05-19-2009 01:36 PM
We're having a debate about how to go about implementing AES. I see that there are three alternatives:
1) Use of Mixed Mode on the existing SSID, which I'm told is problematic.
2) Keep the existing SSID and create a new SSID that requires AES as its authentication piece. This will require any user who wishes to utilize AES to to switch to the new SSID, but will preserve a user base on the old SSID. Retiring the old SSID might take a while, and this is the precise reason for not liking this option.
3) Modify the existing SSID to require AES. This has the potential of alienating users who cannot utilize AES. Is it a given that any 802.11g card can handle AES, possibly requiring at worst a driver upgrade? If not, this may potentially require some users to upgrade their laptops, cell phones, PDAs, etc.
I'm assuming any 802.11b user is just out of luck as far as AES goes. Am I overlooking anything?
05-20-2009 07:50 AM
05-20-2009 04:36 PM
I can't remember the command though to see what people were authenticating on. Anyway, we had no problems at all just switching over, absolutely no complaints.
Even if people have the SSID hardcoded in to use TKIP, Windows machines will automatically switch to AES if that is what the SSID requires, unless they are running XP SP2 without the WPA2 patch, which is just a simple download from microsoft.
Bottom line is we had no problems with what you are proposing. We also have an OPEN network in addition to WPA2, which only allows port 80 traffic and students haven't complained.
05-20-2009 07:42 PM
The command to see what encryption or "cipher" your clients are using is "show dot1x supplicant-info list-all". It is detailed in the post here: https://airheads.arubanetworks.com/vBulletin/showt
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs