loading in...5
×
 

DEMYSTIFYING 802.11N AND WPA/WPA2

on

  • 5,603 views

DEMYSTIFYING 802.11N AND WPA/WPA2

DEMYSTIFYING 802.11N AND WPA/WPA2
HP E-Series Mobility E-MSM460, 466 & 430 Access Points

Statistics

Views

Total Views
5,603
Views on SlideShare
5,590
Embed Views
13

Actions

Likes
0
Downloads
50
Comments
0

3 Embeds 13

http://bit.ly 10
https://si0.twimg.com 2
http://www.docshut.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

DEMYSTIFYING 802.11N AND WPA/WPA2 DEMYSTIFYING 802.11N AND WPA/WPA2 Presentation Transcript

  • DEMYSTIFYING 802.11N ANDWPA/WPA2 HP E-Series Mobility E-MSM460, 466 & 430 Access PointsAnil GuptaTechnical Product Manager (Mobility)©2011 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice.
  • WPA/WPA2: Quick Primer • WPA/TKIP is an encryption method stronger than WEP • WPA2/AES is an enhancement to WPA whereby the encryption algorithm is replaced by the much stronger AES/CCMP • When using either WPA or WPA2, an access point maintains two different types of keys: – Group key: used to encrypt multicast and broadcast packets – Pairwise Key: used to encrypt unicast packets. • The AP maintains a unique Group key per SSID • The AP maintains a unique Pairwise Master Key (PMK) per associated client. • The encryption key can be derived in two ways: – Statically: using a passphrase, commonly referred to as PSK – Dynamically: using 802.1X authentication © 2011 Hewlett-Packard Development Company, L.P.2 The information contained herein is subject to change without notice
  • WPA/WPA2: Possible Combinations • Because of the fact that there are – two different encryption methods: TKIP or AES – and two different ways to derive the encryption key: PSK or 802.1x • It results in 4 different combinations – WPA/TKIP with PSK: often referred to as WPA-Personal – WPA/TKIP with 802.1x: often referred to as WPA-Enterprise – WPA2/AES with PSK: often referred to as WPA2-Personal – WPA2/AES with 802.1x: often referred to as WPA2-Enterprise • But what about mixed mode? Keep reading…..we’ll get to it ! © 2011 Hewlett-Packard Development Company, L.P.3 The information contained herein is subject to change without notice
  • 802.1 Facts pertaining to WPA/WPA2 1n • 802.1 standard only defines two modes of operation: 1n – Open i.e. no security – WPA2/AES • Hence, the approved 802.1 standard does not permit 1 operation using 1n 1n WPA/TKIP • More specifically the 802.1 standard does not permit using High 1n Throughput (HT) MCS data rates (65.0 Mbps up to 450.0 Mbps) when using WPA/TKIP encryption. • Another way to interpret this would be: – It is legal to use WPA/TKIP encryption when using legacy 802.1 A/B/G data rates 1 – It is legal to use WPA2/AES when using HT data rates © 2011 Hewlett-Packard Development Company, L.P.4 The information contained herein is subject to change without notice
  • Mixed Mode Operation: WPA or WPA2 • When operating in Mixed Mode: – HP E-MSM APs use WPA/TKIP encryption for multicast/broadcast packets – HP E-MSM APs are capable of using either TKIP or AES encryption for unicast packets • MSM APs decide which encryption method (TKIP or AES) to use for unicast packets to the client, depending on the capability negotiated by the client during association time • The chosen encryption method (per-client) for unicast packets also dictates what data rates are allowed to be used with that client: – If AES is chosen, High Throughput MCS data rates (65.0 Mbps to 450.0 Mbps) can be used for unicast traffic exchange between AP and wireless client – If TKIP is chosen, only legacy 802.1 A/B/G data rates (up to 54.0 Mbps) may be used for 1 unicast traffic exchange between AP and wireless client © 2011 Hewlett-Packard Development Company, L.P.5 The information contained herein is subject to change without notice
  • Real world examples with mixed mode (MSM46x) Client Type Client Radio Client Max Link Rate Capability configuration or Connection Speed iPod B/G WPA/TKIP (PSK) 54.0 Mbps Intel 5300/6300- A/B/G/N WPA-Personal or 54.0 Mbps based laptop WPA-Enterprise Intel 5300/6300- A/B/G/N WPA2-Personal or 450.0 Mbps based laptop WPA2-Enterprise (MCS23) Sprint HTC Evo B/G/N WPA/WPA2 72.0 Mbps cellphone (MCS7) © 2011 Hewlett-Packard Development Company, L.P.6 The information contained herein is subject to change without notice
  • Intel 5300802.1 client 1nconfigured forWPA/TKIPbehaving like alegacy 802.1 1aclient © 2011 Hewlett-Packard Development Company, L.P. 7 The information contained herein is subject to change without notice
  • Acronyms • WPA: Wi-Fi Protected Access • TKIP: Temporal Key Integrity Protocol • PSK: Pre-shared Key • AES: Advanced Encryption Standard • CCMP: Cipher-block Chaining Message Authentication Protocol © 2011 Hewlett-Packard Development Company, L.P.8 The information contained herein is subject to change without notice
  • OUTCOMES THAT MATTER.