One more question about security on your APs. Will these do radius auth in lieu of a certificate for WPA authentication? I need to be able to create individual username / password access for each user and I prefer to avoid certificates if possible. Thoughts? Will it work? Has WPA with Radius been hacked previously? If it has I have never seen it and this strikes a good balance between security and sanity of network administration in my opinion. I welcome others insight on this. Security in the Enterprise is important stuff and we all need to make sure we do it right. I am trying.

I could use any feedback from the collective on this subject. What WiFi security plan are you guys rolling out for your enterprise clients? Do I have to bite the bullet and do certificates? If I do then these school networks are not going to be much fun to administer. I am hoping radius auth and WPA together will be enough to meet everyones satisfaction for enterprise security. Thoughts? Insights? Criticism?

PS. I have FreeRadius running on a machine at home with a Linksys WRT54G running WPA authentication as my home wireless rebroadcast AP. Works well till you try to run WDS at the same time. Then it takes a crap.

Harold Bledsoe wrote:


The following security options are available for WDS:


Let me know if you have any other questions.  We use these at our
hotspots and apartment community deployments as well.  They are PoE
enabled and include the power supply and injector.


-----Original Message-----
Behalf Of John Scrivner
Sent: Saturday, August 19, 2006 10:32 AM
To: WISPA General List
Subject: Re: [WISPA] roll your own radios..

One more question for you on your APs. I see they support WPA, WPA2 TKIP

and AES as well as WDS. Can you tell me if your radios will support WPA and WPA2 over WDS? Many radios support one or the other (WPA / WDS) but not both at the same time. I will be needing both at once for my hotspot


Harold Bledsoe wrote:

The one thing I would note about many of the "roll your own" systems is
that typically they consist of a certified module (mPCI card) and a
single board computer.  As long as you stick to single radio setups,
then typically the only thing required is a Declaration of Conformity
(unintentional radiator testing).  This is quite a bit cheaper than a
full certification that has both the intentional and unintentional
radiator tests.  That said, it *does* require the certified module to
have been certified with a wide range of antennas, which is not
done today.

Oh, and consider our horn tooted.  :-)


Harold Bledsoe
Deliberant LLC

-----Original Message-----
Behalf Of George Rogato
Sent: Friday, August 18, 2006 7:06 PM
To: WISPA General List
Subject: Re: [WISPA] roll your own radios..

One reason the non certified manufacturers are not certifying their equipment is because of the changes that take place in such short time periods.

To certify a system, the radio card, the antenna AND "the board" which drives the card has to be certified together as a complete system.

The roll your own non certified equipment changes very fast. It's
a newer faster board or a newer better card. Just a few months ago the CM9 was the rage of Atheros, now seems like the WLMG54 is popular. couple months ago wraps were the ticket and now it's war boards..

I don't think it's likely to see too many certifying systems under
conditions. But I'm sure they could easily be certified. it just takes money.


Matt Liotta wrote:

Jack Unger wrote:
First, our "small group" can certainly influence manufacturers. The voice of an industry trade organization (which is what we are)

a lot of weight if we simply decide to use that voice to speak out. Only if we say nothing, will our voice carry no weight. In that case,

we might as well cease to exist.

We can influence manufacturers by explaining what we want them to produce and if they produce it we will buy it. Take for example the whole thread on MTU size, which seemed to get at least one manufacture

to take notice. That however is because they could actually lose sales

if they don't pay attention to our needs. I personally don't see any benefit provided by current non-certified gear, so its not like I will

start buying the gear if it was certified. Therefore, what incentive would such a manufacture have knowing my position? I guess a better question is what benefit does non-certified gear have over certified gear? I personally don't see the benefit, so why waste time trying to convince the manufacture to certify it?
Second, I'd venture a guess that many WISPA members DO sometimes buy non-certified equipment. We can't make a blanket statement that all WISPA members buy only certified equipment. Even if it were true that

all WISPA members bought only certified equipment (and I'll bet you a

steak dinner that it's not true) what about all the other WISPs and WISP-industry providers who are on our mailing lists and who are influenced by what we say and do? Is it WISPA's job to stand up for what's legal and what's right or should WISPA just say "Forget it, we

don't care, it's not our job, and we're too busy".

I am all for standing up for what is legal, but what does that mean in

practical terms for WISPA?
I submit that it's part of our job to educate the industry. If WISPs don't know that certification is a requirement, then IT'S OUR JOB to help them learn. Once they know the laws of the industry that they

joining then they will want to buy certified equipment.

Why is it our job?
By the way, who would start a business in an industry and then not want to know the laws that regulate that industry? How far would I

(and how smart would I be) if I opened a new restaurant in your neighborhood but I didn't stop long enough to learn about the sanitation laws in your city? Would you feel confident bringing your new girlfriend to my restaurant on Friday night?

Those are interesting questions that don't seem to apply to my

A more analogical question would be should the other restaurants help you learn what you are unwilling to do on your own? How long will a business survive with such an attitude? Why not just wait for them to die on their own?


WISPA Wireless List: wireless@wispa.org


Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to