Wireless help

mark_s0

Hi

I have a wireless scenario I need some help with. Say I have two access points in a building which have the same SSID configured with the same password - difference being one is using WPA and the other is using WPA2. If I started at the access point configured with WPA and then moved to the area with the access point configured with WPA2, would a client automatically connect to the second access point, baring in mind the difference in encryption techniques? I would've guessed not because of the cipher difference i.e. TKIP to AES. I know WPA2 is backwards compatible with WPA but I'm not sure if it's forwards compatible.

I got asked this at work today and because I wasn't sure, I thought I'd ask my next best source for knowledge!

Thanks in advance.

Devilsbane

Never heard of this working so I'd be guessing no. Give it a try, what is to lose... 15 minutes?

hiddenknight821

Picturing this in my head, I just think it would be too complicated to set it up that way. I haven't thought about it that way, so I would have to try that at home. The answer to your question, I don't believe WPA is compatible with AES encryption, so it can't go forward. You would also have to consider the factors from the wireless clients' perspectives since they may not be able to access it.

You should wait and let the CWNP or Cisco Wireless folks chime in. I'm sure they are very helpful.

mark_s0

hiddenknight821 wrote: »

The answer to your question, I don't believe WPA is compatible with AES encryption, so it can't go forward. You would also have to consider the factors from the wireless clients' perspectives since they may not be able to access it.

These were my thoughts. It's a home network for someone at work so I don't actually have access to it. My recommendation was to configure the WPA access point for WPA2 to match the encryption but my curiosity of the scenario made me post my question.

Thanks for your replies!

hiddenknight821

mark_s0 wrote: »

These were my thoughts. It's a home network for someone at work so I don't actually have access to it. My recommendation was to configure the WPA access point for WPA2 to match the encryption but my curiosity of the scenario made me post my question.

I thought it was a corporation evironment you were speaking of. Nevertheless, that question of yours was indeed intriguing. I have my official CWNP study guide books at home, but never bother reading it since it was originally for classes I had to take for school. I want to get into the book, but I doubt it will be doable until next spring at least since I have to read other stuff too.

it_consultant

No it won't work, it will see the change in security and you will get a red X (if you are on Windows 7) next to the network name when you move from the AES to TKIP access point, assuming that you attached to the AES one first. When you hover over the red x it will say something like "the information stored does not match the network".

Devilsbane

it_consultant wrote: »

No it won't work, it will see the change in security and you will get a red X (if you are on Windows 7) next to the network name when you move from the AES to TKIP access point, assuming that you attached to the AES one first. When you hover over the red x it will say something like "the information stored does not match the network".

This is a good point. I've seen this before when a person I know and their parents both have the same SSID (their last name) and windows doesn't like this because it understands that they are different networks.

Why can't they have the same security settings?

Chris:/*

The only way for this to work is:

Set both AP to have the same MAC address and the same SSID.
Then ensure both are using the same security protocol and encryption key.

The workstation will choose whichever access point has the stronger signal. This is how Virtual Faraday cages work. You set an access point on the outside the perimeter of a wireless network point out to the rest of the world. A parking lot sniffer will instead connect to dead access points. Secure Anchor was the first to use this technique.

hiddenknight821

Chris:/* wrote: »

The only way for this to work is:

Set both AP to have the same MAC address and the same SSID.
Then ensure both are using the same security protocol and encryption key.

Hence, this means there is no solution to the OP's problem. Correct? You had me confused there for a bit because you implied that it's the only way his solution can work.

Chris:/*

Yes there is no solution to the OP original goal. I was trying to provide a way for him to achieve a connectivity goal.

asoft

What is the purpose of giving same SSID and passwords? Why not different SSIDs be given to these routers?

Apart from that, it may have some problem with some Operating Systems/drivers and result in unpredictable behaviour.

Chris:/*

In an enterprise class wireless system it will provide seamless roaming, but there is more to it than just having the same SSID and password. In a home network it allows you to have one configuration only but it will not be seamless. The big problem is you could get stuck router hoping hell if you are in the edge of both router's coverage area. The workstation may continuously attempt to jump from router to router. This can become worse if there is large amount of reflections or the area of overlap is very large.

In a home network it would be better to have two different networks or use a repeater.

mark_s0

As per Chris:/* post, the idea was to provide seamless roaming within their house so they could work in an upstairs study then move to a downstairs lounge and the laptop would connect to the downstairs network using the same SSID and password - their house is big enough that the coverage areas wouldn't overlap hence why they're not using repeaters.

Thanks for your replies everyone, some very interesting posts!

it_consultant

Buffalo sells wireless access points that come preloaded with DD-WRT, you should be able to set up a seamless wireless experience with two of them connected via a WDS type of set up. In essence you will do what I do with my meraki networks except with two open source buffalos at 1/4 the price of two merakis.

Chris:/*

it_consultant wrote: »

Buffalo sells wireless access points that come preloaded with DD-WRT, you should be able to set up a seamless wireless experience with two of them connected via a WDS type of set up. In essence you will do what I do with my meraki networks except with two open source buffalos at 1/4 the price of two merakis.

I was not aware of this thanks.