Adding wireless access point to LAN

Talk about topics not relating to cars.
Post Reply
Oskar
Senior Member
Posts: 1273
Joined: Wed Apr 14, 2004 5:21 pm
Location: Plymouth, MN
Contact:

Adding wireless access point to LAN

Post by Oskar » Sat Dec 09, 2006 8:01 pm

I have a wired LAN in the house and looking to add a wireless access point. The primary reason for the wireless is so that the kids can access to the internet with theis PSPs. I'm looking to add a Wireless G broadband router that we got for cheap.

I'm looking for some advice on how to best connect this without compromising the security of the rest of our home network. Can I set up a separate channel (DMZ?) on my primary router for the wireless router and thereby shielding the rest of the network from the wireless?

Thanks,
Oskar

mjannusch
Senior Member
Posts: 2413
Joined: Wed Apr 14, 2004 2:35 pm
Location: Hudson, WI
Contact:

Post by mjannusch » Sat Dec 09, 2006 10:35 pm

Most home routers don't have a specific DMZ port on them.

If the PSP will do WPA now (I believe they do with the more recent firmware versions) then set up the wireless with a long passphrase for the WPA shared secret key. As long as you use a long key, the chances of someone breaking into your wireless are very low. Whatever you do, don't use WEP of any bit length.
-Matt
'18 Camaro SS Convertible
'15 Corvette Stingray Z51 ([email protected] - 100% stock)
'95 3000GT Spyder VR4 ([email protected] - 540 awhp)

User avatar
CDeutsch
Senior Member
Posts: 1175
Joined: Mon Apr 19, 2004 5:10 pm
Location: Minneapolis, MN

Post by CDeutsch » Sat Dec 09, 2006 10:41 pm

I have a Linksys WRT54G with Sveasoft 's Firmware loaded (free Alchemy version).
http://www.sveasoft.com/
http://www.sveasoft.com/modules/phpBB2/ ... lder_id=10

It will let you setup VLANs and you can pick and choose which ports on the router go to which VLAN.

They support other routers then the WRT54G but that one is most popular.
Christopher
08 997 TT

Oskar
Senior Member
Posts: 1273
Joined: Wed Apr 14, 2004 5:21 pm
Location: Plymouth, MN
Contact:

Post by Oskar » Sun Dec 10, 2006 4:05 am

Thanks for the replies. I have a four year old Linksys BEFSR41 router (with four year old firmware). One port of the router is set up for port forwarding to a Vonage router and one port is connected to a Netgear FS116 switch. Ideally I'd like to isolate one of the ports on the Linksys and connect the wireless router to this port thereby providing wireless access without allowing the wireless to see the rest of my network. Will port forwarding accomplish this?

Sounds like I'll need to read up on WPA & WEP. I am a total noob when it comes to wireless.

Thanks,
Oskar

User avatar
CDeutsch
Senior Member
Posts: 1175
Joined: Mon Apr 19, 2004 5:10 pm
Location: Minneapolis, MN

Post by CDeutsch » Sun Dec 10, 2006 4:44 pm

Do you have a wireless router or access point yet? If not, I'd get one that does routing.

I don't think what you described would work because you'd have the wireless clients NAT'd behind your wired LAN (which means they'd have access to it). It would be better to go the other way. Have your wireless router/access point connected directly to the WAN and then use your BEFSR41 to NAT off the wireless router.

So it would be:

WAN - Wireless LAN - Wired LAN

Instead of

WAN - Wired LAN - Wireless LAN
Christopher
08 997 TT

Oskar
Senior Member
Posts: 1273
Joined: Wed Apr 14, 2004 5:21 pm
Location: Plymouth, MN
Contact:

Post by Oskar » Sun Dec 10, 2006 6:11 pm

CDeutsch wrote:Do you have a wireless router or access point yet? If not, I'd get one that does routing.

I don't think what you described would work because you'd have the wireless clients NAT'd behind your wired LAN (which means they'd have access to it). It would be better to go the other way. Have your wireless router/access point connected directly to the WAN and then use your BEFSR41 to NAT off the wireless router.

So it would be:

WAN - Wireless LAN - Wired LAN

Instead of

WAN - Wired LAN - Wireless LAN
Interesting.

Yeah, we just picked up a wireless router. In what you were describing it seems that I wouldn't even need the BEFSR41 anymore since I'm running my wired LAN off the Netgear switch. Does that sound correct?

User avatar
CDeutsch
Senior Member
Posts: 1175
Joined: Mon Apr 19, 2004 5:10 pm
Location: Minneapolis, MN

Post by CDeutsch » Mon Dec 11, 2006 1:53 am

Oskar wrote:
CDeutsch wrote:Do you have a wireless router or access point yet? If not, I'd get one that does routing.

I don't think what you described would work because you'd have the wireless clients NAT'd behind your wired LAN (which means they'd have access to it). It would be better to go the other way. Have your wireless router/access point connected directly to the WAN and then use your BEFSR41 to NAT off the wireless router.

So it would be:

WAN - Wireless LAN - Wired LAN

Instead of

WAN - Wired LAN - Wireless LAN
Interesting.

Yeah, we just picked up a wireless router. In what you were describing it seems that I wouldn't even need the BEFSR41 anymore since I'm running my wired LAN off the Netgear switch. Does that sound correct?
What model wireless router did you get? And what kind of internet do you have? Or even better what model device do you have that handles your connection to the internet? (Some DSL routers have NAT builit-in while cable modems usually just give you a public IP) You may still need the BEFSR41 since the Netgear switch probably doesn't do NAT.
Christopher
08 997 TT

Oskar
Senior Member
Posts: 1273
Joined: Wed Apr 14, 2004 5:21 pm
Location: Plymouth, MN
Contact:

Post by Oskar » Tue Dec 12, 2006 4:22 am

Chris,

thanks for you willingness to help out with this. It is much appreciated!
I have Comcast cable.
Motorola Surfboard SB4200 modem
Behind the modem I'm running the four year old BEFSR41 router.
I have one of the ports on the router set up for port forwarding to the D-Link Vonage modem.
Another port on the router is connected to the 16 port Netgear switch. I have 8 network drops in the house connected to the switch. We use 4-5 of these on a daily basis. Home PC, X-Box 360, 2 work laptops and 1 additional laptop used occasionally. I'll soon connect up another PC (Alec's x-mas gift :) ) and at that time I'll probably install a print server on the LAN as well.

There is not really a need for wireless, but when we were at CompUSA the other day we found a wireless router for $5 after mail in rebates. So we picked it up with the intent to give Alec a wireless connection for the PSP. It is an eHome Wireless G broadband router. Ideally I'd like to sepatate it from my home network so that the wireless can't cross over to the wired LAN. The last think I want to do is compromise the existing LAN. I guess that is where I thought I could dedicate one of the ports on the BEFSR41 to the wireless router and somehow isolate it from the existing LAN. Maybe there are better ways of achieving what I am looking to do? The wireless router was pretty much an impulse buy and can easily be returned.

Thanks!

User avatar
CDeutsch
Senior Member
Posts: 1175
Joined: Mon Apr 19, 2004 5:10 pm
Location: Minneapolis, MN

Post by CDeutsch » Thu Dec 14, 2006 3:46 am

I couldn't find much documentation on the eHome router. Does it happen to have a "Wireless Isolation" option? If not, your best bet to seperate the networks is to do "double nating" (which isn't the greatest solution but it's the only secure one for your current hardware).

You would setup the wirless router to NAT off your cable mode using one address space "192.168.1.X", and then setup the BEFSR41 router to NAT off one of the ports of the wireless router using address space "192.168.2.X".

Some people report random weirdness when doing double natting so you may want to abort the wireless network if there are too many issues.

Otherwise if you want a more reliable option get the WRT54G like I mentioned earlier.
Christopher
08 997 TT

Oskar
Senior Member
Posts: 1273
Joined: Wed Apr 14, 2004 5:21 pm
Location: Plymouth, MN
Contact:

Post by Oskar » Thu Dec 14, 2006 4:30 am

Thanks for looking into this. I owe you a beer :)
CDeutsch wrote:
Otherwise if you want a more reliable option get the WRT54G like I mentioned earlier.
This is sounding like a better option. I guess $5 was just a too good of a deal to be true...

Oskar

Post Reply