On Sat, 2004-06-26 at 22:25, Alan DeKok wrote: > If your AP's can't do per-user WEP keys, then they can't do EAP-TLS, > EAP-TTLS, or PEAP. It means that the *only* way you can secure the > wireless connection is by making the clients use VPN's.
Technically speaking, there are APs that will do TLS-based EAP methods without per-user WEP keys. Proxim AP-2000s with the Classic 802.11b cards are one example. It does mean that anyone currently authenticated with the AP in question can decrypt all traffic communicating with *that* AP. They encryption key *is* dynamic, its just not per-user dynamic. Hence it's a strong suggestion to upgrade to the 802.11G kits for those units to get that functionality. --Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
