7. Note about driver support and Xsupplicant

As described in Key Management, one of the big advantages of using Dynamic WEP/802.11i with 802.1X is the support for session keys. A new encryption key is generated for each session.

Xsupplicant only supports "Dynamic WEP" as of this writing. Support for WPA and RSN/WPA2 (802.11i) is being worked on, and is estimated to be supported at the end of the year/early next year (2004/2005), according to Chris Hessing (one of the Xsupplicants developers).

Not all wireless drives support dynamic WEP, nor WPA. To use RSN (WPA2), new support in hardware may even be required. Many older drivers assume only one WEP key will be used on the network at any time. The card is reset whenever the key is changed to let the new key take effect. This triggers a new authentication, and there is a never-ending loop.

At the time of writing, most of the wireless drivers in the base Linux kernel require patching to make dynamic WEP/WPA work. They will, in time, be upgraded to support these new features. Many drivers developed outside the kernel, however, support for dynamic WEP; HostAP, madwifi, Orinoco, and atmel should work without problems.

Instead of using Xsupplicant, wpa_supplicant may be used. It has support for both WPA and RSN (WPA2), and a wide range of EAP authentication methods.