Bridging to 'remote' LAN--AND accepting wireless notebooks, all with WPA

Hi, my "new" house has only one working phone jack, which the DSL modem
comes in on. However my network of three PCs is in another room, and
stringing an ethernet cable from the LAN switch to the router plugged
into the DSL modem is not an option. I also have 2 wireless notebooks.
So here's what I'm trying to do. It seems stupid simple, over two
weeks and several products, have yet to come close to accomplishing it.
Now I'm thinking of ordering two D-Link WAPs that can do WAP, client,
PtP, PtMP, and repeater--and give that a shot. But I read on their
FAQs that "wireless distribution" mode, they can't to WPA. Anyway,
here's basically what I have now:

* One end: DSL modem > Netgear WGR614v5 802.11g router/WAP/switch
(switch unused; encryption set to WPA-SPK).

* Other end (which I CANNOT string a wire from): three PCs on an
ethernet switch.

* Two more "other" ends: 2 notebooks w/ 802.11b.

The wireless router by the DSL switch, and the ethernet switch creating
the PC lan are only about 20 feet apart and within line-of-sight.
Right now the notebooks connect to the netgear WAP just fine. Getting
the PCs on the ethernet switch connected wirelessly is the tough part.
Of course temporarily running an ethernet cable from the switch to the
router does work. But for doing it wirelessly, I've tried a gaming
adapter plugged into the uplink port of the LAN switch, and more
recently a D-Link bridge (DWL-G810). Neither worked. In hindsight it
seems unlikely they would with that kind of configuration (pushing
traffic from multiple PCs without a NAT router). But I couldn't even
get the DWL-G810 to work plugged into just one PC's NIC, while one
notebook also worked. (Could get either to work if the other was off,
but not both at the same time.) But that isn't really my main problem,
since I don't care if that way works or not--just included it in case
it's relevant.

The challenge seems to be that I not only want to create a wireless
bridge from a router plugged into the DSL modem to a "remote" switched
LAN, but also want to connect wireless notebooks to the DSL
modem/router. Seems like I'd need a WAP at the DSL modem/router end,
the two notebooks, and a bridge on the LAN side--where the bridge and
the WAP don't mind traffic from multiple PCs travelling over one
wireless connection. (What "mode" would that be?)

It seems like two D-Link WAPs might do it, since they support WAP, PtP,
PtMP, client, and repeater mode. Surely one of those might do the
trick, no? But their FAQ specifically states that in "wireless
distribution mode", (not sure which of the five types that applies to),
it doesn't support WPA--which I need because I'm in a very dense
high-tech area and have very sensitive data and am very paranoid.

Any ideas on how to bring this all together, and/or anyone actually
successfully doing the same thing? I do have a Netgear RT311 router
with no wireless and which is more than suitable for firewall tasks,
that I could plug the DSL into one side and a WAP into the other (in
which case I'd throw my WGR614 away--hate that thing anyway).

One more far less important question: anyone know how adding the extra
wireless hop affects online gaming latency? I do gaming on the
weekends. Stringing a cable directly for a few hours is feasible, but
if the additional lag via 802.11g (or bonded "108mbps" G) is only a few
milliseconds, I'd stick with the wireless for good.

BTW, signal strengths are excellent as nothing is very far apart, and I
can and may also invest in multiple high-gain antennas.

Thanks,
Bob Himes

I'm not sure what you are saying. But if you are trying to get the wireless
router with DLS to the other network. You just need a wireless network cars
in one on the other wired network and share the connection threw the
computer to the wired network,"ICS".

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi, my "new" house has only one working phone jack, which the DSL modem
> comes in on. However my network of three PCs is in another room, and
> stringing an ethernet cable from the LAN switch to the router plugged
> into the DSL modem is not an option. I also have 2 wireless notebooks.
> So here's what I'm trying to do. It seems stupid simple, over two
> weeks and several products, have yet to come close to accomplishing it.
> Now I'm thinking of ordering two D-Link WAPs that can do WAP, client,
> PtP, PtMP, and repeater--and give that a shot. But I read on their
> FAQs that "wireless distribution" mode, they can't to WPA. Anyway,
> here's basically what I have now:
>
> * One end: DSL modem > Netgear WGR614v5 802.11g router/WAP/switch
> (switch unused; encryption set to WPA-SPK).
>
> * Other end (which I CANNOT string a wire from): three PCs on an
> ethernet switch.
>
> * Two more "other" ends: 2 notebooks w/ 802.11b.
>
> The wireless router by the DSL switch, and the ethernet switch creating
> the PC lan are only about 20 feet apart and within line-of-sight.
> Right now the notebooks connect to the netgear WAP just fine. Getting
> the PCs on the ethernet switch connected wirelessly is the tough part.
> Of course temporarily running an ethernet cable from the switch to the
> router does work. But for doing it wirelessly, I've tried a gaming
> adapter plugged into the uplink port of the LAN switch, and more
> recently a D-Link bridge (DWL-G810). Neither worked. In hindsight it
> seems unlikely they would with that kind of configuration (pushing
> traffic from multiple PCs without a NAT router). But I couldn't even
> get the DWL-G810 to work plugged into just one PC's NIC, while one
> notebook also worked. (Could get either to work if the other was off,
> but not both at the same time.) But that isn't really my main problem,
> since I don't care if that way works or not--just included it in case
> it's relevant.
>
> The challenge seems to be that I not only want to create a wireless
> bridge from a router plugged into the DSL modem to a "remote" switched
> LAN, but also want to connect wireless notebooks to the DSL
> modem/router. Seems like I'd need a WAP at the DSL modem/router end,
> the two notebooks, and a bridge on the LAN side--where the bridge and
> the WAP don't mind traffic from multiple PCs travelling over one
> wireless connection. (What "mode" would that be?)
>
> It seems like two D-Link WAPs might do it, since they support WAP, PtP,
> PtMP, client, and repeater mode. Surely one of those might do the
> trick, no? But their FAQ specifically states that in "wireless
> distribution mode", (not sure which of the five types that applies to),
> it doesn't support WPA--which I need because I'm in a very dense
> high-tech area and have very sensitive data and am very paranoid.
>
> Any ideas on how to bring this all together, and/or anyone actually
> successfully doing the same thing? I do have a Netgear RT311 router
> with no wireless and which is more than suitable for firewall tasks,
> that I could plug the DSL into one side and a WAP into the other (in
> which case I'd throw my WGR614 away--hate that thing anyway).
>
> One more far less important question: anyone know how adding the extra
> wireless hop affects online gaming latency? I do gaming on the
> weekends. Stringing a cable directly for a few hours is feasible, but
> if the additional lag via 802.11g (or bonded "108mbps" G) is only a few
> milliseconds, I'd stick with the wireless for good.
>
> BTW, signal strengths are excellent as nothing is very far apart, and I
> can and may also invest in multiple high-gain antennas.
>
> Thanks,
> Bob Himes
>

Then you are understanding what I'm saying fairly well. However, "ICS"
is not an option, because not all PCs will be on at all times, and my
requirement is 1) an "always-on", reliable hardware solution, not a
software solution [and DEFINITELY not one based on Windows!], 2) a
solution that is transparent to all PCs, and 3) only one layer of NAT.


I do not nor cannot have two layers of NAT. The first NAT layer is at
the router connected to the DSL modem, right? The second, by your
recomendation, would be at the PC in "ICS" mode acting as a NAT router.

Maybe this "diagram" below might help. These devices do not have to be
independent. For example, right now, the [2.router] and [3.WAP...] are
one and the same device, but are of course logically two different
things. I can and will buy all new gear if necessary to make this
work. Seems simple enough, I can't imagine there is no solution out
there--that can also do WPA. Below is a logical diagram. Each LOGICAL
(not necessarily physical) device is noted inside brackets and with a
preceeding number for the sake of identification in discussion. (e.g.
"[ID.device]".) The "=" signs represents hardwired ethernet cables.

[1.DSL modem]===[2.router]===[3.*WAP/bridge/some magical device* superG
or MIMO]

(magic happens through the air at and/or between points 3
and 4)

[4.*bridge/some magical device* superG or MIMO]===[5.standard ethernet
switch]===[6.pc1], [7.pc2], [8.pc3] (individual wires to each PC from
switch not shown)

[9.notebook1 w/ 802.11b]

[10.notebook2 w/ 802.11b]

So you see what I've got? The DSL modem and router and WAP are an
isolated cluster. The LAN is another isolated cluster. I need a
hardware-based solution that is transparent to the PCs that bridges the
two--AND allows the two isolated notebooks to connect inside the
firewall wirelessly. This is the main architectural challenge I'm
trying to solve and really need help on. WHAT are the devices at
points 3 and 4 that will allow this to happen? OR is there some other
topology (or is that topography?) that could accomplish the same thing?


I realize this might be a little easier if the ethernet switch for the
LAN was also a NAT router--but for interet-to-PC routing purposes, this
is prohibitively complex.

(And to potentially complicate matters more, is the fact that I need
higher-speed "super-G" or MIMO for the "bridge", and for the WAP to
also work simultaneously with 802.11*b* clients. And for everything to
use WPA throughout.)

Thanks!
Bob

(E-Mail Removed) wrote:
> Hi, my "new" house has only one working phone jack, which the DSL
> modem comes in on. However my network of three PCs is in another
> room, and stringing an ethernet cable from the LAN switch to the
> router plugged into the DSL modem is not an option. I also have 2
> wireless notebooks. So here's what I'm trying to do.

> Bob Himes

Consider 2 wap's in bridge mode, one to be plugged into the DSL Modem, and
the second's output will then look like the dsl output, but bridged to the
office area (something like 20-30 ft away), and then one single wap/router
in your computer room, wan input from the bridge output (actually the DSL
modem with the equivalent of a cable, but wireless since you are bridging
wirelessly), replacing the router in your office with a wap/router, but the
WAP part allows the laptops to access the wired network, while the router
part links your wired to the wireless and creates a two segment network (one
wired and one wireless).

Forget the super-g/super high speed wireless 108 rather than 54... Your DSL
modem will only run way SLOWER than even 802.11b! The 54 of regular G will
be way way more speed than the dsl can provide (maybe 3 or 4 max). Hint.. 54
is a bigger number than 4.

(E-Mail Removed) wrote in
news:(E-Mail Removed) oups.com:

> It seems like two D-Link WAPs might do it, since they support WAP,
> PtP, PtMP, client, and repeater mode. Surely one of those might
> do the trick, no? But their FAQ specifically states that in
> "wireless distribution mode", (not sure which of the five types
> that applies to), it doesn't support WPA--which I need because I'm
> in a very dense high-tech area and have very sensitive data and am
> very paranoid.
>
> Any ideas on how to bring this all together, and/or anyone
> actually successfully doing the same thing?

There are two issues here which are related:
1. How to bridge to a remote Ethernet segment
2. What encryption will work

To create a wireless bridge from an access point to an Ethernet
segment requires a transparent bridge which will support multiple MAC
addresses. Most devices which can do this are implementations of
Wireless Distribution System (WDS), which is described in IEEE
802.11, but not in unambiguous detail. For this reason, WDS
implementations can and do differ, not only between manufacturers,
but also between devices from the same manufacturer! [Aside: There is
however an IEEE task group which will sort this out in due course.
IIRC it's 802.11s]

WDS implementations are found in so-called 'gaming bridges' and in
multi-mode access points, where WDS is used in Repeater mode and in
Wireless Client (AP Client) mode.

To do what I understand you to want, you need either a 'gaming
bridge' or a multi-mode access point configured in Wireless Client
mode.

While it's entirely possible that a D-Link device will act as a
wireless client to your Netgear wireless router, for the reasons
above I suggest you stick to Netgear kit.

In a WDS implementation, the MAC frames have four address fields.
These are used for:
- Destination Address (DA) - final destination
- Source Address (SA) - original sender
- Receiver Address (RA) - intermediate receiver
- Transmitter Address (TA) - intermediate transmitter

This allows for multiple 'hops' between devices. However, these
multiple MAC address fields can cause serious confusion when WPA-PSK
is used, since (part of) the key is derived from the MAC address. For
this reason, WPA-PSK using TKIP does not (generally) work across WDS
links, and you will be limited to WEP.

I said 'generally': I am aware of two WDS implementations which do
claim to work with WPA-PSK. These are the Apple Airport Express, and
the Linksys WRT54G running third party Sveasoft firmware.

Is anybody doing this? Well, I am - using D-Link DWL-900AP+ devices.
I can confirm that WPA-PSK does not work, and that WEP does. If you
want to try a higher speed D-Link device, then the DWL-2100AP will
also do the job, but I can't guarantee it will work with your Netgear
- you'll have to test it...

An overview of some WDS issues can be found in this article:
<http://www.smallnetbuilder.com/Sections-article78-page1.php>

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

<(E-Mail Removed)> wrote:

> It seems like two D-Link WAPs might do it, since they support WAP, PtP,
> PtMP, client, and repeater mode. Surely one of those might do the
> trick, no? But their FAQ specifically states that in "wireless
> distribution mode", (not sure which of the five types that applies to),
> it doesn't support WPA--which I need because I'm in a very dense
> high-tech area and have very sensitive data and am very paranoid.

AFAIK, the only products currently capable of doing WDS with WPA are
Apple's AirPort base stations (Extreme and Express). They can also
handle clients while doing WDS, although this obviously imposes a
performance penalty.

If you anticipate heavy network use by several of your five computers at
the same time, I suggest you rethink the option of installing an
Ethernet cable (or a phone jack near the wired computers) now, before
you spend money experimenting with wireless hardware. Wireless is a
great convenience, but it often disappoints those who expect it to be a
complete substitute for wire.

hi,
here's what I'd do:
get a coupla access points capable of running in "bridge" mode; Most
D-Link APs, Engenius/Senao APs are capable of this.
Connect one AP/Bridge to the LAN port of your Netgear wireless router.
Connect the other AP/Bridge to one of the ports on your switch (that
has the 5 PCs)
configure the bridges to talk to each other(enter one's mac address
into the other).
make sure the 5 PCs are in the same network segment as the LAN side of
the Netegear (same IP address range).
Enable WEP between the two bridges.
I havent seen a bridge do WPA (cos they arent supposed to) with the
other.
Dont bother with WDS because it involves a massive degradation in
throughput.

"Neill Massello" <(E-Mail Removed)> wrote in message
news:1guv4oz.7qnk0dtaz1gyN%neillmassello@earthlink .net...
> <(E-Mail Removed)> wrote:
>
> > It seems like two D-Link WAPs might do it, since they support WAP,
PtP,
> > PtMP, client, and repeater mode. Surely one of those might do the
> > trick, no? But their FAQ specifically states that in "wireless
> > distribution mode", (not sure which of the five types that applies
to),
> > it doesn't support WPA--which I need because I'm in a very dense
> > high-tech area and have very sensitive data and am very paranoid.
>
> AFAIK, the only products currently capable of doing WDS with WPA are
> Apple's AirPort base stations (Extreme and Express). They can also
> handle clients while doing WDS, although this obviously imposes a
> performance penalty.
>
> If you anticipate heavy network use by several of your five
computers at
> the same time, I suggest you rethink the option of installing an
> Ethernet cable (or a phone jack near the wired computers) now,
before
> you spend money experimenting with wireless hardware. Wireless is a
> great convenience, but it often disappoints those who expect it to
be a
> complete substitute for wire.

According to the manual the Zyxel G-402 bridge will do wpa-psk. It
will handle multiple macs.
About 110.00 each though you might find them cheaper.

"Airhead" <(E-Mail Removed)> wrote in message
news:425bb3b9$0$10811$(E-Mail Removed) m...
>
> "Neill Massello" <(E-Mail Removed)> wrote in message
> news:1guv4oz.7qnk0dtaz1gyN%neillmassello@earthlink .net...
> > <(E-Mail Removed)> wrote:
> >
> > > It seems like two D-Link WAPs might do it, since they support
WAP,
> PtP,
> > > PtMP, client, and repeater mode. Surely one of those might do
the
> > > trick, no? But their FAQ specifically states that in "wireless
> > > distribution mode", (not sure which of the five types that
applies
> to),
> > > it doesn't support WPA--which I need because I'm in a very dense
> > > high-tech area and have very sensitive data and am very
paranoid.
> >
> > AFAIK, the only products currently capable of doing WDS with WPA
are
> > Apple's AirPort base stations (Extreme and Express). They can also
> > handle clients while doing WDS, although this obviously imposes a
> > performance penalty.
> >
> > If you anticipate heavy network use by several of your five
> computers at
> > the same time, I suggest you rethink the option of installing an
> > Ethernet cable (or a phone jack near the wired computers) now,
> before
> > you spend money experimenting with wireless hardware. Wireless is
a
> > great convenience, but it often disappoints those who expect it to
> be a
> > complete substitute for wire.
>
> According to the manual the Zyxel G-402 bridge will do wpa-psk. It
> will handle multiple macs.
> About 110.00 each though you might find them cheaper.

Meant G-405
>

"Airhead" <(E-Mail Removed)> wrote in message
news:425bb4f5$0$10811$(E-Mail Removed) m...
>
> "Airhead" <(E-Mail Removed)> wrote in message
> news:425bb3b9$0$10811$(E-Mail Removed) m...
> >
> > "Neill Massello" <(E-Mail Removed)> wrote in message
> > news:1guv4oz.7qnk0dtaz1gyN%neillmassello@earthlink .net...
> > > <(E-Mail Removed)> wrote:
> > >
> > > > It seems like two D-Link WAPs might do it, since they support
> WAP,
> > PtP,
> > > > PtMP, client, and repeater mode. Surely one of those might do
> the
> > > > trick, no? But their FAQ specifically states that in
"wireless
> > > > distribution mode", (not sure which of the five types that
> applies
> > to),
> > > > it doesn't support WPA--which I need because I'm in a very
dense
> > > > high-tech area and have very sensitive data and am very
> paranoid.
> > >
> > > AFAIK, the only products currently capable of doing WDS with WPA
> are
> > > Apple's AirPort base stations (Extreme and Express). They can
also
> > > handle clients while doing WDS, although this obviously imposes
a
> > > performance penalty.
> > >
> > > If you anticipate heavy network use by several of your five
> > computers at
> > > the same time, I suggest you rethink the option of installing an
> > > Ethernet cable (or a phone jack near the wired computers) now,
> > before
> > > you spend money experimenting with wireless hardware. Wireless
is
> a
> > > great convenience, but it often disappoints those who expect it
to
> > be a
> > > complete substitute for wire.
> >
> > According to the manual the Zyxel G-402 bridge will do wpa-psk. It
> > will handle multiple macs.
> > About 110.00 each though you might find them cheaper.
>
> Meant G-405

SMC claims to have the first bridge to support wpa SMC2870W about
75.00