networking question

[dkff49]

I have been given the task of trying to provide internet service to co-workers with laptops in the lounge area of one of the stations that I work at. The unfortuate part is that the internet connection comes into the main office area which almost a dungeon and this station's walls seem to suck radio signals out of the air.

I think I have a solution though, I am just not sure if it will work this way. I have a wired-only router that will connect to the modem at the main computer. I will then run a 100ft cable to a wireless router to a room that will be right underneath the lounge area, which should give me a strong enough signal for the laptops to work.

My question is will this work in this configuration?
Is there something that says that the wireless router needs to be first?
Can I still make this a "secure" wireless network using a password, in this config?
Anything other concerns that I should make sure I address?

thanks in advance for your help

[Sol75]

Dont use a 2nd router.  This will not allow access to the wired network.  Use a wireless access point.  Basically a "wireless switch"

Sol

[Fulmar]

Dont use a 2nd router.  This will not allow access to the wired network.  Use a wireless access point.  Basically a "wireless switch"

Sol

Nope, most 'good' wireless routers allow you to disable the DHCP settings so that it acts as a "wireless switch."  I've always thought of wireless access points as scam products because they're essentially a wireless router w/o the firewall options, and often times cost more.  In my home network I use a linux firewall called ClarkConnect.  It runs on XP 2000+ 1gb ram machine I have in my closet.  My network diagram looks like this:

D-Link DCM-202 Cable Modem -> ClarkConnect Computer -> D-Link DI-524 Wireless Router -> rest of the network.

My firewall computer does all the ip addressing and such.  I have configured my wireless router not to assign IP addresses (DHCP off) and essentially is a wireless access point.  Just make sure you assign the wireless signal a WPA/WEP key to make it secure.

If you need any more help let me know.

[dkff49]

This is the wireless router I have selected to use.

http://www.microbarn.com/details.aspx?rid=102212

so what you are saying Fulmar, is that I should have no issues using the setup as I proposed right?

I have had 2 routers running before. I had my vonage router running through my wireless here at home with no issues. The difference here is that the wireless is running through the wired this timeand I was not sure if I would be able to set a key to it. I take it from your response though, this should not be a problem.

thanks guys

[TilDeath]

Dont use a 2nd router.  This will not allow access to the wired network.  Use a wireless access point.  Basically a "wireless switch"

Sol

I agree with the Access Point but your incorrect a second router not allowing access to a wired network.  If you set the second router up correctly it will work similar to an Access Point.  It needs to take its instructions from the main router and not give instructions itself.  It acts as a wired or wireless hub.

[Fulmar]

Correct, what you'll want to do for ease of the setup is have a computer and hook it up to the wireless router (via an ethernet cable).  The default IP address to wireless router is generally 192.168.1.1.  Type that in internet exploder or firefox to log into the wireless router.  I'm not familiar with that brand of router, but look through the user manual or call their tech support to find the default login for the control panel on the wireless router.  

Like I said, I'm not familiar with that brand or setup of router so the interface may be a little different.  You'll first want to set it up so the wireless router has its own IP address manually set.  The default is 192.168.1.1, so change it to 192.168.1.2.  You may have to power cycle after this (just remember u changed the IP address when logging in).  Next you'll want to setup a Wireless Key for the network since all the laptops will be accessing from this computer.  Finally you want to turn off DHCP, which essentially assigns IP addresses to all the computers on the network.  You'll probably have to power cycle again here and if you want to log back into the wireless router against (just for right now and before u take it all live) you'll have to manually assign the IP address since DHCP is turned off.

Remember, if u mess this part up and can't get back in.  Don't panic, there's always a hard reset button on the router that sets it all back to default.

Your Wired router should be ready to go in its default configuration.  I'd power down the Wired Router and Modem and start them up in sequence.  Power on modem, let it get the signal etc.  power on the Wired router, let it boot up etc.  Plug the 100ft Cat5 into one of the 4 'switch' ports on the Wireless Router, do not plug it into the Internet port on the Wireless router (it won't work correctly).  Power on the Wireless Router.  Try connecting to the wireless network with the assigned key etc.

If you have problems, always take it one step at a time.

Say you get connected to the wireless network, but can't surf the net.  Problem is most likely that the Wireless Router isn't getting assigned IP or talking to the Wired Router.

Try pinging the rounter.  Go to start -> run -> type cmd -> type ping 192.168.1.X and see if you get a response.  You can resolve where you can and cannot connect on your network.

Patience is key.  When I have to resetup my home network, I usually forget a setting and I never get it right the first try.

If I made any errors, please correct me.

[dkff49]

Thanks for all the help guys. I actually just ordered the router and cable. After speaking with the person the company put in charge of the security on the computers I found out that they also want to use the mac address filter on the router as well.

My question here is:

How do you find the mac address on a computer? This way I can pass this knowledge on to my co-workers so that they will be able to access the network using their computer, which is the main purpose of the wireless anyway.

Thanks again for all the help guys.

[batch]

there are several ways to find the MAC addy...... easiest I know of is from the command prompt type IPCONFIG /ALL     the "physical address" listed is the MAC

[gyrene81]

Fulmar has the right idea...good instructions too. You're basically just setting the wireless router to be a gateway, no dhcp handling at all. If the laptops will handle WPA or WPA2 encryption use that, don't use WEP. You will probably end up using WPA-PSK encryption for security.

[eagl]

Dont use a 2nd router.  This will not allow access to the wired network.  Use a wireless access point.  Basically a "wireless switch"

Sol

You can configure many wireless routers to act as a wireless access point.  If the router doesn't specifically offer this as an option, configure it "normally" but turn off dhcp.  I set up a second wireless router in my home due to coverage issues...  My network is like this:

Cable modem
-Wireless router
--gigabit switch
---computer 1
---computer 2
---second gigabit switch
----second wireless router
----wife's computer

It isn't pretty but it works well.  I get gigabit speeds between any computer in the house that is wired to one of the 2 switches, and everything else will automatically connect to whichever wireless router has the strongest signal.  To help prevent wireless interference, one router is 802.11G, one is 802.11N.  Both wireless routers are encrypted via WPA-2.

As for security, just turn on the usual wireless security and it will work fine.  If you're really worried about intrusion to a corporate lan, you'll need stronger authentication than just a WPA pre-shared key.  But if you aren't worried about someone getting onto the company lan, then WPA or WPA-2 with a passkey you change monthly ought to be enough to keep out casual intruders.

[eagl]

For what it's worth, MAC Address filtering doesn't do anything.  Any halfway decent network sniffer can pull MAC addresses out of the network traffic even without being logged in or authenticated, since the MAC addy is shared unencrypted in the initial handshake with the wireless router.  From there it's trivial to change the mac address in many (most?) network cards to clone one that is authorized on the lan.

Even though MAC addy filtering can help keep out stupid intruders, using MAC address filtering can actually be worse than not using it because to a real network hacker, it indicates that a noob configured the network security.  It is so trivially bypassed that it just gives hints that there may be other mis-configured or useless security measures the network admin is mistakenly relying on.  It gives them incentive to keep probing for weaknesses.

If WPA-PSK isn't strong enough, the next step that is strong enough to actually help would be something like using smartcards and a centralized authenticating server, plus a really good firewall between your leisure-time lan and the company lan.  But at that point your $100 snack bar internet just turned into a $20,000 invoice and an annual service contract with cisco.

[dkff49]

I appreciate all your help and advice guys and confidently feel that I will have nearly no problem getting this thing to work.

After checking my computer I see that there are 2 physical addresses. One is the wireless and the other (I am assuming) is for the "wired" network card. I will need to make sure that I list this with the instructions to some of my co-workers, especially the ones that are less computer savy than myself.

Again I appreciate all the advice and perrsonally I would not be using the MAC filter but unfortunately that decision is out of my hands.

Thanks alot guys it is always great to find people that are willing to share information.

[Vulcan]

If WPA-PSK isn't strong enough, the next step that is strong enough to actually help would be something like using smartcards and a centralized authenticating server, plus a really good firewall between your leisure-time lan and the company lan.  But at that point your $100 snack bar internet just turned into a $20,000 invoice and an annual service contract with cisco.

Err actually WPA-EAP/WPA2-EAP is fairly easy to do on most AP's these days, and if you have a Microsoft server at home all you need to do is enable IAS and you're a few clicks away from enterprise class security. If you don't have a MS server then there's probably some freeware RADIUS software you can grab somewhere.

Sounds like you've been hanging around a cisco consultant eagl

[eagl]

Sounds like you've been hanging around a cisco consultant eagl

Nah, just spend a LOT of time on military networks.  When they set up wireless lan to test out issuing laptops to new instructors in lieu of paper manuals and regs, they went straight past conventional encryption to some fairly strong authentication using CAC cards just to get onto the lan, let alone being able to DO anything once on the network.  And that was back when the still let us log on with a username/password.  Now it's all CAC cards, because anything less is just pretend security...   

[Vulcan]

Now it's all CAC cards, because anything less is just pretend security...   

Meh they're just X.509 certs, nothing special.