Suggestions, Please.

Our rural neighborhood is about to get high-speed at long last --
delivered using a Nortel 802.11b/g solution.

My problem is that the firewall/router type boxes with wireless
available on the market seem to expect "the Internet" to be connected to
the firewall/router/wireless part using ethernet (probably with a cable
or xDSL modem in mind).

Does anyone know of an ethernet switch with firewall, designed with
Internet access using 802.11b/g and supporting 802.1x and WPA, and all
connecting to a local ethernet network?

I realize that I could use a two-box solution, adding a WAP to a
router/firewall box but, I like to keep things simple if possible!

(I'd really like to get rid of my stand-alone Kerio Pro firewall PC
security solution). I could keep using my old ethernet switch.

Thanks for the help and any insights!

Regards,

Bas

Bas,

If I'm following you correctly, the idea is for you to use a 2.4GHz
radio with directional antenna to connect to the ISP. And you also
want to use 2.4GHz wireless in your house, to service wireless clients.

In that case, a "one-box solution" is not a good idea, as the one
box would have one 2.4GHz radio to talk to the ISP and another
2.4GHz radio to talk to your wireless clients. The radios ideally
would be separated by at least 5 feet, so this would make for a
big box.

I would recommend that you run some Cat5 cable from the
wireless bridge (or whatever the device is) that talks to your
ISP, and hook it up to a separate 802.11g wireless router
such as for example a Linksys WRT54G, on a separate channel,
for your wireless clients.

Cheers,

Aaron

Aaron,

Thanks for your help! In fact, I only want wireless to connect to the
ISP. I want to use Cat5 internally.

So what I need is wireless access point functionality in a box with a
firewall, 802.1x, WPA and an Ethernet bridge/switch.

Does such a thing exist?

Thanks again,

Bas

(E-Mail Removed) wrote:
> Bas,
>
> If I'm following you correctly, the idea is for you to use a 2.4GHz
> radio with directional antenna to connect to the ISP. And you also
> want to use 2.4GHz wireless in your house, to service wireless clients.
>
> In that case, a "one-box solution" is not a good idea, as the one
> box would have one 2.4GHz radio to talk to the ISP and another
> 2.4GHz radio to talk to your wireless clients. The radios ideally
> would be separated by at least 5 feet, so this would make for a
> big box.
>
> I would recommend that you run some Cat5 cable from the
> wireless bridge (or whatever the device is) that talks to your
> ISP, and hook it up to a separate 802.11g wireless router
> such as for example a Linksys WRT54G, on a separate channel,
> for your wireless clients.
>
> Cheers,
>
> Aaron
>

> Thanks for your help! In fact, I only want wireless to connect to the
> SP. I want to use Cat5 internally.

OK.

> So what I need is wireless access point functionality in a box with a
> firewall, 802.1x, WPA and an Ethernet bridge/switch.
>
> Does such a thing exist?

Yes, such a thing exists, for example the Linksys WRT54G that
I mentioned - see (apologies for the nasty URL):
http://www.linksys.com/servlet/Satel...VisitorWrapper

It doesn't sound to me, however, like you REALLY want an access
point. An access point is sort of a "server" device that allows
wireless clients to associate to it. I doubt that an AP would
associate to your WISP's equipment, which itself is an AP (or
something similar ... using Cisco terminology, it would be a
"wireless bridge".) You would want a wireless client bridge
- something like a Linksys WET54G - to talk to your WISP.

In any case, your starting point would be to ask your WISP what
CPE they require.

Regards,

Aaron

Hello again, Aaron.

The WRT54G was my starting-point. The trouble is, its firewall assumes
that the Internet is connected to the Ethernet port, protecting all the
wireless devices -- what I want is that type of box with a handful of
100BaseT Ethernet ports facing my computers, and the Internet connected
to the wireless 802.11g port, a WRT54G mirror image effectively.

Thanks again,

Basil

(E-Mail Removed) wrote:
>> Thanks for your help! In fact, I only want wireless to connect to the
>>SP. I want to use Cat5 internally.
>
>
> OK.
>
>
>> So what I need is wireless access point functionality in a box with a
>>firewall, 802.1x, WPA and an Ethernet bridge/switch.
>>
>> Does such a thing exist?
>
>
> Yes, such a thing exists, for example the Linksys WRT54G that
> I mentioned - see (apologies for the nasty URL):
> http://www.linksys.com/servlet/Satel...VisitorWrapper
>
> It doesn't sound to me, however, like you REALLY want an access
> point. An access point is sort of a "server" device that allows
> wireless clients to associate to it. I doubt that an AP would
> associate to your WISP's equipment, which itself is an AP (or
> something similar ... using Cisco terminology, it would be a
> "wireless bridge".) You would want a wireless client bridge
> - something like a Linksys WET54G - to talk to your WISP.
>
> In any case, your starting point would be to ask your WISP what
> CPE they require.
>
> Regards,
>
> Aaron
>

> The WRT54G was my starting-point. The trouble is, its firewall assumes
> that the Internet is connected to the Ethernet port, protecting all the

Yes so ignore the wireless part of it and has been suggested, use
another wireless device as the bridge and connect the ethernet output of
that to the WAN port of the WRT54G and you've got what you want plus a
wireless service to your premises if you later require.

David.

Sounds to me like the Linksys WET54GS5 is what
you're looking for:

http://www.linksys.com/servlet/Satel...VisitorWrapper

As the other poster suggests, you *might* be able to use the WRT54G
by not using the WAN port, and just connecting to its LAN ports.
However, I don't know that the WRT54G has a mode in which it can
associate to a root AP. (For that matter, I don't know that the
WET54GS5 will be able to connect to your WISP's AP, either ...
you should ask them what they suggest.)

Note that neither of these devices will provide gateway functionality.
If you need the firewall services that a gateway gives you (probably
a good idea whenever you connect to the Internet), then I'd use
a wireless bridge (like a plain old WET54G with only 1 LAN port)
and connect that to a wired router/gateway such as the Linksys
BEFSX41.

Cheers,

Aaron

"(E-Mail Removed)" <(E-Mail Removed)> wrote:
>Sounds to me like the Linksys WET54GS5 is what
>you're looking for:
>
>http://www.linksys.com/servlet/Satel...VisitorWrapper

I'm not sure that will do what the OP wants.

>As the other poster suggests, you *might* be able to use the WRT54G
>by not using the WAN port, and just connecting to its LAN ports.

That will work fine, *if* the OP is willing to load third party
firmware and do some unusual configuration.

>However, I don't know that the WRT54G has a mode in which it can
>associate to a root AP. (For that matter, I don't know that the
>WET54GS5 will be able to connect to your WISP's AP, either ...
>you should ask them what they suggest.)

Virtually every third party firmware distribution for the WRT54G
has a "client" mode.

>Note that neither of these devices will provide gateway functionality.

The WRT54G can provide every gateway functionality necessary.

>If you need the firewall services that a gateway gives you (probably
>a good idea whenever you connect to the Internet), then I'd use
>a wireless bridge (like a plain old WET54G with only 1 LAN port)
>and connect that to a wired router/gateway such as the Linksys
>BEFSX41.

The problem, which the OP correctly summarized, is that a WRT54G
is configured out of the box to connect to the Internet via an
ethernet port labeled "WLAN", and the firewall exists between that
port and *all* other ports. The Wireless radio and the 4 LAN ports
are all bridged as a single interface.

If I read the OP correctly, the desired configuration is one
where the Internet access is via the Wireless, and that (rather
than the WLAN port) would be separated by the firewall.

One way to accomplish that is to use 2 WRT54G units, one
in client mode connecting to the AP via wireless, and with
a connection from a LAN port to the WLAN port on the second
WRT54G. The first WRT54G must have third party firmware loaded
so that it can function in "client" mode. The second one could
continue to run Linksys firmware, as its functionality is exactly
as Linksys intended (with the firewall between the WLAN and the LAN
plus the wireless, which can be just turned off if not needed).

However, a single WRT54G, with any third party firmware that
allows logins via ssl or telnet, can be reconfigured as desired
without the need for a second unit. The trick is to merely
replace the WLAN port with the Wireless port; which might not be
easy to initially figure out, but it really isn't that hard.

The Linux system, which has the firewall, has two ethernet
hardware interfaces. It only uses one of them in the newer
units (if I remember right the version 1 hardware used both, but
I may be wrong about that), and multiplexes two channels between
that and the VLAN. One channel is then tagged and connected to
the WLAN port. The other channel is tagged and connected to the
6 port bridge. The other 5 ports on the bridge go to the 4 LAN
ports and the wireless. All of that is controlled by software,
and can be changed.

However I don't think any third party firmware currently provides
a web interface that can accomplish that configuration, hence it
will necessarily have to be done from a shell script. It takes
some non-trivial familiarity with Linux and the WRT54G to work out
a configuration mechanism.

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

There are alternate firmware options for your WRT54G. Look here...
http://www.google.com/search?hl=en&l...re&btnG=Search

Boatner