Abstract

This licensed material was released by The Tolly Group for historical purposes in 2025. 

Net architects need a basic understanding of the impact of WEP on the performance of high-demand WLAN applications, such as file transfers. This report identifies performance issues when running Wired Equivalent Privacy (WEP) on 802.11b LANs. The Tolly Group tested 802.11b access points and NICs from these companies: Cisco Systems, Inc; ORINOCO; 3Com Corp. and D-Link Systems, Inc.

While wireless LANs that support the IEEE 802.11b standard are able to deliver a maximum throughput on a LAN segment of about 6 Mbit/s, that throughput expectation does not account for the possible impact that security, such as the Wired Equivalent Privacy (WEP) technology, has once it is enabled on the network. In this report The Tolly Group examines what impact, if any, that WEP has on 802.11b throughput and what security-related factors come into play to influence achieved throughput rates.

Everyone knows that security (as in encryption) is a must for wireless LANs. With shareware programs like NetStumbler, anyone armed with a laptop can link up to your access point (AP) and “join” your network and/or sniff the wireless portion of it.

While WEP is known to have flaws (it can be cracked), it is far better than nothing, sufficient for most non-government corporate needs and at least provides a first layer in a multi-layer security strategy. Consider it the first line of defense.

But WEP is cryptography and crypto consumes resources (time and CPU power). And, there are three key lengths (40 bit/128 bit/256 bit). The longer the key length the “more” secure the data, but the downside is the additional resources that are consumed.

The Tolly Group benchmarked applications that are known to stress the network and thus the client and AP “ends” of the WLAN. Tests were conducted using standard 802.11b protocols (rated at 11 Mbit/s) and, for D-Link, in its proprietary “Turbo” mode (rated at 22 Mbit/s). All research data is based upon hands-on testing of representative 802.11b products.

Key Findings

Performance Impact of WEP Encryption

• WEP encryption can reduce wireless LAN throughput by up to 15-18% depending on the vendor
• Impact varies significantly by manufacturer:
  • 3Com: 9-10% degradation with WEP enabled
  • Agere (Orinoco): 18% degradation with WEP enabled
  • Cisco: No measurable performance degradation
  • D-Link: No performance degradation in standard or "turbo" mode

Actual vs. Rated Performance

• Real-world 802.11b throughput is about 6 Mbps maximum (not the rated 11 Mbps)
• High-performance wireless connections should exceed 5 Mbps sustained
• Test results ranged from 3.55 Mbps to 5.35 Mbps across different vendors

WEP Key Length Impact

• Key length (40/64-bit vs. 128-bit vs. 256-bit) had minimal additional impact on performance
• Longer keys provide better security with negligible performance penalty
• Only D-Link supported 256-bit encryption in the tested products

Cost-Performance Analysis

• Dramatic price differences: access points ranged from $100 to over $800
• D-Link offered the best price-performance ratio at $39-54 per Mbps
• Enterprise products (like Cisco) cost $183-184 per Mbps but offered richer feature sets

"Turbo Mode" Performance

• D-Link's proprietary 22 Mbps "turbo mode" delivered only 6% better performance than standard 802.11b
• Maximum turbo throughput was 5.68 Mbps vs. Cisco's 5.33 Mbps in standard mode
• Proprietary speed enhancements showed minimal real-world benefits

Key Recommendations

Security Best Practices

• Use 128-bit or higher WEP encryption (minimal performance impact for better security)
• WEP is flawed but better than no encryption as a first line of defense
• Monitor networks with tools like NetStumbler to check for vulnerabilities

Network Planning

• Plan for 300-550 Kbps per user with 10 users sharing one access point
• Avoid streaming applications that can consume all available bandwidth
• Consider QoS and bandwidth management solutions for multi-user environments

Implementation Considerations

• Single-vendor solutions may perform better than mixed environments
• Distance and interference will further reduce throughput from test results
• Client CPU performance (750+ MHz recommended) affects encryption overhead

The study concluded that while WEP encryption does impact performance on some systems, the security benefits generally outweigh the modest throughput reduction, especially given the minimal cost difference for longer encryption keys.