NETWORK WORLD NEWSLETTER: JOANIE WEXLER ON WIRELESS IN THE ENTERPRISE 08/18/04 Today's focus: Vendors innovate beyond 802.11i roaming standards
Dear [EMAIL PROTECTED], In this issue: * Much ado about Wi-Fi roaming * Links related to Wireless in the Enterprise * Featured reader resource _______________________________________________________________ This newsletter is sponsored by MERU NETWORKS Beyond Bandwidth: Managing Capacity in WLAN Systems The requirement to support critical applications, including voice and other time-bounded traffic, has proved to be a powerful incentive for creative thinking in WiFi. We have now shifted our thinking from the basics of RF, where we attempt to optimize bandwidth, to the coordinated management of capacity in pervasive WLAN deployments. Click Here to receive a paper written by FarPoint Group on WLAN capacity. http://www.fattail.com/redir/redirect.asp?CID=72441 _______________________________________________________________ CHECK OUT NW FUSION'S NEW WHITE PAPER LIBRARY Just launched: NW Fusion's White Paper Library with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNICAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: http://www.fattail.com/redir/redirect.asp?CID=72528 _______________________________________________________________ Today's focus: Vendors innovate beyond 802.11i roaming standards By Joanie Wexler Apparently, there are several ways users will be able to roam securely and seamlessly among access points in 802.11 wireless LANs. The 802.11i security standard, ratified in June, makes a couple of provisions for this capability, and WLAN start-up Airespace says it has codeveloped with Funk Software and Atheros an extension to one of the methods specifically for switched WLAN architectures that other vendors can also adopt. You'll recall that Cisco recently announced fast, Layer 3 roaming via its Wireless LAN Services Module for its Catalyst 6500 switches. And Proxim announced its own "partial-preauthentication" secure roaming method for its Orinoco Switching System, which began shipping in July as the Avaya W310 Wireless LAN Gateway, last winter. >From a standards perspective, Paul Funk, president of Funk Software, explained that 802.11i contains two specs for accelerating secure roaming that are aimed at traditional access points (AP), which operate independently rather than in conjunction with a WLAN switch: 1) Pairwise Master Key (PMK) Caching allows the client to associate with an AP and, upon doing a full RADIUS authentication, store a master key negotiated with that particular AP in a cache. Should the user roam away from that AP and back again, the client will not have to reauthenticate. Funk referred to this 802.11i-specified method as "fast roam-back." 2) Preauthentication or "fast-associate in advance." Using this 802.11i-specified capability, an 802.11 AP associated to a client could bridge to other APs over the wired network and preauthenticate the client to the "next" AP to which the client might roam. In switched architectures, the "authenticator" in the 802.1X framework is the switch, rather than the AP (the client software is the "supplicant" and the RADIUS server is the "authentication server"). Theoretically, the switch could simply blast out the master key information for a given client to most or all APs upon successful authentication, potentially preauthenticating mobile clients for secure roaming on the entire WLAN. However, as Funk pointed out, many network operators would view this as wasting bandwidth and RADIUS resources if users don't roam to all those APs. So Airespace, Funk Software and Atheros created Proactive Key Caching (PKC) for switched architectures. When a mobile device moves from AP to AP, the WLAN searches its PMK cache in the switch to see if the client has already been authenticated anywhere else on the network. If a PMK entry already exists for the wireless device, it doesn't perform the authentication process again. Note: With each client-AP association - whether PMK Caching or PKC is being used - the 802.11i standard calls for a Pairwise Transient Key (PTK) to be derived via a four-way handshake, which protects data actually sent over air. The PTK is discarded each time a user roams. If the PTK fails, reauthentication is required. Funk said his company's Odyssey client software is scheduled to support the PKC capability late this month or next month (Airespace gear is slated to support PKC in September). Both supplicant and authenticator must support fast, secure roaming - be it PKC, PMK Caching, preauthentication or other implementation - for it to work. Note that Trapeze Networks, a WLAN switch competitor to Airespace, contends that PMK Caching as defined in the standard is the same mechanism Airespace describes as PKC. As such, Trapeze says, its own WLAN switch supports fast, secure roaming in the same manner. RELATED EDITORIAL LINKS 802.11i security standard goes on the books Network World Wireless in the Enterprise Newsletter, 07/07/04 http://www.nwfusion.com/nlwir465 Cisco integrates wired, wireless networks Network World Wireless in the Enterprise Newsletter, 05/10/04 http://www.nwfusion.com/nlwir506 Proxim offers peek into voice-centric switching system Network World Wireless in the Enterprise Newsletter, 02/18/04 http://www.nwfusion.com/nlwir507 Where do "overlay" vendors fit in roaming efforts? Network World Wireless in the Enterprise Newsletter, 02/23/04 http://www.nwfusion.com/nlwir508 Wireless vendors try defining MIMO Network World, 08/16/04 http://www.nwfusion.com/news/2004/081604mimo.html Sprint offers first SLAs for wireless Network World, 08/16/04 http://www.nwfusion.com/news/2004/081604sprintsla.html _______________________________________________________________ To contact: Joanie Wexler Joanie Wexler is an independent networking technology writer/editor in California's Silicon Valley who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at <mailto:[EMAIL PROTECTED]>. _______________________________________________________________ This newsletter is sponsored by MERU NETWORKS Beyond Bandwidth: Managing Capacity in WLAN Systems The requirement to support critical applications, including voice and other time-bounded traffic, has proved to be a powerful incentive for creative thinking in WiFi. We have now shifted our thinking from the basics of RF, where we attempt to optimize bandwidth, to the coordinated management of capacity in pervasive WLAN deployments. Click Here to receive a paper written by FarPoint Group on WLAN capacity. http://www.fattail.com/redir/redirect.asp?CID=72440 _______________________________________________________________ ARCHIVE LINKS Archive of the Wireless newsletter: http://www.nwfusion.com/newsletters/wireless/index.html Wireless research center Latest wireless news, analysis and resource links http://www.nwfusion.com/topics/wireless.html _______________________________________________________________ FEATURED READER RESOURCE WONDERING IF YOUR PAY IS UP TO SNUFF? Check out Network World's 2004 Salary Calculator to see if you're getting paid what you're worth. Using data collected in the 2004 Network World Salary Survey, we've programmed this calculator with several categories that could affect your pay. Answer the questions and find out what the average salary is for your job category. Click here: <http://www.nwfusion.com/salary/2004/calculator.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
