We now have access to WPA-SPA, but I would like to know your suggestions on what would be the best solution, and which one would not create a large overhead on our network.
If WPA-SPA is recommended, could you please suggest what would be the best configuration to use (i.e., the length of passphrase to use and configuration of router and NIC)?
Your recommendations would be greatly appreciated.
Both WEP and TKIP use RC4 encryption, so you're unlikely to see performance improve when upgrading an existing device to use WPA-PSK. In fact, WPA-PSK adds a message integrity code, reducing space available for data payload, so effective throughput may actually decline. When WPA2 becomes available this fall, we'll see better performance in many products, because WPA2 uses more efficient AES encryption.
Performance, of course, varies between products, no matter which security standard(s) they implement. You might be able to improve the performance of your existing router by tuning advanced performance options. For example:
- Reducing fragmentation size to send shorter frames can reduce the errors caused by collisions. However, sending more frames to carry the same data increases overhead, so increasing fragmentation size can improve performance in the absence of collisions. In most cases, using the fragmentation default is best, but you can try adjusting this parameter to see how it impacts performance.
- If you're seeing a high number of collisions, you can try disabling "protection" (RTS/CTS) or adjusting the RTS threshold. RTS/CTS frames ask for permission to send data. That handshake adds overhead and latency, but is useful when stations can't sense each other to avoid collisions. Disabling RTS/CTS can reduce overhead, but may increase collisions, so adjust this parameter with care.
The best configuration depends on your company's products, so this question is a bit difficult to answer.
This was first published in July 2004