How to add a wireless network in a wired network?

Topic

New Reply

There is a wired 10/100 network inside the house. The network is connected to a DSL modem and a router.

If a visitor wants to use his notebook wireless feature to access the internet in the house, what kind of equipment does this visitor need?

Is simply connecting a wireless router to the wired router the way to get this done without intensive configuration change in the existing wired network?

All computers, including notebook, are windows XP.

Reply | Quote

Replies

Firstly, I’d suggest that if the home owner doesn’t intend on using wireless network equipment themself, than the best way to have a visitor connect to the network would be to have them use an ethernet cable to connect via their RJ-45 port. Most of the portable computers these days have built-in RJ-45 ports.

However, if the homeowner decides to have his own wireless equipment in the future, a simple Wireless Access Point (WAP) such as the Linksys WAP54G will plug in nicely to your wired network. Selecting a Wireless Router, would replace the current wired router. A Wireless Router would contain everything in one box, the WAP might be a a cheaper option for the existing setup.

Personally, if I didn’t have a need for wireless myself, I’d stick with the cable for visitors, then the WAP, and finally the Wireless Router.

Reply | Quote

Hi Chris,

It seems Wireless Access Point (WAP) is exactly what the home owner needs for this guest.

Thanks!

Reply | Quote

Do note that a WAP is more expensive than an wireless router, most of which include wired ports as well. Personally, I would avoid wireless if possible. Unless that home owner is fully up on securing a WiFi network, and self-disciplined enough to keep it secure (and experience tells me that clearly the vast majority of WiFi users are not) – then stick to wired.

I am not saying that a WiFi network cannot be secure – but I am saying that out-of-the-box, they are not! And sadly, most WiFi users run though the quick setup guide, get connected, then don’t touch it after that – often out of fear they will break it. ALL THE TIME I find networks that broadcast their SSID, and then I discover the admin passwords are still at the defaults – allowing me to connect and quite often access shared folders and drives on computers on that network. My neighbors are lucky I am not a badguy. Badguys frequently drive around and look for networks to hack into, then use to send spam and malware from that user’s Internet connection – not a good thing – and certainly a good way to bring the wrong kind of attention your way from the security folks at your ISP, or worse yet, law enforcement!

I have a wired router and a WAP. The WAP is set to NOT broadcast the SSID (the default, sadly, does broadcast it) and it is set to ONLY allow the specific MAC addresses of my laptop and my Palm PDA. If a guest (welcomed or not) wants to connect to my network, they use Ethernet.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

Hi Bill,

Since the guest notebook is far away from the wired router, it seems that wireless access is the only choice for the owner to offer.

You mentioned the wireless router also include wired ports as well. Does it mean that the wired network can get the full 10/100 speed from this wireless router?

Let

Reply | Quote

If you scroll down and look at the specs of the popular Linksys WRT54G, you will see that it has 4 10/100 Ethernet (LAN) ports, in addition to being a wireless access.

If the choice is to use a WAP such as the Linksys WAP54G, it connects to the existing router, just as a wired computer does. Access to the shared files on the other connected PCs can easily be controlled by the software based firewalls (such as ZoneAlarm) already installed on those PCs. They do have a firewall installed on all computers, right? If not, they should.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

Thanks for your help.

I have bought a Linksys WRT54G for setting up the wireless access for the guests in the house. The signal strength is strong enough.

The next step is set up the security for the wireless network. There are so many choices in the security set up. The following are the list of the choice:

Disable, WEP, WPA-Personal, WPA2-Personal, WPA-Enterprise, WPA2-Enterprise, or RADIUS

All I need is the password or key for the guest to access the wireless network. Which one of above should I use?

I have already changed the Administrator password. But, the SSID name is still remain default.

Reply | Quote

You will need to setup the security at the lowest common encryption that your guests will have available to them, and that you will willing allow on your network.

Personally, I have 4 wireless devices at home, and in order to use all of them, I can only secure to the WEP (128bit Shared Key) settings. Once I upgrade that one particular NIC, I’ll be able to go to one of the WPA settings.

WPA is better than WEP, but WEP is better than nothing (but not by much).

Reply | Quote

Definitely change the SSID name to something else – and make sure you turn SSID broadcasting off. This will prevent a badguy from parking out front and learning the SSID.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

> This will prevent a badguy from parking out front and learning the SSID.

What this will actually do is add about 20 seconds to the length of time it takes a badguy to learn your SSID. It will also prevent neighbours from seeing your network (unless they are also badguys).

StuartR

Reply | Quote

That’s true – if a true badguy really wants it, he can get it – with the right scanners/sniffers, and know how – just as no security system will keep determined burglars out of your house, or keep your car from being stolen. But let’s not downplay the importance of not broadcasting the SSID. If you want to keep 99% of the badguys out of your house, or from stealing your car, you don’t leave the front door unlocked or the keys in the ignition!

If you are broadcasting your SSID, and the teenager next door tells his laptop to scan for networks, he’s going to see your wireless network. If you have not changed the default password, or you’ve changed it to your dog’s name, he’s in and surfing porn sites with your IP! If you are sharing folders on your PC and have not setup your personal firewall properly, he’s seeing what’s on your computer – and potentially infecting your network with malware. If you live in an apartment complex, any number of people could see your network.

My advice is to wire the house with Cat-6 and get rid of WiFi – and all the headaches and responsibilities that come with it. If you must use WiFi, hide your SSID, change the default password to a “strong” password using alpha, numeric and special characters too. I would also advise you assign static IPs to those nodes that will connect to the WiFi, and then tell the WAP or WiFi router to ONLY accept those IPs, if the device allows that – the router should. Most (if not all) WAPs and WiFi routers allow “Filtered MAC Addressing”. Every device that can connect to a network has a unique MAC address – look for a label on the device – then tell the WAP to only accept connections from those specific MAC addresses.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

If I change the SSID name, disable the SSID broadcasting and assign a WPA-Personal TKIP Shared Key , what will happen when the guest try to access the internet from his or hers notebook? Should I give the guess the SSID and WPA Shared Key?

Reply | Quote

That is correct Dennis. You’ll need to supply the information to anyone you wish to allow access.

Reply | Quote

To allow the guests to access the internet, where should the the SSID and WPA Shared Key be entered in the guests’ notebook?

Reply | Quote

There are two different ways to enter the information.

1. If windows is managing your Wireless Networks
   Start > Connect To > Wireless Network Connection > View Wireless Networks > Change the order of preferred networks > Add
   They can now enter the SSID, set the Authentication to WPA-PSK, set the encryption to TKIP or AES to match your network, enter the key
2. A third party network device driver is managing your Wireless Networks
   Many vendors of Wireless network cards provide software that takes over management from Windows. They are all different and your guest will have to run their network management utility to entre the data.

StuartR

Reply | Quote

[indent]

---

I used to offer similar advice, but a little very simple research on the internet shows that sniffing for SSID’s is trivially easy with no sophisticated equipment, and that sniffing MAC addresses and then spoofing them can be done trivially.

I now think that the inconvenience of these far outweights the security benefits, especially in an environment that wants to allow guest access.

---

[/indent] I guess we will just have to disagree on this – but beg you to do some research and reconsider – locking the front door of the house and taking the keys out of the ignition are trivial too, but still prudent. If we were talking an Internet caf

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

Added: The Toms Wireless FAQ mentioned above has just been ammended and now addresses security, including the issues of SSID Broadcast and MAC address filtering.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

I used to offer similar advice, but a little very simple research on the internet shows that sniffing for SSID’s is trivially easy with no sophisticated equipment, and that sniffing MAC addresses and then spoofing them can be done trivially.

I now think that the inconvenience of these far outweights the security benefits, especially in an environment that wants to allow guest access.

The most important things to do are:

• have a STRONG password
• move from WEP to WAP if at all possible.[/list]StuartR

Reply | Quote

Is there a way to detect if someone is using your network without authorization?

Reply | Quote

It’s not easy.

You may be able to connect to a web page on your Network Access Point that shows the addresses of everything that is connected. If you know what is normally connected then you could possibly spot an extra one.

StuartR

Reply | Quote

Returning to the original question. I have a Linksys WRT54G, although this is a Router it can be configured to act as a WAP, with all of it’s services and routing disabled.

StuartR

Reply | Quote

Just a slight detour – Is the 4 port switch disabled in WAP mode too?

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

> Is the 4 port switch disabled in WAP mode too?

No, when it is run in this mode it acts as a switch with one wireless port.

StuartR

Edited to add…
I had some difficulty configuring the WRT54G as just a WAP at first. I logged a call via the Linksys web site and got a very quick and helpful response, explaining what I needed to do.

SR

Reply | Quote

Pretty versatile device then. It would make sense to buy one of these instead of a more expensive dedicated WAP and just disable the router feature. Perhaps you could post the steps needed to set one up as WAP only?

I understand there were some issues with the initial release of the new 54G”L” model with a Linux kernel – hopefully those have been ironed out.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

> Perhaps you could post the steps needed to set one up as WAP only?

Sure.

• Firstly go to the DHCP server on your network (not the WRT54G, but the one that everything else uses) and make sure you have reserved an address for the WRT54G to use – how you do this depends on the specific device, but the address MUST be in the same subnet as the DHCP scope that this device assigns.
• Log in to the WRT54G user interface
  • Setup > Advanced Routing > Operating Mode > Gateway
  • Setup > Basic Setup >
    • Internet Connection Type > Automatic Configuration – DHCP
    • Local IP Address > the address that you reserved for this device earlier
    • DHCP Server > Disable
      [/list]
    • Make sure that your Wireless security is set up the way you need it. If at all possible configure it to use WPA with a strong password.
      [/list]
    • Connect a standard Ethernet cable from one of the 4 ports on the WRT54G to your other router
      [/list]StuartR

Reply | Quote

Thanks – duly plagiarized – I mean noted/bookmarked.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote

Just a question for you Bill, or anyone else who can answer for that matter. Why would the Access Point be more expensive than the router? In my mind, the router is doing more work, and had more parts – requiring a bigger cost.

Ah heck… it’s computer stuff. Nothing makes sense.

Reply | Quote

My guess is it is a matter of numbers – more wireless routers are made and sold so the manufacturing costs can be spread across more units. Just a guess though.

Bill (AFE7Ret)
Freedom isn't free!

Reply | Quote