Generally, when people refer to mixed mode in relation to Wi-Fi encryption they mean WPA/TIP and WPA2/AES.
Frank -----Original Message----- From: Walter Reynolds [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 26, 2006 7:13 AM To: [email protected] Subject: Re: [WIRELESS-LAN] WPA or VPN On Fri, 22 Sep 2006, David Spindler wrote: > I would not suggest WPA/WPA2 mixed mode. We've found that older macs that > don't support WPA2 would not work with mixed mode either. Windows boxes Maybe I am the only one, but the use of the phrase 'mixed mode' is leading to confusion. Are we talking mixed mode = WEP and TKIP, or are we talking mixed mode = WPA (TKIP) and WPA2 (AES). As far as I am aware, there was an issue with WEP/TKIP on the macs, but there is no issues I have seen so far with TKIP/AES. > mostly worked fine with mixed mode, but if the hardware only supported WPA, > then WZC would try to use WPA/AES (a valid but mostly unsupported option). > You could force it to use WPA/TKIP but if you ever connect/reconnect it would > revert to WPA/AES. Actually, this is a bug with, it appears, Microsoft. I have a case open with them. But the problem where is reverts back to WPA/AES only seems to happen if you have connected successfully to a WPA/AES network. If you have not, your machine will connect, and remain at, WPA/TKIP. > > I don't have a whole of experience with the VPN side of things. It probably > wouldn't work well for guest users and depends a lot on the client. We use > the Cisco VPN client and it is very poor over wireless. We would notice that > if their are any wireless issues at all the VPN client would disconnect, > while TCP applications that were not using the VPN would continue to work > fine. I've heard other VPN vendors (maybe Nortel) have much more stable > clients, to the point that some of them will let you change IP addresses > underneath the connection without losing any sessions. > We use the cisco VPN client, and it has been pretty stable (at least with the newer versions). > > > --David > UT Austin > > > Phone: > 512-475-9299(w) > 512-775-8033(c) > > Public Key at : http://webspace.utexas.edu/~spindler/pubkey.txt > > On Fri, 22 Sep 2006, Crawford, Tim M. wrote: > >> We're doing something a little different from the main Stanford campus. >> The main campus AP's do not use encryption. However, we're currently >> using WEP. We're in the process of looking at the alternatives too (WPA >> vs. VPN). The main campus is looking to require VPN whenever secure >> communications are required...but not requiring VPN by default for AP >> access. >> >> Here at the Stanford Graduate School of Business, we're looking to move >> from WEP to WPA. There are really two arguments that come to mind...and >> they're from the user experience perspective. >> >> Argument for WPA: >> Regardless if you use a laptop with wired connection in your office vs. >> wireless, the experience is the same. If you're off campus, the >> experience is completely different. This appears to be a more widely >> acceptable solution in terms of how users think of the experience >> relationships (on campus/ off campus, wired/ wireless). >> >> Argument for VPN: >> Regardless if you are on campus or off campus, the experience to access >> applications is identical. However, this creates a different experience >> for users between wired and wireless connections...even in their office. >> This also seems to be a more challenging experience for users to keep >> track of. >> >> I'm sure others may have other recommendations. >> >> Regards, >> >> Tim >> >> ______________________________________ >> Tim M. Crawford >> Associate Director, IT Operations >> Stanford Graduate School of Business >> 650.724.2447 >> [EMAIL PROTECTED] >> >> >> -----Original Message----- >> From: Robinson, Ronald [mailto:[EMAIL PROTECTED] >> Sent: Friday, September 22, 2006 12:00 PM >> To: [email protected] >> Subject: [WIRELESS-LAN] WPA or VPN >> >> We are in the process of re-evaluating the security on our wireless >> network. Currently we support Dynamic WEP/802.1x and WPA with PEAP >> authentication. What I would like to know from this group is the pros >> and cons to using WPA/2 or VPN, especially with regards to end user >> support and, if you are migrating from one to the other, your reasons >> for doing so. >> >> ------------------------------------------------------ >> Ron Robinson, Network Architect, Bradley University >> >> 1501 West Bradley Ave. | E-Mail: [EMAIL PROTECTED] >> Morgan Hall Room 205F | Phone: (309) 677-3350 >> Peoria, Illinois 61625 | FAX: (309) 677-3460 >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can be found at http://www.educause.edu/groups/. >> > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > > -- Walter Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734)615-9438 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
