rconaway
01-30-2009, 09:32 AM
Was this issue addressed yet?
View Full Version : WPA over WDS in 3.31
UBNT-Mike.Ford
01-30-2009, 12:13 PM
Hello,
At this time we still do not allow WPA over AP/WDS link.
It works fine AP/WDS <==> STA/WDS but due to the stateless connection of AP/WDS <---> AP/WDS we have not.
Thanks,
Mike
At this time we still do not allow WPA over AP/WDS link.
It works fine AP/WDS <==> STA/WDS but due to the stateless connection of AP/WDS <---> AP/WDS we have not.
Thanks,
Mike
rconaway
01-30-2009, 12:57 PM
The argument I get is that can secure from client to radio and then it ends up being open for the next couple hops from radio to radio.
UBNT-Mike.Ford
01-30-2009, 01:01 PM
Hey Rconaway,
From what I gather, when using AP/WDS repeaters, most people are using it ina mesh/hotspot type deployment, where they have walled gardens, and/or PPPoE connections running so that even if you were to tap into the wireless you still have no access.
As fo the smaller WISP's generally WEP encryption between repeater nodes is ok.
Thanks,
mike
From what I gather, when using AP/WDS repeaters, most people are using it ina mesh/hotspot type deployment, where they have walled gardens, and/or PPPoE connections running so that even if you were to tap into the wireless you still have no access.
As fo the smaller WISP's generally WEP encryption between repeater nodes is ok.
Thanks,
mike
rconaway
01-30-2009, 01:09 PM
Mike, think BIG!!! Let's get those metropolitan Wifi deployments going again. Time to start competing with the big boys. For that, you have to secure the hops too.
UBNT-Mike.Ford
01-30-2009, 01:12 PM
Hey Rconway,
I do completly understand and is something I have been pushing for. Howerver, once we do that we lock ourselves out of bieng compatible with a wide range of devices.
Thanks,
Mike
I do completly understand and is something I have been pushing for. Howerver, once we do that we lock ourselves out of bieng compatible with a wide range of devices.
Thanks,
Mike
rconaway
01-30-2009, 01:14 PM
Mike, let me understand something. Are you saying that if you make WPA over WDS work, that if WPA is not selected, you still lose compatibility?
UBNT-Mike.Ford
01-30-2009, 01:25 PM
Hey Rconway,
Thats the way it was explained to me...not 100% certain, i will have to ask my software guys for a clearer explanation.
Thanks,
Mike
Thats the way it was explained to me...not 100% certain, i will have to ask my software guys for a clearer explanation.
Thanks,
Mike
UBNT-keba
02-02-2009, 02:08 AM
There is all possible combinations regarding WDS and WPA/WPA2 FYI:
1. APWDS(WPA/2)-to-APWDS(WPA/2) NOT WORK
2. APWDS(WPA/2)-to-APSTA(WPA/2) WORKS
All other WEP or no security works in any mode.
1. APWDS(WPA/2)-to-APWDS(WPA/2) NOT WORK
2. APWDS(WPA/2)-to-APSTA(WPA/2) WORKS
All other WEP or no security works in any mode.
rconaway
02-02-2009, 06:23 AM
Iunderstand Keba. However, to create a hop scenario (metro deploymnet) APWDS(WPA/2) to APWDS(WPA/2) would be what needs to work. WEP is useless and I'll get laughed out of a meeting if I propose it.
garyd
02-02-2009, 10:39 AM
There is no standard for WDS which is why cross-vendor and even intra vendor device compatibility is dodgy at best, encryption or no. Also, since devices are bridging and accepting client connections at the same time, throughput is halved for any connected clients. That's why WDS is often used for backhaul via its own radio while another is devoted to connecting to CPE. Anyone expecting to build a sizable metro WLAN with the bullet and its one radio is in for a shock if they expect it to be sufficient for handling both infrastructure and clients. That's not what it was designed for, however, or it'd have two radios. That's why vendors make embedded single-board computers with multiple card slots like the Ubiquiti RouterStation, PC Engines' ALIX, Soekris 48xx, etc.
-Gary
-Gary
rconaway
02-02-2009, 11:08 AM
If I was focusing on WISP functionality, that's one thing. As for WDS plus AP, been there, done that and it works fine. There is a purpose that is well-defined and that function would help. It's not critical but it makes my life a lot easier and cheaper.
As for you municipal idea, how many networks went in at $100K per mile and got 12 clients. Tapei spent $70 million dollars. You overestimate the amount of bandwidth one really needs in a metro deployment. Build it at Yugo prices and see how many people join. If there are more, great. Then you have the budget to expand. If not, you aren't out a whole lot.
However, it's not my focus and is much further down. I don't need WPA over WDS for internet. I really could care less. For the markets I'm working on, it's more important.
As for you municipal idea, how many networks went in at $100K per mile and got 12 clients. Tapei spent $70 million dollars. You overestimate the amount of bandwidth one really needs in a metro deployment. Build it at Yugo prices and see how many people join. If there are more, great. Then you have the budget to expand. If not, you aren't out a whole lot.
However, it's not my focus and is much further down. I don't need WPA over WDS for internet. I really could care less. For the markets I'm working on, it's more important.
jesterz
02-02-2009, 03:29 PM
rconaway:
Since these are so cheap... Couldn't you use pairs in bridge mode with directional antennas to build the backhaul and then use others as APs connected by a small switch in a junction box? Sorry, only thinking Bullet2,2HPs because one could mix and match Bullet2(HP)s with Bullet5(HP)s and go omni all the way on the antennas for a MESH setup. The Bullets if I am not mistaken have a router function in them which would aid in this type of setup. Weather tight enclosure plus AC power conditioning and hardware couldn't cost more than say $100. That would put a three radio location at somewhere in the neighborhood of $400, more or less. I am looking at doing the same thing for my agency's DIY AMR system. Researching this out from every angle though...
anyone:
All this discussion brings to mind another question... Since the Bullets are based on an Atheros chip, could Open-Mesh run on this? I have all ready started testing their mini-routers and am amazed how they work, but they only transmit 60mW.
Since these are so cheap... Couldn't you use pairs in bridge mode with directional antennas to build the backhaul and then use others as APs connected by a small switch in a junction box? Sorry, only thinking Bullet2,2HPs because one could mix and match Bullet2(HP)s with Bullet5(HP)s and go omni all the way on the antennas for a MESH setup. The Bullets if I am not mistaken have a router function in them which would aid in this type of setup. Weather tight enclosure plus AC power conditioning and hardware couldn't cost more than say $100. That would put a three radio location at somewhere in the neighborhood of $400, more or less. I am looking at doing the same thing for my agency's DIY AMR system. Researching this out from every angle though...
anyone:
All this discussion brings to mind another question... Since the Bullets are based on an Atheros chip, could Open-Mesh run on this? I have all ready started testing their mini-routers and am amazed how they work, but they only transmit 60mW.
rconaway
02-02-2009, 03:37 PM
jesterz, you are moving the design to phase 2 and 3. Good job. We already thought all that through and you are correct. We plan on using 5's for backhauls and locos to jump between AP's when the bandwidth needs go up. We also just compiled open-mesh this weekend.
jflaganiere
10-31-2009, 06:47 AM
What are you waiting for?
I am using the UBNT equipment on a Lan in an outdoor environement. I can't use encapsulation..I need security. I planed the deployement but now i backing up...
I can crack wep under 5min...whats the use..?
Thanks.
JF
I am using the UBNT equipment on a Lan in an outdoor environement. I can't use encapsulation..I need security. I planed the deployement but now i backing up...
I can crack wep under 5min...whats the use..?
Thanks.
JF
GeeWiz
11-08-2009, 09:24 PM
Hello,
At this time we still do not allow WPA over AP/WDS link.
It works fine AP/WDS <==> STA/WDS but due to the stateless connection of AP/WDS <---> AP/WDS we have not.
Thanks,
Mike
Mike, Other firmware vendors handle WPA encrypted AP/WDS <> AP/WDS connections why is it such an issue for you guys.
Sure I can buy another router, but there are valid reasons for functionality. I think OpenWrt handles encrypted WDS APs
I'm here today posting because I could not get an encrypted WDS network to work, and after searching I found this post so there are people wanting to do this,
At this time we still do not allow WPA over AP/WDS link.
It works fine AP/WDS <==> STA/WDS but due to the stateless connection of AP/WDS <---> AP/WDS we have not.
Thanks,
Mike
Mike, Other firmware vendors handle WPA encrypted AP/WDS <> AP/WDS connections why is it such an issue for you guys.
Sure I can buy another router, but there are valid reasons for functionality. I think OpenWrt handles encrypted WDS APs
I'm here today posting because I could not get an encrypted WDS network to work, and after searching I found this post so there are people wanting to do this,
UBNT-Mike.Ford
11-09-2009, 01:16 PM
Mike, Other firmware vendors handle WPA encrypted AP/WDS <> AP/WDS connections why is it such an issue for you guys.
Sure I can buy another router, but there are valid reasons for functionality. I think OpenWrt handles encrypted WDS APs
I'm here today posting because I could not get an encrypted WDS network to work, and after searching I found this post so there are people wanting to do this,
Hello,
To keep our devices compatibile with a majority of AP's on the market we leave this functionality out.
WDS is not a standard at this time, and true WDS cannot work with WPA encryption as it requires a 4 way handshake. If we implemented it we would have to pick a specific manufacturers way of doing it, thus limiting us.
At this time we are not in favor of limiting ourselves.
thanks,
Mike
Sure I can buy another router, but there are valid reasons for functionality. I think OpenWrt handles encrypted WDS APs
I'm here today posting because I could not get an encrypted WDS network to work, and after searching I found this post so there are people wanting to do this,
Hello,
To keep our devices compatibile with a majority of AP's on the market we leave this functionality out.
WDS is not a standard at this time, and true WDS cannot work with WPA encryption as it requires a 4 way handshake. If we implemented it we would have to pick a specific manufacturers way of doing it, thus limiting us.
At this time we are not in favor of limiting ourselves.
thanks,
Mike
Languages translations delivered by vBET 3.5.4