Makers of 802.11 wireless LAN clients now can make their products support special security features offered in Cisco Systems Inc. wireless networks under Cisco Compatible Extensions (CCX), a licensing and testing program announced Monday.

Cisco will license technology free of charge to client silicon makers for supporting enhanced security capabilities Cisco has developed for enterprise wireless LANs, the company said in a webcast with initial partners including Intel Corp., IBM Corp. and wireless silicon vendor Atheros Communications Inc. The security features, some of which Cisco already includes in its gear, complement rather than replace industry standards, the companies said.

Enterprises are facing "a hefty grassroots push" for wireless LAN deployment and need to be able to manage and secure any wireless LANs on their premises, said Chris Kozup, an analyst at Meta Group Inc. who moderated the webcast. The security mechanisms built in to the 802.11 wireless LAN standard have come under fire as not safe enough, and Cisco already offers additional security features for its gear, which primarily is aimed at enterprises.

Cisco, in San Jose, California, also said it will focus its wireless LAN silicon development on access points, the devices at the hubs of wireless LANs, and move away from being a client hardware vendor. It will continue selling Cisco-branded clients to companies that want to use Cisco as a one-stop shop.

With wireless capability going into the guts of many different devices, such as handheld computers, mobile phones and notebook computers, Cisco is leaving it up to others to develop wireless silicon for them, said Bill Rossi, vice president of Cisco's wireless networking unit. Makers of devices and PCs that want Cisco's enterprise-class security in their wireless-enabled products now will have more component sources to choose from, he added.

"It used to be they had to buy a Cisco solution and embed it in their devices. ... Now they have a choice. They're not being driven to a particular vendor's solution as they were in the past," Rossi said.

The new security capabilities will be integrated initially into client adapters and eventually into mobile devices, according to Cisco. In most cases, adapting current client products to support CCX will require only a firmware upgrade, Rossi said. After testing for interoperability with the Cisco wireless LAN infrastructure, Cisco will certify the product as compliant with the specifications.

Cisco has already developed a CCX specification that includes the company's implementations of strong user authentication and encryption, Rossi said. CCX Version 1 includes compliance with the Cisco Wireless Security Suite, compatibility with Cisco's mechanism for assigning wireless LAN clients to virtual LANs, and full Wi-Fi and 802.11 standards compliance, according to the company.

CCX Version 2 will add support for the IEEE 802.1x authentication type PEAP (Protected Extensible Authentication Protocol) and compliance with WPA (Wi-Fi Protected Access) when using various 802.1x authentication types. It also will have some new Cisco wireless LAN capabilities that improve roaming and wireless LAN management, according to a company statement. WPA is a specification developed by the Wi-Fi Alliance industry group. CCX Version 2 will be released to partners in the next 30 to 60 days, Cisco said.

Over time, Cisco expects partners to contribute to CCX specifications.

"I would fully expect (partners) to come up with unique things ... that might make sense to be both in the client and in the infrastructure," Rossi said.

Atheros, in Sunnyvale, California, announced Monday that its multimode 802.11a/b PC Card design based on its AR5001X chipset has been certified under CCX 1.0. Atheros supplies wireless LAN components to several large notebook PC vendors, according to a company statement.

Other current CCX partners include Hewlett-Packard Co., Texas Instruments Inc., Intersil Corp., Atmel Corp., Agere Systems Inc. and Marvell Semiconductor Inc.

Cisco did not formally announce its CCX plans to the Wi-Fi Alliance before Monday's public announcement, said Wi-Fi Alliance Chairman Dennis Eaton. He said the group was studying the news but so far had seen no cause for concern. The company's authentication technology in some ways could complement the tools called for by Wi-Fi's own standard, he said. Eaton applauded Cisco's inclusion of Wi-Fi compliance as part of its certification standard.