[PLUG] WAP networking (learned at clinic)

Keith Lofstrom keithl at kl-ic.com
Mon May 17 10:47:02 UTC 2004


Russell Senior writes:

> While helping set up Rich Shepard's Linksys acess point, I was
> somewhat astonished to find that the wireless network was essentially
> bridged with the inside interfaces (the hub side) of the device.
> Essentially (pardon the ASCII art):
>
>   OUTSIDE                   INSIDE
>
>                        ((*))
>            +---------+  / \   wireless
>            |         |   |
>  to        |         +---+
>  cable/dsl |         |
>      ------+         +---     4 ethernet ports
>            |         +---
>            |         +---
>            |         +---
>            |         |
>            +---------+
>
> All of the INSIDE, wired and wireless are all on the same subnet,
> e.g., 192.168.xxx.0/24.
>
> In my linux-based router at home, my PCI wireless card uses a separate
> network for its interface from the other "inside" network.  Do all
> WAP's behave like Rich's Linksys?  I kind of like being able to
> separate the networks.

When you think about it, putting things on the same subnet makes 
sense for most users.  They want to reach their printer and their
desktop from their wireless laptop, and probably couldn't handle
writing routing tables, especially if they had multiple switches
and subnets.

The Linksys WAPs and the Siemens Speedstream WAP do it that way.  I
prefer everything on one subnet myself, as I use my server's DHCP to
assign the same persistent ID to my laptop whether it is tethered or
wireless.  I feed my network with a crossover cable into one of the
4 ethernet ports on the back of the WAP, so the WAP ethernet ports,
and the wireless, are both extensions of the internal network.  I
have WEP to keep out the casual interloper, and SSH between machines
to slow down the folks that get through WEP, and Smith&Wesson to take
care of the folks that penetrate my physical security ( a much more
likely risk, IMHO ).

If you want a separate net, you can connect one of the WAP "internal"
ports to a separate E'net port on your server or firewall.  Otherwise,
you can use the cable/dsl port of the WAP to connect to the internal
network and get a different subnet, albeit one that inherits the
internal network's security.  And if you don't like the way THAT
works, buy a WRT54G and install one of the hacked firmware versions
that works the way you prefer, routing tables and all.  As the Perl
folks say, "there's more than one way to do it".

Keith

-- 
Keith Lofstrom           keithl at ieee.org         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs




More information about the PLUG mailing list