Re: [Aironet] Re: Problem with Linux 2.4.18 and Cisco Aironet 340
Status: Inactive
Brought to you by:
breed
Menu
▾
▴
Re: [Aironet] Re: Problem with Linux 2.4.18 and Cisco Aironet 340
|
From: Benjamin R. <br...@al...> - 2002-04-29 16:21:46
|
If you use the Cisco ACU you will find even more differences in terms and values. If you are a total Aironet shop use the ACU. If you want a common configuration for different brands of cards, use wireless extensions. If you want more access to aironet specific options, use the /proc interface. You can also use ioctls to directly access the card registers. ben Jean Tourrilhes wrote: > On Fri, Apr 26, 2002 at 11:29:00PM +0200, Hadmut Danisch wrote: > >>Hi, >> >>I meanwhile did some experiments. >>I'm using airo_cs, as it is contained in Linux 2.4.18, and >>wireless tools 24. >> > > Good. > But you forgot to refer to the Aironet mailing list. > > >>- nomenclature is confusing: >> >> On the cisco configuration web page from my Aironet 340 >> access point, there are three choices about the >> required use of WEP by clients: "No Encryption", "Optional", >> "Full Encryption". >> >> There are also three modes of authentication: "Open", "Shared", and >> "Network-EAP". >> >> >> In contrast to that, iwconfig uses "off", "on", "open", "restricted" >> about the required use of WEP by peers, and doesn't have a switch >> for choosing authentication. >> > > That's intentional. The Wireless Extension is not Aironet > specific, and has only "basic" features that are easy for the user to > grasp and relate to. There is only 3 level of security and are > properly documented in the iwconfig man page (read it). > o off -> no security > o open -> some security > o restricted -> most security > It's up to the driver to map those 3 simple level to something > meaningfull. It is my belief that the Aironet driver does it properly. > I refuse to expose to the user an abstraction more complex > than that, because : > o it would confuse the user > o it would be a pain to work across drivers. > > >> Again, in contrast to iwconfig, the WEP: entry in >> /proc/driver/aironet/eth0/Config supports the values >> "shared" (i.e. everything starting with 's'), "encrypt" >> (i.e. everything starting with "e") and "open" (i.e. everything >> else), but I'm not sure about the meaning. >> > > This API is closer to the hardware, so should give you more > control and should correspond to Cisco's way of dealing with > security. Personally I've never managed to understand which option is > more secure or less secure, but I believe that people familiar with > Cisco equipement probable know what those mean. > > >> If I do >> echo "WEP: shared" >/proc/driver/aironet/eth0/Config >> then iwconfig shows mode "restricted" >> >> >> If I do >> echo "WEP: encrypt" >/proc/driver/aironet/eth0/Config >> then iwconfig show mode "open" >> >> If I do >> echo "WEP: open" >/proc/driver/aironet/eth0/Config >> then iwconfig shows key off. >> >> >> There's definitely some confusion, this is really >> error-prone. >> >> You should modify iwconfig and the devfs interface to >> clearly distinguish between the accepted authentication mode, >> the authentication mode used, and the accepted encryption mode. >> > > As I say, one of the strength of Wireless Extensions is its > simplicity, and I'm not going to give up on that. > > >>- My Notebook and my access point can communicate only if >> I do >> echo "WEP: open" >/proc/driver/aironet/eth0/Config >> >> on the Notebook and set the access point to "Optional". >> But then, surprisingly, the notebook receives packets from >> the access point, no matter what key I set on the access >> point. >> > > Of course, it mean you are communication without encryption. > If you can't communicate with encryption enable, it's probably > a key mismatch. Also remember that keys have to be in the *same* slot > (same index). > I don't know enough about the Aironet hardware, so please use > the mailing list (as I told you). > > >>The Notebook shouldn't be able to receive anything >> without knowledge of the key. According to the help page >> of Cisco, "Optional" means only the kind of encryption >> required by clients, but not the encryption used by the >> access point. So the access point should send encrypted, >> which it definitely doesn't do, otherwise the Notebook couldn't >> receive. >> > > I guess that optional means optional. > > >>regards >>Hadmut >> > > Regards, > > Jean > _______________________________________________ > Aironet mailing list - Ai...@cs... > http://csl.cse.ucsc.edu/mailman/listinfo/aironet > |
