3852 wifiqa ntwk

an Networking eBook®

Get answers to yourWi-Fi questions

Get Answers to Your Wi-Fi Questions

2 Range Extension

5 Coverage

8 Connections & Signal Boosting

11 DD-WRT

13 Mac/iPhone

5

2

8

11 13

Contents…

This content was adapted from Internet.com’s Wi-Fi Planet Web site.Aaron Weiss is a freelance writer, book author, and Wi-Fi enthusiast based in upstate New York. You can follow his monthly Ask the Wi-Fi Guru column, and submit your own question at http://www.wi-fiplanet.com/tutorials/article.php/3809101.

1 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.



Q: I wish to extend the range and performance of my laptop wireless card when used from my sailboat. I have a Wi-Fi antenna installed on the masthead with a coax terminated with

a mini UHF connector. It seems that repeating a WLAN signal is what I need to do, as I’m trying to improve per-formance to Wireless Access Points available at many ports and anchorages. Can you recommend a good technology to use between my external antenna and my laptop PC to accomplish this? -- Cpt Monty

A: Wireless networking on the high seas gives a whole new meaning to computer pirates. The good news is that if your sailboat were commandeered by rogues, and if one of those rogues was the helpful kind who isn’t looking for trouble, but instead looking for trouble to solve, he would answer your question with an enthusiastic Yar! A wireless repeater is exactly what you can use in this situation, and you can do so quite cheaply using the free firmware DD-WRT loaded onto a compatible router such as the Linksys WRT54G series.

You will probably need an adapter to mate your mini-UHF connector with the antenna jack of a router. The WRT54G routers use an RP-TNC connector, but DD-WRT supports a wide range of routers, some of which may use other types of

jacks. I haven’t found a direct mini-UHF-to-RP-TNC adapter, so you might need to string together a couple of adapters, or buy a short length of custom cable with the appropriate connectors at each end. Do be sure that a router you choose has detachable antennas.

Once setup, you can access the router’s administration interface from your laptop. In DD-WRT you can configure

advanced wireless settings to direct the router to use your exter-nal antenna for sending (TX) and receiving (RX). Using the router’s interface you launch a scan for available networking using the fabulous visualization tool called WiViz, built in to DD-WRT, which will display a real-time radar view of access points within range of your boat.

When you configure DD-WRT as a repeater, you will define a virtual wireless network (SSID) that will be re-broadcast on your boat, which you can connect to wire-lessly from your laptop. Ahoy!

(Big aside: If for some reason you cannot get DD-WRT repeater mode to work to your liking, the second and slightly more complicated solution is to build your own repeater using two routers, with one running DD-WRT in client bridge mode. As in the first scenario, you will connect your mast antenna to the DD-WRT router and use it to scan for and associate with an available network.

Range Extension By Aaron Weiss

When you configure DD-WRT as a repeater, you will define a virtual wireless network (SSID) that will be re-broadcast on your

boat, which you can connect to wirelessly from your laptop. Ahoy! ”“



But instead of trying to configure DD-WRT to also repeat the signal, you would use an Ethernet cable to connect a LAN port on the DD-WRT router to the WAN port on a second wireless router of any make. This second wireless router would then “see” your DD-WRT router as a broadband con-nection, and broadcast it on your boat just like any DSL or cable connection.)

Q: Hello! I have a question concerning connecting mul-tiple routers with different wireless modes. I would like to create the following:

•Router0actsasanAPandisconnected to the Internet.

•Router1(LinksysWRT54G/GL/GS,DD-WRTv24(05/24/08)std)actsasarepeaterforRouter0(AP)&isconnectedtoRouter2withWDS.

•Router2isconnectedtoRout-er1viaWDS.

IsthispossibletosetupinDD-WRTv24?-Josh

A: What you describe sounds very much like a “mixed-mode daisy chain.” If that sounds like a fancy technical term, it’s not—I just made it up. But this is theoretically a daisy chain configuration—router0 con-nects to router1 connects to router2. But you’re using two different kinds of relays for each link in the chain—DD-WRT repeater mode in link 1 and WDS (wireless distribution system) in link 2.

Such a setup would require that your middle router (“rout-er1”) act as both a wireless repeater client and a WDS node. I don’t think this is possible. Configuring your router as a WDS node is one state of being; configuring it as a repeater client is a different state of being. As far as I know, it cannot be in both states at the same time.

The first question that comes to mind is—why mix modes? Why not configure WDS on all three routers? You can chain via WDS and maintain the same physical relationships. Your WDS configuration would look like this:

Router0: WDS with MAC address of Router1.

Router1: WDS with MAC address of Router0 and Router2.

Router2: WDS with MAC address of Router1.

Keep in mind that each wireless link halves the available bandwidth, so wireless clients connected to Router2 would max out at 25% of LAN bandwidth when exchanging data with clients connected to Router1.

If for some reason you simply had to preserve your mixed-mode arrangement, you could add a fourth router (Router1a), connected by wire to Router1. Configure Router1 as a

repeater for Router0 (as it is now) and Router1a as a WDS node linked to Router2. You might do this if, for example, Router0 does not support WDS—but then, if you’re buying a new router, why not simply replace Router0 with one that does support WDS?

Q: I am grappling with the concept of the Wi-Fi booster. For example theHawkingHSB2isanRFsignalamplification device with many fans boasting magical improve-ments--but how? It’s surely easy enough to boost output power and thus be seen as a stronger signalfromfartheraway.Butthe device comes with a paltry 2dbiantenna,leavingusallwiththe cosmic mystery of how the return signal becomes suddenly adequate. I suppose that the re-

ceiver within the booster could be extra adept at rooting around in the tall grass to extract signal, but if there is thatmuchSNRleftover,whyaren’tthe“quality”compo-nentmanufacturersexploitingitalready?–Ron

A: Although my expertise in RF is limited, I am inclined to agree with the sentiment in Ron’s first paragraph. These so-called “Wi-Fi boosters” are basically amplifiers that make the transmitted signal “louder” (if you think about it in radio terms). But unlike a radio, the client is not a passive receiv-er—it, too, sends signal back to the wireless transmitter. The client is limited by the power output of its own transmissions. In other words, the Wi-Fi booster may let your client “hear” the wireless router from a further distance than it would otherwise, but the client itself might not be strong enough to send anything back—leaving you in the same boat as if you couldn’t see the wireless network at all. Or more specifically,

Many users have reported that, when

cranked to max output, these Wi-Fi

boosters can actually hinder performance

of nearby clients, whose own receivers essentially “drown”

in the noise

”

“



dangling an SSID that you can see, but not associate with.

Also remember that when you amplify signal you also amplify noise. Many users have reported that, when cranked to max output, these Wi-Fi boosters can actually hinder perfor-mance of nearby clients, whose own receivers essentially “drown” in the noise. To minimize this problem, one may need to compromise by setting the Wi-Fi booster to a mid-range power level—say, 100 to 200 milliwatts. Of course, this will also reduce its maximum range, and so what’s the point?

The point, according to those who have evaluated these boosters, is to better fill in your existing wireless range. In other words, if you expect the booster to give you a strong signal much further away than you could before, this may not pan out. But, if you would like to give a boost within the range you already experience—and maybe catch some of the “dark corners” that are otherwise too weak—a signal booster set to a mid-range power output could very well do the trick.

An entirely different way of using a Wi-Fi booster would be for creating a long-range fixed wireless link. In this case, you don’t care so much about clients near the receiver, so you can pump up the power output. Plus, you would want to use a pair of boosters, one at each end of the link, so you don’t wind up with the asymmetrical power problem described above. Finally, you would also want to replace the “paltry” 2dbi antenna with a more powerful directional antenna. You’ll always get the longest range using directional antennas precisely aimed at one another, but of course this will not provide much or any signal outside their straight-line path.

Q: I have a big problem. I need to share an Internet con-nectionwithmyfather,butwelive600feetawayfromone another, and we have a few trees in our sight line. Itriedafewnewrouters,buttheyonlygolike200feet.Doyouhaveanysuggestions?Willanyrepeatershelp...could I use two repeaters or three? – Unsigned

A: Six hundred feet is indeed a far distance in wireless networking speak, although if this were a personal relation-ship column, 600 feet from a parent might not be nearly far

enough. Using repeaters in this scenario might not be the best solution. For one, each repeater will reduce your net-work bandwidth. Two, assuming these houses are outdoors and not inside a glass bubble like in the underwhelming Simpsons Movie, the span between them is outside, and in-stalling networking gear outside adds an extra level of com-plexity (power, weatherproofing, and thieves, for example).

You will want to use directional antennas connected to wire-less routers in each house. It sounds like you have a reason-able line of sight between houses—a few scattered trees should not be a big problem; a forest, or a steel wall, might be more significant.

It sounds like the Internet connection is at your father’s house (hopefully he pays for it, too). You want one wireless router there, with an external directional antenna. This means you need to choose a router with a detachable antenna so you can connect a replacement. In your house, you want to

use a wireless router that can be configured as a wireless client. The easiest (and cheapest) solution is to use DD-WRT with a supported router like the Linksys WRT54G, just like the sailboat captain in our first question. Buy yourself two yagi antennas, with appropriate connections or adapt-ers to plug into the two routers. Connect each antenna to a respective router in each house and aim them at each other. Chances are, this will do the trick. You may even be able to keep the yagis indoors, especially if you can position them by windows. Installing the yagis outdoors is a little more complicated because you’ll need to run the cable indoors to the router.

If for some reason yagi antennas aren’t strong enough, or you need to connect a wireless link much longer than 600 feet—say, several miles—you can upgrade to a directional grid antenna. Reminiscent of a medium-sized satellite dish, a pair of grid antennas will cover a significant distance. But, as always with wireless, the more clear your line of sight, the longer a link you can achieve. n

An entirely different way of using a Wi-Fi booster would be for creating a long-range fixed wireless link. In this case, you don’t care so much

about clients near the receiver, so you can pump up the power output. ”“



Q:Weusean802.11nDraft2networkwithca-blebackhaulforourhome(andhomeoffice)network. When we upgraded our router from an802.11gLinksysmodeltoan802.11nDraft

2TrendNetdevice,wealsoaddedTrendNet802.11ncli-entupgradestoourcomputersonthenetwork(alaptop,and a desktop that sits in a location that is hard to reach withEthernet).Bothsys-tems received a definite and significant boost in signal strength and throughput; the connection was much faster and more dependable, particularly with the desktop because it sits the farthest from the router.

About a year later, we up-gradedtheRAMintheoldgal(it’safive-year-oldXPdesktopsystem)andtheWi-Fi signal strength doubled. We haven’t changed anything elseaboutlocation,settings,ISP,tinfoilbarriers,etc.except that we put up the antenna on a radio several feet away. Are we imagining the boost? Is it a fluke, is the ra-diosomehowassisting,orcanupgradingyourRAM(wenearlydoubledit)actuallyimproveyourWi-Fireception?Thanksforyourhelp.Yourule.—NaimyandPeeps

A: Fascinating! I enjoy a good mystery. Honestly, I can’t think of any way that the RAM upgrade would influence signal strength one way or another. It doesn’t add up, and I can’t

find any citations online backing up such a possibility. The reason that “n” devices produce better range than pre-n de-vices is because the n-standard requires the use of “MIMO” technology. Basically MIMO means that multiple antennas are used. Depending on the model, all antennas may be external, or a mix of internal and external. The purpose of the

antennas is to catch “multi-path” reflections—basically, in the real world signals tend to bounce around rather than travel is a purely straight line. This is because they invariably hit reflective objects from glass to metal and so on.With pre-MIMO wireless, this multi-path effect resulted in reduced sig-nal since only a portion of the original signal would reach the destination. MIMO “captures” the reflections and re-assem-bles the signal, thus improving performance and effective signal strength. It is actually possible that the radio antenna

you mention is assisting--it could be producing a “good” sig-nal reflection, almost like an amplifying effect. Some people have reported improved Wi-Fi signals when their cell phone is near the computer, for example, and this could be a similar kind of thing. Of course the only way to know for sure is to, you know, move the antenna and see what happens. We must also consider the possibility that the improved signal could be the result of an unknown variable--something else that did change, but you don’t know it. Orientation of the PC after upgrade? Something subtle like a window screen up

Coverage

The purpose of the antennas is to catch “multipath” reflections—basically, in the real world signals tend to

bounce around rather than travel is a purely straight line. ”“



or down elsewhere in the room, and so on. Still, the antenna theory at least has a plausible explanation, unlike the RAM upgrade.

Q: I am desperately trying to find a wireless router to buy.IhavehadaBelkinDraft-nandaBelkinN1Vi-sion.IfoundtheDraft-Nabetterperformancemachine.However, now I want to buy a new router that has great coveragefromamainhousetoanannexhouse.Therearewallstoconsider.Ineedcoverageuptoabout150feet. What is your personal choice? – Nick

A: One thing to note when setting up a wireless network is that range and speed are two different things and you may need to optimize for one or the other. In my experience, pre-N gear can do a good job with range, but is aggressive about reduc-ing speeds to compensate—so you may get a connection from a distance you couldn’t with another router, but it might not be very fast. The reason pre-N gear is generally good at range, and obstacles, is because it uses MIMO—or multiple antennas—to “cap-ture” reflected signal paths. You can also find MIMO on some enhanced ‘g’ routers, which usually say so right in their name, like “Super G with MIMO”.

To get the most out of any router with MIMO, you need to use a wireless client with the same support. (It’s not clear from your question if you are also using the Belkin pre-N card at the other end.) I don’t like to encourage vendor lock, but in practice, edge technologies like MIMO (and “Range-Max”) as well as pre-N seem to be most reliable when paired with companions of the same vendor.

Besides all that, if your router has detachable antennas (the typical “rubber ducky”), you can swap them for longer, more powerful replacement antennas that can double or sometimes triple their sensitivity. This doesn’t necessarily mean a doubling or tripling of your range, but it can help you squeeze out every last drop of performance.

Try to orient your wireless router as high as possible in your main house, such as a top floor. Alternative possibilities could include adding a second wireless router to your main house, in a spot best for “seeing” the annex house (such as a window). This secondary router could use WDS (wireless distribution system) or an old-fashioned Ethernet cable to

connect with the primary router for service.

A third possibility would be to setup a wireless router in the annex house and use WDS to repeat the signal from the main house. You would be able to setup this annex router in an optimal position (and/or with a stronger antenna) to re-ceive the signal, and your wireless clients could more easily pick up the rebroadcast signal.

For a 150-foot range, one or any of these scenarios should do the trick. For longer distances, I would start to look at directional antennas like yagis to create a point-to-point link. But this seems like overkill at this distance unless your

houses are actually underground fall-out shelters. Which would be pretty cool, actually.

Q:IamconnectedbyTimeWar-ner Cable to my system through a LinksysWRT54GLrouter.IputonTomatofirmwareandamtransmit-tingat84mW.Thissetupisinthefront of my house on the second floor. My basement is in the rear of my house. When I’m in the base-ment, my laptop seems to pick up a better signal than my PC, but thespeeditabout25percentofupstairs. What can I do to get a stronger signal wirelessly down in

thebasement?Someonesuggestedusing two routers, namely an n-draft router upstairs and placing my Linksys on the main floor just above my basementinmydiningroom.IsTomatogoodfirmwaretouseorshouldIinstallDD-WRTonarouterupstairsaswell as the Linksys? – Arthur

A: For those readers who haven’t yet heard of “Tomato,” it is not only a nutritious and delicious vegetable (technically a fruit, but that’s for some other guru to explain)—Tomato is also an open source firmware, like DD-WRT.

Where was I? It doesn’t sound like the firmware is the problem in this situation. Whether you are using Tomato or DD-WRT, the challenge here is primarily environmen-tal. Basements are especially challenging for reception of wireless signals, and in this case your router is two floors away. Bumping the transmit power to 84mW (the default is 28mW) is probably hurting more than helping—when you increase power, you increase both signal and noise. The reason your connection speed is reduced by ¾ is because your basement PC cannot negotiate a faster rate, which may

To get the most out of any router with MIMO, you need to use a

wireless client with the same support.

”

“



in part be due to interference from the extra noise.

The suggestion you received is basically to add a second router into the mix, effectively re-distributing your wireless signal. You could do this—there is more than one way to get it done. Using an n-draft router might offer some slight advantage for getting maximum signal to a router on your main floor, only because the n router will be using a superior MIMO antenna array; but your Linksys is not an n router, and so the benefit of doing this is not hugely compelling. Chances are that a second router just like your Linksys will do the job.

If your second router supports WDS (wireless distribution system) you may not even have to muck around with flashing an alternative firmware (some stock routers support WDS out of the box). You can setup WDS between your new

router and your Tomato-based router, which should improve the signal to your basement.

It may be heresy to say this, but I’ve said it before so there’s no turning back now—what about not going wireless to your basement? If you plan on living in this house for a long time, I would consider running Ethernet from the second floor to another router in the basement. Maybe even along the outer wall if it would be an easier install. In the long run (get it? long run!), this would be the most stable and fastest solu-tion, particularly if you want to run a gigabit LAN.

A third option would be to cable only from the second floor to first floor—see the question and answer below for a similar scenario. n



Q:IamtryingtouseWRT54Gv2/DD-WRTv24antennaselectiontohaveoneantennaTXandtheotherRX.DoesthemenuoptionwhereyoucanselectTX/RXandLeft/Right

antennas really do what it says? Namely can I have one antennaexclusivelyforTXandtheotherexclusivelyforRX.–Petar

A: Truth in advertising—it is indeed true that DD-WRT lets you manually select which of the two WRT-54G antennas is assigned to sending (TX) and receiving (RX). More interesting still is not so much that you can, but why would you want to? It turns out there are several rea-sons one might do this, some useful and some perhaps not so much.

First, it is important to clarify that wireless radios operate in half-duplex mode—they cannot send and receive data at the same time. Instead, they switch between sending and receiving modes. Furthermore, only one antenna is used for sending. Routers that have two an-tennas (some have only one) are using “diversity” reception, which means that they dynamically switch between them to pickup the strongest signal, which may vary due to myriad environmental factors including multipath interference and reflection.

Diversity mode is used for a reason, so if you are simply

using the stock “rubber ducky” antennas included with your router, there really is no advantage to manually assigning TX and RX to exclusive antennas, and effectively disabling diversity. However, in some scenarios you want to replace the stock antenna with a high-powered directional like a grid or yagi. Typically, this is done to create a long range wire-less link, say between houses or office buildings. In this setup, you want to assign both TX and RX to the directional antenna and not bother with the second stock antenna—and

this is where DD-WRT’s set-ting can become very useful, since the stock firmware does not let you make such an as-signment.

Oh, and you might be wonder-ing—which antenna is the left one? The right one? With DD-WRT, left and right are based on looking at the router from the front, where the LED’s are. However, other firmware might use the reverse orientation, looking at the router from the back. Of course, you have a

50% chance of guessing correctly, but to be sure, simply remove one antenna, and change the RX/TX assignments to see whether “left” or “right” works with just the one antenna.

Q:IhaveaCradlepointMBR1000gatewaythatiswiredto the desktop and works fine. I use it wirelessly to con-nect to a laptop and that works fine, but when I try to get myVaioPCGZ1VAtoconnect,itshowsinthetaskbarthat it has a good signal, but I can’t connect to the Inter-

Connections & Signal Boosting

Routers that have two antennas (some have only one) are using “diversity” reception, which means that they dynamically switch between them to pickup

the strongest signal, which may vary due to myriad environmental factors including multipath interference and reflection. ”“



net.Igetamessagethatstates“Windowswasunabletofindacertificatetologyouontothenetwork.”Canyouyouhelpmeout?-Brad

A: You have to admire Microsoft for keeping its “Unhelpful Error Message Department” busy, continually inventing new and ever more cryptic ways to tell you that what you want to do doesn’t work. The clue here is “certificate” because, chances are, your wireless network does not use a certificate. And the problem is likely with the client PC—in this case, your Sony Vaio, which may be misconfigured to look for a different kind of network than the one that you have.

It isn’t clear whether you are con-necting to the wireless network using Windows’ built-in wireless management or the Intel PROset wireless connection utility pre-installed on the Vaio. If you are using the Windows connection utility, I would first try to switch to the PRO-set utility instead.

Failing that, two things to consider:

•TheVaiomaybetryingtoestablishaWPA-RADIUScon-nection rather than WPA-PSK (or WEP), depending on what kind of security you have in place on the Cradlepoint router. If the Vaio is mistakenly trying to make a WPA-RA-DIUS connection, and you aren’t actually using a separate RADIUS server (which is almost certainly the case), this error may appear.

•DisableIEEE802.1Xauthenticationonthewirelessadapter for the Vaio. Open the available wireless net-works, right-click on your network, choose Properties, and look for the “Authentication” tab, where you can hopefully uncheck 802.1X.

Q: Most of the user manuals and instructions I have foundforwirelessrouters/gatewaysassumethattheIn-ternetconnectionisviaEthernet/cablemodem.IhaveawirelessISPandsowanttoaccesstheInternetthroughmyLinksysWRT54GS.Ialreadyhaveahomewirelessnet using Airport Extreme. Can you give me a few hints onsetup?–Jon

A: One would need more precise information about your WISP (“wireless ISP”) to provide detailed instructions, but

on its face this seems like a relatively simple configuration to achieve.

When you plug a cable/DSL modem into a wireless router’s WAN/Internet port, the router requests an IP address from the ISP’s server at the other end of the line. Depending on the protocol in use by that ISP, this request might take place by DHCP or PPPoE, among others, and so your router’s

Internet connection has to be config-ured accordingly.

The situation is really no different with a WISP. Depending on the WISP, you probably have some kind of “subscriber unit” (SU) in your premises. This connects to the ex-ternal antenna you use to receive the WISP signal—or, in the case of some like Clearwire, the antenna might be integrated into the subscriber unit.

Chances are that the SU provided by your WISP connects to your com-puter using an Ethernet cable. You can probably plug this cable right into your wireless router’s WAN/

Internet port. If your WISP uses DHCP to assign an IP address, your router will need to be configured likewise (this is usually the default setting). If your WISP uses PPPoE, you should configure the router to use the same, with supplied username and password. There are other possibilities, but you’d have to consult with your WISP for details.

If your SU connects to a PC using USB rather than Ethernet (this shouldn’t be very common), then this would not work with your wireless router. In that case, request an Ethernet-based SU from your WISP.

Unless you need two wireless routers for some reason, in the above setup your WRT54GS should server your whole wireless net. The Airport Extreme would seem to be redun-dant.

Q: I was using my Linksys as my main router, but I’m us-ing a Netgear router now. I still use my Linksys as an ac-cesspointbyturningofftheDHCPandjustpluggingthecable into one of the four LAN ports. Now that I’m using DD-WRT,IwantedtomakeanotheropenWi-Fipoint,butit’snotworking.--Dave

A: The good news is that what you are trying to do—config-

If your WISP uses DHCP to assign

an IP address, your router will need to be configured likewise (this is usually the default setting).

”

“



ure a second router as a “dumb” wired access point—is per-fectly legitimate. The bad news is that it isn’t working. But it should, so we can take solace in that there must be a simple configuration oversight somewhere.

You were right to disable the DHCP server on your second (AP) router. When it comes to DHCP servers on a LAN, you must always apply “The Highlander Rule”—there can be only one. But that’s not all—it is also a good idea to disable the firewall on your AP router. Security should be handled by the gateway (primary) router.

It sounds like your cable is plugged into the correct port—it must be a “LAN” port, and not the “WAN” or “Internet” port on the AP router. (You will not use the WAN/Internet port.) This also means that your AP router is not going to receive a DHCP assignment from your primary router, because it only listens for DHCP on its WAN/Internet port. You will need to manually configure your AP router’s network address using an IP that is compatible with your primary router.

For example, suppose your primary router has the typical IP of 192.168.1.1 (and network mask 255.255.255.0). On your AP router, you will configure it with an IP address like 192.168.1.2 (same network mask). You may or may not need to specify an IP for gateway and DNS, but if you do, it is the IP of your primary router (192.168.1.1 in this example).

For testing purposes, at least, you should also configure the wireless SSID on your AP router without any WEP/WPA/WPA2 security. You can apply the security of your choosing after verifying the AP connection.

Wireless clients who associate with your AP should receive their IP address and related settings (gateway, DNS) from your primary router. And you should be able to connect to your AP router using the IP address you manually assigned to it. n



Q: I have to set up a temporary Wi-Fi hotspot at a seminar in a hotel. I would like to have some sort of bandwidth limit and an acknowledge-ment splash page, but no authentication. I

would also like to have to bring as little equipment as possible.(Chilispotandotherhotspotserversmostlyrequire another computer to run on. I’m hoping to find something I can run on a router).IfoundNoDogSplash,which seems to fit my situation, howeveritlikesOpenWRT.ItseemslikeDD-WRTisamuchmorepolishedfirmware.DoyouthinkNoDogSplashwillrunonDD-WRT?–Jason

A: Let’s first unpack this scenar-io—you want to setup a single piece of hardware that will give nearby users wireless Internet access. But, you want to force them to see a splash page upon connecting (such as ads from sponsors), and you want to define limits on their upload and down-load speeds, presumably so that no single user can hog all the available bandwidth to the Internet.

As you have discovered, NoDogSplash meets all of your needs, but with one catch—it runs on OpenWRT, which is a less user-friendly router firmware than, say, DD-WRT (or Tomato). The OpenWRT learning curve is considerable

compared to these others, and although it is quite powerful, it may not be the most inviting choice for a turnkey solution.

Unfortunately, it does not seem like anyone has posted a successful report of installing NoDogSplash on DD-WRT or Tomato. However, there are two alternative approaches to consider:

• FlashyourWRT54G-familyrouter to CoovaAP. This open-source firmware is actually based on OpenWRT and includes a cap-tive portal (for your splash page) and traffic shaping (for bandwidth limiting). But unlike OpenWRT, CoovaAP also includes a relatively user-friendly Web-based adminis-tration interface.

• StickwithDD-WRTanduse NoCatSplash for the splash page, which can be hosted on an external Web server. Limiting bandwidth is slightly more com-plex (unless you buy the paid ver-sion of DD-WRT, which includes bandwidth management in the

GUI). You can create an iptables script for limiting band-width by IP/MAC or other criteria using the nifty Windows app WRT54G Script Generator. Follow the step-by-step wizard to generate an iptables script which you can paste into DD-WRT’s firewall script section.

Like Jason says, most captive portal solutions require

DD-WRT

You can create an iptables script for limiting bandwidth by IP/MAC or other criteria using the nifty

Windows app WRT54G Script Generator. ”“



interacting with an external server, most typically a RADIUS server.

Q:IhavesetupWDSwithtworoutersusingDD-WRTsp1atmyfolks’house,whichisinadifferenttown.Icanremote into the base router with their IP address:port, but I want to be able to access the second router from my house, as well.Doyouknowhowtodothisordo even understand what I’m say-ing?-Bob

A: I do understand! In fact, I have setup the very same arrangement for remote support. But first, let’s be sure everyone else understands what we’re talking about, too.

Suppose you have one wireless router. Normally when you connect your browser to this router’s admin-istration interface you do so from a client inside your LAN—that is, a client connected to the router. What if you want to connect to the browser’s administration page from outside your LAN—in other words, remotely? Most routers, including those running DD-WRT, offer a separate configuration setting for “remote administration” that is often disabled by default. In DD-WRT, this setting lives under Administration/Management/Remote Access. You can customize the connection port, since the usual Web port (80) is reserved for local access. From outside the network, you connect to this router using the IP address assigned to the incoming broadband connection (or use a dynamic DNS service to translate the IP to a friendly name).

Now suppose that the LAN in question is served by two wireless routers, configured to extend range through either a repeater or WDS configuration. You want to remotely admin the second router, but how do you address it from outside the LAN?

One problem is that the remote administration service listens for connections coming in via the “WAN” or Internet port. On your primary router, this is your cable or DSL modem. But your secondary router probably has no connection on the WAN port.

The workaround is that you actually access your secondary router on its “normal” administration interface, in-stead of using remote administration. To do this, you need to set up port mapping (aka “port forwarding”) from your primary router to your secondary router.

Using DD-WRT, click on NAT/QoS and then Port Forwarding. You need to choose a public port that you’ll connect to from outside the network. In my scenario, the primary router is configured to accept remote admin-istration on port 8080. So I decided

to use port 8081 for remote access to the secondary router. My DD-WRT port forwarding configu-ration looks like this:

Application: “remote router 2”Port from: 8081Protocol: TCPIP Address: 192.168.1.2Port to: 80Enable: Checked

The IP address is the LAN address assigned to my second-ary router. Be sure to click “Apply Settings.”

Now, when I am outside the LAN and open a browser to http://myremotenetwork:8081, the primary router will for-ward that request to port 80 of the secondary router. Voila—I can log in to the secondary router’s administration interface remotely, even though I am not technically using its “remote administration.” n

…most captive portal solutions re-

quire interacting with an external server,

most typically a RADIUS server.

”

“



Q: I had a nagging problem with my son’s MacBookdroppingwirelesswitha“securitycompromised”message.Turnsout,mywife’slaptop(XP)wascorruptingthenetworkwith

VPN.AssoonasIswitchedtoAESversusTKIPtheproblemdisappeared.NotsureifMacsdon’tdoTKIPwell,orXPdoesn’t...butAESisquitestable.–Al

A: Perhaps we ganged up on Microsoft error messages too soon. A good number of Mac users have reported frustration and confusion with the infa-mous “Your wireless network has been compromised” error. What’s worse, in fact, than Mi-crosoft’s empty rhetoric is that this message actually causes OS X to disable your wireless network for one minute. Gee, thanks Apple!

Of course, OS X thinks it is doing you a favor. After all, it has decided that your wireless network is being hacked by a nasty intruder, and so taking your machine offline is for your own good. The only problem is, chances are, that there is no intruder.

Little seems to be known about the exact cause of this error, and Apple has yet to address it despite reports dating back to at least 2004. Some users are affected frequently—as

in repeatedly, every day—while others have never seen this error. Based both on my personal experience with this error and other user reports, it appears that the trigger involves the presence of a PC-based wireless client using WPA-TKIP.

For example, at a friend’s house I had setup a wireless network using WPA-TKIP, and configured both her MacBook

and my PC to the appropriate settings. The MacBook would connect to the network, but as soon as my PC would con-nect, the Mac would throw the security error and shut down her connection.

As Al discovered himself, changing all parties involved—the router and the clients—to WPA-AES encryption solved the problem and everyone got along happily.

The question remains, though, is TKIP encryption tickling a bug in OS X? Have you seen this error on a Mac and found any other solution and/or explanation? Considering how

widely used TKIP is (as the default WPA encryption scheme in most wireless routers), it seems odd that this bug would persist in OS X for so many years. If you have insight to share, click on my byline above to send us your feedback, or use the Comments tool below.

A good number of Mac users have reported frustration and confusion with the infamous “Your wireless network

has been compromised” error. ”“

Mac/iPhone



Q: When using the iPhone internationally, is there a way to be sure you’re on Wi-Fi and not using the phone net-work? I know that icon is at the top for the Wi-Fi, but can you turn off the phone so you’re sure you’re not popping minutesandMBoffatahugecost?--Tom

A: Even the most devout iPhone lovers would be less than thrilled to receive a $4,800 bill for international data roam-ing. The iPhone uses both the cellular EDGE network and local Wi-Fi for network access. Although connecting to a wireless AP may be free, using EDGE will incur data charges if you are roaming internationally—big charges. Even though the iPhone will prefer Wi-Fi over EDGE when available, it still must rely on EDGE for features like updating visual voicemail.

Unfortunately, Apple did not build a simple hardware or soft-ware switch into the iPhone so that you can manually disable EDGE. From what I hear, it is possible to arrange for your

cellular contract to disable international roaming, although this could be inconvenient if you would like spontaneous control over using data roaming. Fortunately, there are two other solutions:

1. Brute force—pull the SIM card. If you remove the SIM from your iPhone, it will not be able to get onto the cellular network. Reports suggest that you can continue to use the iPhone as a network client via Wi-Fi. Of course, this means you also won’t be able to make calls using your iPhone until you reinsert the SIM card, making it not so much of a phone and more just an “i.”

2. Users of an iPhone running 1.x firmware can install the Services app, which gives you a nifty little GUI through which you can toggle EDGE, Bluetooth, and Wi-Fi. iPhone 2.x users will need a different app, called BossPrefs, to do the same thing. n

3852 wifiqa ntwk

Documents

ddwrt router

wireless router

running ddwrt

wireless repeater

ddwrt repeater mode

wifi questions

wifi antenna

wireless networking