Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: dkff49 on April 11, 2009, 10:20:33 PM
-
I have been given the task of trying to provide internet service to co-workers with laptops in the lounge area of one of the stations that I work at. The unfortuate part is that the internet connection comes into the main office area which almost a dungeon and this station's walls seem to suck radio signals out of the air.
I think I have a solution though, I am just not sure if it will work this way. I have a wired-only router that will connect to the modem at the main computer. I will then run a 100ft cable to a wireless router to a room that will be right underneath the lounge area, which should give me a strong enough signal for the laptops to work.
My question is will this work in this configuration?
Is there something that says that the wireless router needs to be first?
Can I still make this a "secure" wireless network using a password, in this config?
Anything other concerns that I should make sure I address?
thanks in advance for your help
-
Dont use a 2nd router. This will not allow access to the wired network. Use a wireless access point. Basically a "wireless switch"
Sol
-
Dont use a 2nd router. This will not allow access to the wired network. Use a wireless access point. Basically a "wireless switch"
Sol
Nope, most 'good' wireless routers allow you to disable the DHCP settings so that it acts as a "wireless switch." I've always thought of wireless access points as scam products because they're essentially a wireless router w/o the firewall options, and often times cost more. In my home network I use a linux firewall called ClarkConnect. It runs on XP 2000+ 1gb ram machine I have in my closet. My network diagram looks like this:
D-Link DCM-202 Cable Modem -> ClarkConnect Computer -> D-Link DI-524 Wireless Router -> rest of the network.
My firewall computer does all the ip addressing and such. I have configured my wireless router not to assign IP addresses (DHCP off) and essentially is a wireless access point. Just make sure you assign the wireless signal a WPA/WEP key to make it secure.
If you need any more help let me know.
-
This is the wireless router I have selected to use.
http://www.microbarn.com/details.aspx?rid=102212 (http://www.microbarn.com/details.aspx?rid=102212)
so what you are saying Fulmar, is that I should have no issues using the setup as I proposed right?
I have had 2 routers running before. I had my vonage router running through my wireless here at home with no issues. The difference here is that the wireless is running through the wired this timeand I was not sure if I would be able to set a key to it. I take it from your response though, this should not be a problem.
thanks guys
-
Dont use a 2nd router. This will not allow access to the wired network. Use a wireless access point. Basically a "wireless switch"
Sol
I agree with the Access Point but your incorrect a second router not allowing access to a wired network. If you set the second router up correctly it will work similar to an Access Point. It needs to take its instructions from the main router and not give instructions itself. It acts as a wired or wireless hub.
-
Correct, what you'll want to do for ease of the setup is have a computer and hook it up to the wireless router (via an ethernet cable). The default IP address to wireless router is generally 192.168.1.1. Type that in internet exploder or firefox to log into the wireless router. I'm not familiar with that brand of router, but look through the user manual or call their tech support to find the default login for the control panel on the wireless router.
Like I said, I'm not familiar with that brand or setup of router so the interface may be a little different. You'll first want to set it up so the wireless router has its own IP address manually set. The default is 192.168.1.1, so change it to 192.168.1.2. You may have to power cycle after this (just remember u changed the IP address when logging in). Next you'll want to setup a Wireless Key for the network since all the laptops will be accessing from this computer. Finally you want to turn off DHCP, which essentially assigns IP addresses to all the computers on the network. You'll probably have to power cycle again here and if you want to log back into the wireless router against (just for right now and before u take it all live) you'll have to manually assign the IP address since DHCP is turned off.
Remember, if u mess this part up and can't get back in. Don't panic, there's always a hard reset button on the router that sets it all back to default.
Your Wired router should be ready to go in its default configuration. I'd power down the Wired Router and Modem and start them up in sequence. Power on modem, let it get the signal etc. power on the Wired router, let it boot up etc. Plug the 100ft Cat5 into one of the 4 'switch' ports on the Wireless Router, do not plug it into the Internet port on the Wireless router (it won't work correctly). Power on the Wireless Router. Try connecting to the wireless network with the assigned key etc.
If you have problems, always take it one step at a time.
Say you get connected to the wireless network, but can't surf the net. Problem is most likely that the Wireless Router isn't getting assigned IP or talking to the Wired Router.
Try pinging the rounter. Go to start -> run -> type cmd -> type ping 192.168.1.X and see if you get a response. You can resolve where you can and cannot connect on your network.
Patience is key. When I have to resetup my home network, I usually forget a setting and I never get it right the first try.
If I made any errors, please correct me.
-
Thanks for all the help guys. I actually just ordered the router and cable. After speaking with the person the company put in charge of the security on the computers I found out that they also want to use the mac address filter on the router as well.
My question here is:
How do you find the mac address on a computer? This way I can pass this knowledge on to my co-workers so that they will be able to access the network using their computer, which is the main purpose of the wireless anyway.
Thanks again for all the help guys.
-
there are several ways to find the MAC addy...... easiest I know of is from the command prompt type IPCONFIG /ALL the "physical address" listed is the MAC
-
Fulmar has the right idea...good instructions too. You're basically just setting the wireless router to be a gateway, no dhcp handling at all. If the laptops will handle WPA or WPA2 encryption use that, don't use WEP. You will probably end up using WPA-PSK encryption for security.
-
Dont use a 2nd router. This will not allow access to the wired network. Use a wireless access point. Basically a "wireless switch"
Sol
You can configure many wireless routers to act as a wireless access point. If the router doesn't specifically offer this as an option, configure it "normally" but turn off dhcp. I set up a second wireless router in my home due to coverage issues... My network is like this:
Cable modem
-Wireless router
--gigabit switch
---computer 1
---computer 2
---second gigabit switch
----second wireless router
----wife's computer
It isn't pretty but it works well. I get gigabit speeds between any computer in the house that is wired to one of the 2 switches, and everything else will automatically connect to whichever wireless router has the strongest signal. To help prevent wireless interference, one router is 802.11G, one is 802.11N. Both wireless routers are encrypted via WPA-2.
As for security, just turn on the usual wireless security and it will work fine. If you're really worried about intrusion to a corporate lan, you'll need stronger authentication than just a WPA pre-shared key. But if you aren't worried about someone getting onto the company lan, then WPA or WPA-2 with a passkey you change monthly ought to be enough to keep out casual intruders.
-
For what it's worth, MAC Address filtering doesn't do anything. Any halfway decent network sniffer can pull MAC addresses out of the network traffic even without being logged in or authenticated, since the MAC addy is shared unencrypted in the initial handshake with the wireless router. From there it's trivial to change the mac address in many (most?) network cards to clone one that is authorized on the lan.
Even though MAC addy filtering can help keep out stupid intruders, using MAC address filtering can actually be worse than not using it because to a real network hacker, it indicates that a noob configured the network security. It is so trivially bypassed that it just gives hints that there may be other mis-configured or useless security measures the network admin is mistakenly relying on. It gives them incentive to keep probing for weaknesses.
If WPA-PSK isn't strong enough, the next step that is strong enough to actually help would be something like using smartcards and a centralized authenticating server, plus a really good firewall between your leisure-time lan and the company lan. But at that point your $100 snack bar internet just turned into a $20,000 invoice and an annual service contract with cisco.
-
I appreciate all your help and advice guys and confidently feel that I will have nearly no problem getting this thing to work.
After checking my computer I see that there are 2 physical addresses. One is the wireless and the other (I am assuming) is for the "wired" network card. I will need to make sure that I list this with the instructions to some of my co-workers, especially the ones that are less computer savy than myself.
Again I appreciate all the advice and perrsonally I would not be using the MAC filter but unfortunately that decision is out of my hands.
Thanks alot guys it is always great to find people that are willing to share information.
-
If WPA-PSK isn't strong enough, the next step that is strong enough to actually help would be something like using smartcards and a centralized authenticating server, plus a really good firewall between your leisure-time lan and the company lan. But at that point your $100 snack bar internet just turned into a $20,000 invoice and an annual service contract with cisco.
Err actually WPA-EAP/WPA2-EAP is fairly easy to do on most AP's these days, and if you have a Microsoft server at home all you need to do is enable IAS and you're a few clicks away from enterprise class security. If you don't have a MS server then there's probably some freeware RADIUS software you can grab somewhere.
Sounds like you've been hanging around a cisco consultant eagl :D
-
Sounds like you've been hanging around a cisco consultant eagl :D
Nah, just spend a LOT of time on military networks. When they set up wireless lan to test out issuing laptops to new instructors in lieu of paper manuals and regs, they went straight past conventional encryption to some fairly strong authentication using CAC cards just to get onto the lan, let alone being able to DO anything once on the network. And that was back when the still let us log on with a username/password. Now it's all CAC cards, because anything less is just pretend security... :x
-
Now it's all CAC cards, because anything less is just pretend security... :x
Meh they're just X.509 certs, nothing special.
-
Well, I finally got a chance to start getting this network up and running and run into an unexpected problem. Whenever I add the router in line I lose the internet.
I put the wireless router in line between the dsl modem and the computer just to make sure things are going to work before I stuff the wireless into the ceiling and I lose all internet access. As soon as I take the router back out though the internet comes back. We also tried to connecting a laptop directly to the modem and again no internet. It seems that the only way to the internet works is to have the regular desktop computer connected to the modem and nothing else.
I know there is nothing wrong with the equipment because I took it to my house and connected it the way it will be connected here and it worked with very little effort, but as soon as I try to put the router in between the computer and the modem things go bad.
Is there a way that the modem may be somehow blocking all access to the internet other than the original computer? I find this a little odd since at some point this organization will probably want to replace the computer, but I can't figure out any other reason why the system would be acting this way.
All suggestions are welcome.
-
When you insert the new router between the modem and the computer, it's going to create a new "IP Subnet", using a different range of IP addresses. Perhaps the computer(s) you are using are not adapting to the new subnet in the expected way? If the computers you are using to test Internet access are using the well-known "DHCP" (Dynamic Host Configuration Protocol) system, then they should automatically netotiate a new IP address from the new IP subnet after a re-boot. Did you try rebooting those PCs?
If those PCs have a "static" IP address, then they won't even try to use the new subnet.
Perhaps that is your problem.
You can learn all of the fundamentals of DHCP and Static IP addresses by watching the 2 free movies that are available here:
http://www.askmisterwizard.com/Netw/InternetAddresses/InternetAddresses.htm
Regards,
Peabody
-
I thought of another possibility: "Ethernet Addressing". Some ISPs tie their DSL Modems directly to the Ethernet address of the single computer that is first used with them. It's possible (though not commonplace and not very nice) to restrict IP address to JUST that Ethernet address. Some ISPs have been known to do that, but it's controversial, and, understandably, users HATE it. If that's what is happening, you can probably tell your new wireless router to "emulate" the Ethernet address of the laptop that has been working all along. It will then deceive the ISP into thinking that that laptop is still connected.
Regards,
-Peabody-
-
I thought of another possibility: "Ethernet Addressing". Some ISPs tie their DSL Modems directly to the Ethernet address of the single computer that is first used with them. It's possible (though not commonplace and not very nice) to restrict IP address to JUST that Ethernet address. Some ISPs have been known to do that, but it's controversial, and, understandably, users HATE it. If that's what is happening, you can probably tell your new wireless router to "emulate" the Ethernet address of the laptop that has been working all along. It will then deceive the ISP into thinking that that laptop is still connected.
Regards,
-Peabody-
Not in this case.
-
I have tried restarting the computer and it did not resolve the problem.
I have even tried putting a new computer directly inline with the modem and attempted to access the internet through the wireless with the new computer and both times no internet.
Vulcan why would that not be the case. I was starting to wonder if there was some kind of address filtering as well.
-
How do you find the mac address on a computer? This way I can pass this knowledge on to my co-workers so that they will be able to access the network using their computer, which is the main purpose of the wireless anyway.
if you use MAC address filtering, you will have to edit the router config every time a new network adapter needs to join the network, as well as telling the user the pre-shared key (PSK) for WPA. considering its trivial to spoof MAC and its a pain in the arse to administer, I wouldnt bother with MAC filtering :)
-
I have tried restarting the computer and it did not resolve the problem.
I have even tried putting a new computer directly inline with the modem and attempted to access the internet through the wireless with the new computer and both times no internet.
Vulcan why would that not be the case. I was starting to wonder if there was some kind of address filtering as well.
When you put that new router in, you have to power cycle the modem before the modem is capable of picking up the info it needs from your ISP.
You might have to change some things on your network to do this. First thing is to get that new router configured so it's not pushing I.P. addresses. Whatever system you're gonna configure it from, make sure that computer is using DHCP instead of static IP. You can configure the router "offline" by powering it up without being attached to the modem and connecting to it with a computer via network cable. Open the "admin interface" setup the parameters you want, then attach it to the network.
As Holmes says, DO NOT USE MAC FILTERING...it's a useless pain in the booty effort.
-
Thanks for your responses guys. I knew I would get help here.
I did power cycle the modem but that also did not help.
Where do I look to make sure the computer is on DHCP? As a side note we were also trying to use a laptop which connects with other networks with no trouble accessing the internet, so I am sure it is set up for DHCP. I have been into the admin of the router and it is setup for DHCP also.
The MAC filtering has not been started yet since I am just testing the system before I put the router out at it's permanent location. Unfortunately the person they have as administrator for the computer security wants the MAC filtering on when the system goes operational. That decision is really out of my hands, but again it won't used until the router goes to it's permanent location.
-
Where do I look to make sure the computer is on DHCP? As a side note we were also trying to use a laptop which connects with other networks with no trouble accessing the internet, so I am sure it is set up for DHCP. I have been into the admin of the router and it is setup for DHCP also.
There's the problem...it's over riding the other router by issuing IP addresses in DHCP mode. Just set it up as a "gateway" with no other functions other than to allow wireless access and let the other router issue IP addresses.
The MAC filtering has not been started yet since I am just testing the system before I put the router out at it's permanent location. Unfortunately the person they have as administrator for the computer security wants the MAC filtering on when the system goes operational. That decision is really out of my hands, but again it won't used until the router goes to it's permanent location.
Just have the "administrator" read this stuff (common knowledge):
http://blogs.zdnet.com/Ou/index.php?p=43 (http://blogs.zdnet.com/Ou/index.php?p=43)
http://www.lockergnome.com/it/2005/01/18/the-pitfalls-of-mac-filtering-2/ (http://www.lockergnome.com/it/2005/01/18/the-pitfalls-of-mac-filtering-2/)
http://www.maxi-pedia.com/how+to+break+MAC+filtering (http://www.maxi-pedia.com/how+to+break+MAC+filtering)
As long as you use WPA or WPA2 security...maybe even hide the SSID...you have few worries.
-
There's the problem...it's over riding the other router by issuing IP addresses in DHCP mode. Just set it up as a "gateway" with no other functions other than to allow wireless access and let the other router issue IP addresses.
I may have confused you. At this point in time we have only been trying to use one router, because of the loss of internet whenever we insert a router in between the computer and the modem.
the test we performed was
computer 1 (hardwired) and computer 2 (wireless connection)
connected to wireless router
connected to modem
with this we have no internet
when we put the original computer back onto modem with no router we have internet
when we put computer 2 only on modem with no router we have no internet
-
Vulcan why would that not be the case. I was starting to wonder if there was some kind of address filtering as well.
Because the modem would present it's mac address.
-
Because the modem would present it's mac address.
When and where would that be?
-
...when we put the original computer back onto modem with no router we have internet
when we put computer 2 only on modem with no router we have no internet
Did you try connecting computer 2 via a cable?
-
Did you try connecting computer 2 via a cable?
Yes i did a couple of weeks ago when i originally tried it. This past weekend was actually the second attempt at trying to get anything out of this system. Of course I take the routers home and have no real trouble getting it to work but getting things to operate at work and the problems start.
Additionally i also connected the wired only router with both computers and still no internet as long as there is a router between the computers and modem.
-
Have you tried disabling NAT on the router so it acts as an access point (Make sure you jot down any information given just after disabling NAT)?
-
Have you tried disabling NAT on the router so it acts as an access point (Make sure you jot down any information given just after disabling NAT)?
I have not yet but I will this weekend when I get back to that station for work. Is that appropriate though when at the movement I only have that one router attached to the system?
The other thing that confuses me with that suggestion is I lose the internet if I disconnect the #1 or original computer and place the #2 computer directly to the modem without a router but when reconnecting the original computer directly back onto the modem, The internet works fine.
-
I'm just giving you some things to try in hopes something noticeable pops out. I'm not familiar with Ethernet Addressing so I'm not going to suggest you head off in that direction. From experience I know disabling NAT will force the router to act as an access point. Sometimes that will resolve connection issues similar to what you're encountering.
-
Thanks Denholm I will give it a try this weekend though, it sure can't hurt and it is something that I have not tried.