802.1x is pure software, and unless the hardware in the box is very very very very dumb, or there are flash space issues, any AP should be upgradable to support 802.1x. It's just a matter of adding a few state machines, a RADIUS client, making sure per-station keys are supported, a tiny bit of crypto (for RADIUS and the EAPOL-Key packets), and the associated configuration variables (RADIUS server, secret, etc.).
That's actually the whole reasoning behind the new WPA thing: it should bring more security without needing new hardware, as opposed to "better" security enhancements like AES that require quite a bit more horsepower.
Now, of course, that doesn't necessarily mean that all vendors will provide new firmware to support 802.1x or WPA... They'll probably try to sell new hardware, especially for the lower cost ones.
Jacques.
At 15:27 16/12/2002, Jon Baer wrote:
Socket Brings 802.1X to PocketPC A new Compact Flash Wi-Fi card from Socket Communications is the first to build in support for 802.1X security that can be used on PDA clients.http://www.80211-planet.com/news/article.php/1557481 I have a stupid question but what would really be required for an older AP to use 802.1x, a simple firmware update for simply doing EAP authentication? Or is it pretty much you would need to update the entire AP with new hardware? - Jon -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
-- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
