netbsd-help: Re: Wireless access point

Subject: Re: Wireless access point
To: NETBSD-HELP <netbsd-help@netbsd.org>
From: Will Roberts <will.roberts@arctos.com>
List: netbsd-help
Date: 03/04/2003 12:12:38
At 08:36 AM on 3/4/03, "Christian Fredrickson" <fredrick@eng.utah.edu> wrote:

>I would like to setup a NetBSD firewall that will provide secure wireless
>access to my users. I would like to use Active Directory LDAP to provide
>user authentication. I would like to run 802.1X protocol for security. Does
>anyone have a similar setup or have any suggestions for going about this?
>
>Thank you all,
>
>Chris


I am sure that there are many ways to do this and this is just one:

We have a small ethernet LAN connected to the internet via a machine
configured as a NAT router.  We wanted to allow some of our users to
access the LAN via notebook computers equipped with generic 802.11b
wireless PCMCIA (now called "PC") cards.

What we did was acquire a basic inexpensive wireless router (in our
case an HP hn200w, but any of the similar linksys, asante, netgear
equivalents would probably work.)

These devices are marketed for use as a home LAN "internet gateway" with
built-in NAT router capability, but there is no reason that one has
to use the NAT router functionality.

Were you to look inside one of these devices, you'd find that its internal
elements could be represented as a logical block diagram something like
this:

                                                              o
                                                              | antenna
          +--------+       +--------+        +----------+     |
   WAN <->| NAT    |<----->|        |<------>| 802.11b  |<----+
   port   | router |       |        |        | wireless |
          +--------+       |        |<--1    | access   |
                           |  10/   |        | point    |
                           |  100   |<--2    +----------+
                           |  HUB   |
                           |        |<--3
                           |        |
                           |        |<->4 uplink <--- connect to existing LAN
                           +--------+

That is to say, the three "elements" shown above are all bundled into
a single small box sold as a wireless LAN internet gateway.  From the
outside, the device has one RJ-45 WAN port and four RJ-45 LAN ports
with one of the LAN ports configurable as an "uplink".

What we did was ignore the NAT router component and use the device as
if it were just a simple ethernet HUB and wireless access point.  We
connected the "uplink" port (NOT the WAN port!) to our ethernet LAN just
as if it were another local device.  We set up the various features
(WEP encryption, IP address, etc.) in accord with the device's manual
and we were good to go.

The hub acts just like an ordinary dumb hub and the wireless access point
acts like an ethernet-to-wireless bridge.  Any wireless machine connecting
to the access point is handled as if it were just plugged into any ethernet
RJ-45 on the LAN.  DHCP, authentication, etc. are handled just the same
as your network handles them for wired machines.

And all this for about $75.

If the geometry you want to cover is small enough and without too many
obstructions (such as a small office or office suite or a classroom), this
will work very well for 6-10 concurrent wireless users.

Cheers,
Will