Linksys Instant Wireless Dual-Band Wireless Access Point Review



Security Features

The 51AB supports the usual 64, 128, and Atheros' 152 bit WEP key lengths on the 11a side, and 64 and 128 bit WEP for 11b. Both sides allow key entry directly in Hexadecimal, and the 11b side lets you use an alphanumeric passphrase to generate Hex keys. The passphrase method seemed a little funky, however, because although it generated four 64 bit keys, it generated only one 128 bit key. Keys are stored in cleartext and persist through a WEP disable/enable cycle, but can't be saved or read to/from a file.

Oh No!I found that the 51AB suffers from the same WEP security problem as some other 11a APs I've tested. WEP keys are sent as cleartext as part of the URL string whenever you change settings on the WEP Key Setting page and click on the Apply button.

The keys can then be viewed by using your web browser's History feature. Just look for the "Linksys Dual Band Access Point: Apply" History entries. This happens for both 11a and 11b WEP key setting. I told Linksys about this, but have not received an acknowledgement of the problem, or any indication of a fix timeframe.

Note that the AP doesn't support the 802.1X authentication standard, nor does it allow you to stop it from broadcasting its ESSID, or disallow association from clients using an ESSID of "any". Although the last two features are not part of any 802.11 standard, they're helpful for folks who want to get a little bit of extra security from casual wireless "doorknob rattlers".

Finally, the 51AB has a Filtered MAC Address feature. Once enabled, it blocks all wireless clients except the ones with the ten MAC addresses that are entered on the list. I would have liked to see the ability to save and load the list to/from a file, and the ability to choose from a list of in-range clients.

Let's move on to performance.