13. Failed experiments

Not everything is wonderful - or at least interoperable - in WPA-land. Intersil-based clients and the Belkin Broadcom-based AP don't appear to get along very well, for instance. When I tried to get the Linksys WPC11v3 to talk to the Belkin AP with WPA-PSK enabled, the AP locked up, requiring a power cycle to reset it.

I had a little better luck when I tried a WPA-enabled Intersil Duette reference card supplied by Intersil. It couldn't associate, but at least it didn't lock up the Belkin AP!

As I was getting ready to publish this NTK, Atheros provided me with WPA-capable drivers that I tried with a NETGEAR WAG511, which is based on Atheros AR5001X+ a/b/g chipset. Unfortunately, I was unsuccessful in getting the Atheros client to work with WPA enabled. With the Intersil / Ubicom reference setup, everything worked fine with WPA disabled. But when I enabled WPA-PSK, I could associate with the AP, but not pass traffic.

When I tried the client with the Belkin AP, it won't even associate with WPA-PSK enabled, but again, worked fine with WPA-PSK disabled. I was unable to obtain any Atheros-based 11g APs to test the card with, so can't say how an all-Atheros solution works.

A Few More Points of Note

As I looked over this NTK, I found there were still a few important points that I hadn't covered in other sections. Since they're loosely related, I'll just put them up in "bullet" form:

No Mixing allowed!
It appears that the APs that I looked at don't support WEP and WPA-enabled clients simultaneously. This function is not part of the WPA spec because any WEP-based clients would be the weak link in the security chain. A mixed WPA / WPA2 mode will be part of the WPA2 spec, but that's still a ways off. For now, your choice of security modes are none, WEP (of various key lengths depending on your chipset vendor), and WPA.

Updated August 17, 2003 After having a reader point out that the SMC2804WBR 802.11g router does support WEP and WPA simultaneously, i asked the Wi-Fi Alliance for clarification of their position on this subject. Here is the reply I received from C. Brian Grimm, the Alliance's Marketing Director:

- Mixed mode WPA (simultaneous WEP and WPA clients in one BSS/ESS) is discouraged by the Wi-Fi Alliance because this mode of operation is inherently insecure.

- WPA Certification testing includes a negative test to ensure that the device under test does not support mixed mode in its default configuration.

- However, as a general rule, any vendor is free to offer any proprietary feature above and beyond Wi-Fi features. LEAP is probably the most famous example. LEAP-enabled products may still receive Wi-Fi Certification even though the LEAP feature is not part of any Wi-Fi certification test. Similarly, if a vendor offered a mixed mode feature that was not part of the product's default configuration, though the Alliance discourages this, the product could still be WPA and Wi-Fi Certified.

No AdHoc support
WPA currently supports Infrastructure mode only, with AdHoc mode support delayed until WPA2. The larger impact of this missing feature may be on Wireless Ethernet Bridges like the Linksys WET11 and WET54G, which perform some of their more useful tricks in AdHoc mode.