Hi,

I have been reading about how TTLS and PEAP works. I figure out every thing except how EAP data is encrypted.

Client autenticates server by verifing its certificate, then TLS tunnel is established. If I undairstand correctly tunnel means that all data that travels trough it is encrypted. But I cant figure out how is data encrypted. Is TTLS using WEP,WAP or is TTLS using some sort of its own encryption system? Whats got TSL record protocol to do with it? Client can encrypt data with servers public key, but how server encrypts data before sending it to client.

I have one more question. When WLAN is in infrastructure (BSS) mode is there any communication between NICs directly or is all traffic going trougth AP.

I see some of you are real experts and I hope you can explain me how it works or post URL to article that explains it.

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Point-to-Point Protocol Extensions Working Group of the IETF.

Title : EAP Tunneled TLS Authentication Protocol (EAP-TTLS)
Author(s) : P. Funk, et al.
Filename : draft-ietf-pppext-eap-ttls-05.txt
Pages : 52
Date : 2004-7-20

You can get more details here
http://www.ietf.org/proceedings/02mar/slides/eap-1/

In TLS we use certificates to establish a secure connection. The advantage with TTLS is that we are not restricted to use just EAP. The same connection (SSL) which is created for TLS would be used for carrying out whatever authentication protocol you want, out of PAP, CHAP, MS-CHAP or MS-CHAP V2

This also means that TTLS doesn't mandate mutual authentication

You got it right!.

If your client adapters are configured to use infrastructure mode with that of the AP, the communication always passes through the Access point.

Two clients will communicate with each other irrespective of thepresence of an access point if & only if the clients are configured to be in ad-hoc mode.

Hope that answers your second question.

Thakns for your answers sniper and das.schnelle.

das.schnelle I think Internet-Draft has expired and is not online any more.

Yesterday I sent email to SMC support but didt get any answer(Like ussualy). If anybody had similar problem, pleas help.

Here is email:

- I just got SMC2586W-G Access pont , SMC2802 EU and SMC2835W EU adapters. I set up WLAN that include AP, two computers and ADSL router . Everything works great until I enable WEP-PKS(TIKP) autentication type. I enter same PSK in AP and adapters. I can access WLAN, but problem is I cant ping AP, Router or any of computers. If I use WEP autentication type everything works great including internet link.

- I measured troughput of WLAN with NetIQ Chariot. Encryption was disabled. When both computers are connected to AP via wireless link I got only 12 Mb/s of troughput. Then I connected one computer via ethernet (UTP cable) and I got 24-25 Mb/s of troughput. Why is there such a difference???

I answerd second problem my self, but I dont know if I am correct.
When both computers are connected via wireless link data has to be send twice first from computer 1 to AP and then from AP to computer 2. When one computer is connected via ethernet, data can be sand from C1 to AP(ethernet link) and AP to C2(wireless link) at the same time, that is why troughput is twice as big.

Hi,

That's a nice question.

The theory behind this is:
wireless clients use csma/ca unlike wired clients which use csma cd.

csma/ca:
At a given instance, only one wireless client's radio communicates with an access point's radio. Is at the same instance/say a few micro seconds later anothe wireless client probes for this AP, it'll find it & show up as connected as well, but in real time it's waiting for the first communication process initiated by the first wireless client .
Once this is done; the second client wireless client adapter communicates & so on.
It happens so fast, that it's hardly noticeable.

Where as wired clinets use csma cd where they sense for data on the wire if found they hold back their data & don't transmit.

Coming into the arena:

An access point has two I/O interfaces.
1[Ethernet RJ 45 port]
2[Wireless radio with antennae]

The job of the access points internal hardware is to switch/convert data from ethernet to wireless packets that can be transmitted through the radios.
So it'd directly take your ethernet wired data & convert it into wirelss data & then transmit. So actually the wireless bandwidth used would be for just one trip of data from AP to wireless client if you use a wireless sniffer.

And if you use to wireless clients, you'd see 2 'wice the value oif the same bandwidth used with the same amount of data transmitted.

so I was right about diference in troughput.

Anybody has any idea why WPA is not working?
It looks like I entered different PSK in devices, but if I did that, then I wouldnt be able to access WLAN.

WPA-PSK
Issues might be usually product specific.
It's pretty simple to configure wpa-psk.

What is the network security setting if any on the Access point.

Open/Shared/mixed are the ones I am familiar with so far.
In certain cases, if you use shared mode with wpa psk i've seen it conflict with the communication but it actually associates. I'd call this one vendor specific. best way is to search for bugs on the vendor's website or if you wanna try one last time
Give it a shot reconfiguring everythin from scratch. Some setting is interfering somewhere if it's not a bug.

Lemme know if u need anything else.