[Aironet] Re: Problem with Linux 2.4.18 and Cisco Aironet 340

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Apr 26, 2002 at 11:29:00PM +0200, Hadmut Danisch wrote:
> Hi,
> 
> I meanwhile did some experiments.
> I'm using airo_cs, as it is contained in Linux 2.4.18, and
> wireless tools 24.

	Good.
	But you forgot to refer to the Aironet mailing list.

> - nomenclature is confusing:
> 
>   On the cisco configuration web page from my Aironet 340 
>   access point, there are three choices about the
>   required use of WEP by clients: "No Encryption", "Optional", 
>   "Full Encryption".
>   
>   There are also three modes of authentication: "Open", "Shared", and
>   "Network-EAP". 
> 
> 
>   In contrast to that, iwconfig uses "off", "on", "open", "restricted"
>   about the required use of WEP by peers, and doesn't have a switch
>   for choosing authentication.

	That's intentional. The Wireless Extension is not Aironet
specific, and has only "basic" features that are easy for the user to
grasp and relate to. There is only 3 level of security and are
properly documented in the iwconfig man page (read it).
		o off -> no security
		o open -> some security
		o restricted -> most security
	It's up to the driver to map those 3 simple level to something
meaningfull. It is my belief that the Aironet driver does it properly.
	I refuse to expose to the user an abstraction more complex
than that, because :
		o it would confuse the user
		o it would be a pain to work across drivers.

>   Again, in contrast to iwconfig, the WEP: entry in 
>   /proc/driver/aironet/eth0/Config supports the values 
>   "shared" (i.e. everything starting with 's'), "encrypt"
>    (i.e. everything starting with "e") and "open" (i.e. everything
>   else), but I'm not sure about the meaning.

	This API is closer to the hardware, so should give you more
control and should correspond to Cisco's way of dealing with
security. Personally I've never managed to understand which option is
more secure or less secure, but I believe that people familiar with
Cisco equipement probable know what those mean.

>   If I do 
>   echo "WEP: shared"  >/proc/driver/aironet/eth0/Config
>   then iwconfig shows mode "restricted"
> 
> 
>   If I do 
>   echo "WEP: encrypt" >/proc/driver/aironet/eth0/Config
>   then iwconfig show mode "open"
> 
>   If I do 
>   echo "WEP: open"    >/proc/driver/aironet/eth0/Config
>   then iwconfig shows key off.
> 
> 
>   There's definitely some confusion, this is really 
>   error-prone.
> 
>   You should modify iwconfig and the devfs interface to
>   clearly distinguish between the accepted authentication mode,
>   the authentication mode used, and the accepted encryption mode.

	As I say, one of the strength of Wireless Extensions is its
simplicity, and I'm not going to give up on that.

> - My Notebook and my access point can communicate only if
>   I do 
>   echo "WEP: open"    >/proc/driver/aironet/eth0/Config
> 
>   on the Notebook and set the access point to "Optional".
>   But then, surprisingly, the notebook receives packets from 
>   the access point, no matter what key I set on the access 
>   point.

	Of course, it mean you are communication without encryption.
	If you can't communicate with encryption enable, it's probably
a key mismatch. Also remember that keys have to be in the *same* slot
(same index).
	I don't know enough about the Aironet hardware, so please use
the mailing list (as I told you).

> The Notebook shouldn't be able to receive anything
>   without knowledge of the key. According to the help page
>   of Cisco, "Optional" means only the kind of encryption 
>   required by clients, but not the encryption used by the
>   access point. So the access point should send encrypted,
>   which it definitely doesn't do, otherwise the Notebook couldn't
>   receive.

	I guess that optional means optional.

> regards
> Hadmut

	Regards,

	Jean