Extend the Reach of Wireless Networks
As I'm sure you know, WLANs have become popular for sharing files and Internet connections. WLANs are easier to set up than conventional wired Ethernets, since there are no cables involved, an important consideration for residential applications and some small-business settings. Also, WLANs offer flexibility. Network users are no longer tied to a desk near an Ethernet outlet. With a WLAN, they can roam around the office or home.
But WLANs have their downsides, too. For one, network speeds on standard WLANs are generally lower than those on commonly available and inexpensive wired Ethernet LANs. While the forthcoming 802.11n wireless standard will enable greatly improved WLAN speeds, the standard is not expected to be approved before 2008. True, "pre-n" wireless gear is currently available, but using these devices to implement a network remains risky. You could end up buying gear that turns out to be a technological dead end, especially if software upgrades to 802.11n for your chosen equipment are not made available.
For another, unless you use expensive Tier-1 wireless networking gear, each device will have only one radio inside of it. This means the same radio that enables computers to access the WLAN also has to retransmit data to and from the other wireless bridge. This further reduces throughput.
Finally, WLANs are inherently less secure than wired Ethernet LANs. That's because wireless network signals are broadcast through the air, where they are relatively easy to detect and grab.
Despite these drawbacks, sometimes a WLAN is still the best--or even the only--way to build a local area network. So let's get started by setting up a WLAN using the Wireless Distribution System (WDS) for the purpose of sharing a cable-modem Internet connection. WDS is a protocol that allows wireless access points to connect directly to one another, extending a WLAN.
INGREDIENTS
Aside from the end-user PCs, to build this setup, you will need the following hardware:
- Cable modem: You can use one that does not require any configuration other than being provisioned by the Internet Service Provider (ISP). I've had good results with Motorola cable modems, which can be purchased for under $100 at many electronics retailers. The principles discussed in this recipe can be used to share a DSL or T1 connection, too.
- Router: This acts as the network's firewall and enables multiple hosts to access the Internet. Any of the sub-$100 routers sold as Internet gateways by SMC, Linksys, Netgear or D-Link should work fine.
- Wireless access points (WAPs): You will need two of these, which support a Wireless Distribution System (WDS). The WAPs I use and recommend for this recipe are SMC 2586W-G. Other vendors, including Netgear, make similar devices. WAPs that support WDS tend to be more expensive than those you can pick up at your local electronics mart, and they are often part of the maker's "professional products" line. Prices are in the range of $150 to $300, and you may need to order them online (NewEgg.com, for example).
- Ethernet patch cords: You will need two of these. One to connect the router to the cable modem, and one to connect WAP1 to the router.
- Surge protectors or battery backups: I recommend battery backups (aka uninterruptible power supply or UPS), which also function as line conditioners. These offer better protection for the devices they power than plain surge protectors. I've had good luck with UPS units from APC, but units from any major vendor should work just as well. Because the network elements discussed in this recipe don't draw a lot of power, if the UPS will not be powering other equipment, then smaller units selling for around $100 should work fine.
For best performance, all wireless clients should support the 802.11g standard. If even one 802.11b client connects, the entire network will slow to "b" speeds. Also, if you have access to a laptop with a wireless card, using that will be easier than trying to configure all the network elements with multiple desktop PCs.
Here's a diagram of the network we'll be building in this Recipe:
DO A SITE SURVEY
Before you start building your WLAN, it's important to do a site survey. This will help you determine the best places to put the WAPs. It will also help you determine whether other WLANs or devices could cause interference along the network.
The easiest way to check for potentially-interfering WLANs is to walk around the site with a laptop running Netstumbler. It's a Windows application. If you use a Mac laptop (as I do), I recommend going with iStumbler instead.
The following screenshot shows the networks detected by iStumbler in my office:
Aside from other WLANs, you may encounter interference from devices that emit radio signals in the 2.4 GHz band. These may include microwave ovens, cordless phones, garage door openers, even baby monitors. Unfortunately, these devices won't be detected by your Stumbler application. So you will have to ask your client in advance if any of these devices are nearby, or detect their presence by encountering interference with the actual WLAN after setup.
While conducting your site survey, take note of potential physical barriers to the wireless signal. Certain materials, such as rebar and concrete, can attenuate or block wireless signals. If you uncover any such materials during your site survey, you will need to design the network so that signals aren't trying to pass through them. If that isn't feasible, then a wireless network may not be the appropriate solution to your customer's networking needs. CONFIGURING THE ROUTER AND WAPs
As I mentioned earlier, the cable modem doesn't need to be configured once it is provisioned by your ISP. You can confirm that the cable modem is properly set up by connecting a PC to its LAN port, then seeing whether you can access the Internet. Be sure to power-cycle the modem before connecting it to the router.
The first device to configure is the router. Start by connecting the router's WAN port to the cable modem's LAN port. We'll leave the router's configuration mostly stock. For instance, I've left the WAN port on my router as a DHCP client, so it will automatically get its IP and DNS servers from my ISP. I configured the LAN port's IP address as 192.168.1.1 with a subnet mask of 255.255.255.0. I then activated its DHCP server, so that hosts connected to the LAN can automatically obtain an IP address.
Next, configure WAP1. The WAP I used for this recipe is the SMC 2586W-G, but many other vendors make similar devices, and the basic principles in this article can be applied to other units. Although the specific interface to other vendor's devices will vary from the SMC units, following the steps described in this recipe will allow you to set up an extended WLAN, no matter the manufacturer of the equipment you use.
Connect your laptop directly to WAP1. The SMC 2596W-G will factory default to an IP address 192.168.2.50 with a subnet mask of 255.255.255.0. Configure your laptop with an IP on the same subnet (for example, 192.168.2.51). Then connect it directly to the WAP with a crossover cable, and point your Web browser to 192.168.2.50. Login to the WAP with the default user/password combination admin/smcadmin. Go to TCP/IP > Addressing. Change "Method of Obtaining IP Address" to "Manual," and set IP address to 192.168.1.2/255.255.255.0, with a default gateway of 192.168.1.1.
The following illustration shows the screen in which we'll configure how the device gets its IP address, and allows you to specify the details:
Next, disconnect your PC from WAP1, and connect both to the router. Then log back into WAP1 at its new IP address.
Go to the Home screen, and note down the MAC Address (BSSID). I suggest copying it to a text file on your PC. You will need this for configuring WDS. The following illustration provides an overview and summary of the WAP's configuration:
Next, go to General > Operational Mode. Confirm that the operating mode is Access Point/Bridge. The following screenshot shows how the WDS link we're configuring will not work if the device is in a different mode than Access Point / Bridge:
Next, go to IEEE 802.11 > Communication. The following illustration shows where to configure the WAP's wireless communications:
If 802.11b clients will be used, select "Mixed" Policy. If there will only be 802.11g clients, then select "g only." Even though 802.11g WLANs theoretically support a throughput of 54 megabits per second (Mbps), if an 802.11b client connects, the entire network will slow to "b" speeds.
Select a wireless channel for the least interference. Try to use a channel at least two channels away from any adjacent WLANs. For example, if there's a nearby WLAN operating on channel 11, select channel 9 or lower. Choosing the best channel may require some trial and error.
Next, under Wireless Distribution System, enter the wireless MAC address of the other WAP, and select the Port Enabled checkbox. After you've finished, make sure you click the Save and Reboot button, which should be displayed in the browser.
With the first WAP configured, you now need to configure WAP number 2 ("WAP2"), which is used to extend the reach of the WLAN. On WAP2, repeat the same configuration steps you performed on WAP1. But this time, set the IP address to 192.168.1.3, and set the MAC address you enter in the IEEE 802.11 screen—shown in the related illustration above—to the MAC address of WAP1. If your WAPs are placed within range of each other and you don't have any disruptive interference, you should have a working WDS link between the two WAPs. Verify there is a link by associating a PC to WAP2 and obtaining an IP address.
Here's how to ensure that the link is good. From the PC, do an extended ping of the router's LAN IP without significant packet loss. Open a command prompt and type: ping -n 100 192.168.1.1. This will send 100 ICMP packets to the router, instead of Windows' default of four, when you run a ping. The loss of an occasional packet isn't serious. But if it's more than a few percent, try changing the orientation of the WAPs' antennas. Alternatively, move WAP2 to a new location where it will receive a better signal.
If you encounter interference from non-network devices, such as a microwave oven or cordless phone, try changing the WAPs to a different radio channel. Or simply move them elsewhere for a better signal. SECURING THE WLAN
Now it's time to secure the network against unauthorized users. The exact method you use will depend in large part on which mechanisms your client supports, especially when it comes to encryption. For example, while WEP is supported by virtually all wireless clients, it's not too strong. WPA offers much stronger encryption, though it may not be supported by your clients.
To minimize vendor-vendor incompatibilities, it's best to use the same vendor for your WAPs and wireless adapters. Laptops frequently come equipped with onboard wireless network cards. You will have to pick the encryption level most compatible with your systems.
There are three other things you can do to further secure the wireless LAN. First, disable SSID broadcast. By doing so, you tell the WAPs not to advertise their presence to all wireless clients.
Second, enable MAC-based filtering. This allows you to specify which wireless hosts will be permitted access to the LAN. (In other words, deny all except those specified). Alternatively, the SMC 2586W-G also allows you to specify which hosts will not be allowed to connect to the LAN (i.e., allow all except those specifically denied). Choose the one that best meets your security model.
Third, you may also want to enable wireless client isolation. This is akin to placing each client on its own VLAN, so that they can access the network, but not each other. This function is especially valuable if the WLAN will be open to the public.
Here's a screenshot of the WAP's Security configuration screen:
Congratulations! You should now have a network with cable-modem Internet access that is shared by two wireless access points, extending beyond the normal reach of a WLAN. Such an extended WLAN is useful in situations when you cannot run wired Ethernet connections or if you need the flexibility provided by network access without a tether. By carefully setting up the WLAN to avoid interference and ensure a reliable, secure connection, a system builder can meet the needs of clients who otherwise might not have the means to network their home or office.
DAVID S. MARKOWITZ is a computer network and integration consultant who serves SMBs and home users in the Philadelphia area.