AccessPoints

Hello:

I am interested in buying a commercial-grade access point for a WLAN
solution for our office (about 50 wireless users, single floor, several
labs with groups of people). The access point will be connected to a box
with pfSense running on it. A little investigation showed the following
products as possible candidates:

[1] 3Com® Wireless LAN Managed Access Point 2750 / 3CRWX275075A
http://www.3com.com/products/en_US/d...u=3CRWX275075A

[2] 3Com® Wireless 7760 11a/b/g PoE Access Point / 3CRWE776075
http://www.3com.com/products/en_US/d...ku=3CRWE776075

Questions:
1. would I be able to use the PoE functionality if I connect to a PC
with pfSense? Does it have to be a 3Com switch on the other side?

2. I was trying to find differences between the products -- [2] supports
WDS, can run in SuperG mode. They are both similarly priced. Is there
any major feature in one which is not in the other?

I am also looking for feedback on either of these products or any other
commercial grade AccessPoints.

Thanks.


John Smith

John Smith <(E-Mail Removed)> hath wroth:

>I am interested in buying a commercial-grade access point for a WLAN
>solution for our office (about 50 wireless users, single floor, several
>labs with groups of people).

I'm not sure a single access point will be sufficient for 50 users. IT
really depends on what they're doing and how much traffic you're
expecting. If this is a "wired ethernet replacement" system, methinks
you'll have quite a bit of wireless to wireless traffic, which might
be a problem.

>The access point will be connected to a box
>with pfSense running on it.

Ok, a M0n0wall mutation. Good choice. I assume it's already running.

>A little investigation showed the following
>products as possible candidates:
>
>[1] 3Com® Wireless LAN Managed Access Point 2750 / 3CRWX275075A
>http://www.3com.com/products/en_US/d...u=3CRWX275075A
>
>[2] 3Com® Wireless 7760 11a/b/g PoE Access Point / 3CRWE776075
>http://www.3com.com/products/en_US/d...ku=3CRWE776075
>
>Questions:
>1. would I be able to use the PoE functionality if I connect to a PC
>with pfSense? Does it have to be a 3Com switch on the other side?

Almost anything that claims 802.3af PoE compliance should work. It
does not need to be a 3com switch.

That being said, there are a few traps out there. One is that there
are a few Class zero PoE injectors that are nothing more than a power
supply and a big resistor. It's difficult to tell what's inside and
many vendors do not list which class levels or power output they
deliver.

Methinks something like:
http://www.dlink.com/products/?pid=332
http://www.hyperlinktech.com/web/ps4820-poe.php
http://www.luxul.net/PoE.htm
(etc...)
*MIGHT* work, but the data sheets are seriously lacking. I couldn't
find a stand alone, single port PoE injector from 3com, so they're
apparently pushing their switches. You're not going to blow up
anything by experimenting with different injectors, so for $30 to $50,
it's probably safe to experiment (Learn by Destroying).

There are different power ratings for PoE named Class 0 through Class
4. The 3com data sheet and trash can filler didn't bother mentioning
which class level their AP's require or how much power their AP's
burn, so I can't tell for sure how fancy a PoE injector is required.
Call 3scum pre-sales support and pry it out of them.

>2. I was trying to find differences between the products -- [2] supports
>WDS, can run in SuperG mode. They are both similarly priced. Is there
>any major feature in one which is not in the other?

With 50 users, you're going to have performance problems. WDS is
going to slow everything down. I suggest you run the wires and not
use WDS. Super-G, Afterburner, and Turbo-G are useful only at fairly
short ranges. Are you sure you actually need any of these?

>I am also looking for feedback on either of these products or any other
>commercial grade AccessPoints.

Suggestions:
1. Unless you're hiding all 50 of your users behind the M0n0wall,
it's overkill, especially if you already have an existing router.
Sounds like you already have PFSense installed, which should work.
2. Stay away from the exotic 802.11 enhancements. 802.11g is good
enough. MIMO is better but is currently not standardized and will
probably create future compatibility issues.
3. One access point is not enough for 50 full time users. You
mumbled something about a "lab". My experience with one biotech lab
is that they do real time video over wi-fi and send giant files over
the network almost continuously. I think you need to do some capacity
planning.
4. Mixing vendors is wonderful as long as you're not the one that has
to maintain the system. You might look into a wireless switch system
(Aruba, Symbol, etc) and something with bundled admin and monitoring
tools. However, if all you want to do is tack on a few AP's to your
existing M0n0wall, that's also overkill.
5. There is almost always a public/private WLAN issue, where visitors
need to connect to the internet, but IT doesn't want them on the
inside LAN. Think about AP's with multiple SSID's or possibly
multiple AP's exclusively for visitors. Both 3com AP's will do this,
but you should remember to make it a key part of the config.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Uzytkownik "John Smith" <(E-Mail Removed)> napisal w wiadomosci
news:FKpOg.73$(E-Mail Removed)...
> Hello:
>
> I am interested in buying a commercial-grade access point for a WLAN
> solution for our office [1] 3Com® Wireless LAN Managed Access Point 2750 /
> 3CRWX275075A
> http://www.3com.com/products/en_US/d...u=3CRWX275075A
>
> [2] 3Com® Wireless 7760 11a/b/g PoE Access Point / 3CRWE776075
> http://www.3com.com/products/en_US/d...ku=3CRWE776075

One 3COM Access Point is not able to connect 50 users, 3COM is not good
choice for WLAN.
I think U sholud read about Cisco or Mikrotik RouterOS (at Routerboard or
PC), but I think to connect 50 users U have to buy 2 AP or 2 mPCI cards in
Mikrotik.

Wlochaty
Poland

Thanks for your response. I have setup the network as following:

- added two WRT54G v6 routers (firmware v1.00.9) as AccessPoints using
wired connections.
- divided the users among two AccessPoints depending on where they sit
in the office.
- a third AP has been designated as a visitor AP with internet-only
access. If one of the "employee" accesspoints went down, they will still
be able to connect to this and VPN to the network.
- the number of users currently is ~ 35 and we think it will be around
50 by the end of the year. Will add another AP then.

The new setup seems to work well. I decided to not go with 3CRWX275075A
or 3CRWE776075.

I do have a question about setting up the WRT54Gv6 as an AccessPoint.
Here's my setup:

================================================== =================
- Setup >> Basic Setup
* Internet Connection Type: Automatic Configuration - DHCP
* Router Name: UDaMan
* MTU (manual): 1430
* Local IP Address: 10.100.1.4 (gateway/pfSense is 10.100.1.1 and
APs are 3,4)
* Subnet mask: 255.255.255.0
* Network Address Server Setting (DHCP): Disable
* Time Setting: Time Zone Set

- Setup >> Advanced Routing
* Operating Mode: Router
* RIP: Disabled

- Wireless
* Basic Wireless Setting
* Wireless Security (WEP)

- Security
* Firewall
Unchecked all settings

- Administration
* Management
+ UPnP: Enable
+ Wireless Access Web: Enable
================================================== =================

Questions:
1. "Internet Connection Type" could be Automatic Configuration or
Static. Should I choose Static? If I choose Static, I need to enter a
Internet IP Address and a Local IP address, and they cannot be the same.
What should I set for them?
2. In the Automatic Configuration, what is bothering me is that I am not
entering the gateway information anywhere. While the setup is working,
is that a problem?
3. Should UPnP be enabled?
4. In the Status, Current Time comes up as "Not Available". How can I
ensure that it has the correct time?

Thanks.

On 9/15/2006 12:19 PM, Jeff Liebermann wrote:
> John Smith <(E-Mail Removed)> hath wroth:
>
>
>> I am interested in buying a commercial-grade access point for a WLAN
>> solution for our office (about 50 wireless users, single floor, several
>> labs with groups of people).
>>
>
> I'm not sure a single access point will be sufficient for 50 users. IT
> really depends on what they're doing and how much traffic you're
> expecting. If this is a "wired ethernet replacement" system, methinks
> you'll have quite a bit of wireless to wireless traffic, which might
> be a problem.
>
>
>> The access point will be connected to a box
>> with pfSense running on it.
>>
>
> Ok, a M0n0wall mutation. Good choice. I assume it's already running.
>
>
>> A little investigation showed the following
>> products as possible candidates:
>>
>> [1] 3Com® Wireless LAN Managed Access Point 2750 / 3CRWX275075A
>> http://www.3com.com/products/en_US/d...u=3CRWX275075A
>>
>> [2] 3Com® Wireless 7760 11a/b/g PoE Access Point / 3CRWE776075
>> http://www.3com.com/products/en_US/d...ku=3CRWE776075
>>
>> Questions:
>> 1. would I be able to use the PoE functionality if I connect to a PC
>> with pfSense? Does it have to be a 3Com switch on the other side?
>>
>
> Almost anything that claims 802.3af PoE compliance should work. It
> does not need to be a 3com switch.
>
> That being said, there are a few traps out there. One is that there
> are a few Class zero PoE injectors that are nothing more than a power
> supply and a big resistor. It's difficult to tell what's inside and
> many vendors do not list which class levels or power output they
> deliver.
>
> Methinks something like:
> http://www.dlink.com/products/?pid=332
> http://www.hyperlinktech.com/web/ps4820-poe.php
> http://www.luxul.net/PoE.htm
> (etc...)
> *MIGHT* work, but the data sheets are seriously lacking. I couldn't
> find a stand alone, single port PoE injector from 3com, so they're
> apparently pushing their switches. You're not going to blow up
> anything by experimenting with different injectors, so for $30 to $50,
> it's probably safe to experiment (Learn by Destroying).
>
> There are different power ratings for PoE named Class 0 through Class
> 4. The 3com data sheet and trash can filler didn't bother mentioning
> which class level their AP's require or how much power their AP's
> burn, so I can't tell for sure how fancy a PoE injector is required.
> Call 3scum pre-sales support and pry it out of them.
>
>
>> 2. I was trying to find differences between the products -- [2] supports
>> WDS, can run in SuperG mode. They are both similarly priced. Is there
>> any major feature in one which is not in the other?
>>
>
> With 50 users, you're going to have performance problems. WDS is
> going to slow everything down. I suggest you run the wires and not
> use WDS. Super-G, Afterburner, and Turbo-G are useful only at fairly
> short ranges. Are you sure you actually need any of these?
>
>
>> I am also looking for feedback on either of these products or any other
>> commercial grade AccessPoints.
>>
>
> Suggestions:
> 1. Unless you're hiding all 50 of your users behind the M0n0wall,
> it's overkill, especially if you already have an existing router.
> Sounds like you already have PFSense installed, which should work.
> 2. Stay away from the exotic 802.11 enhancements. 802.11g is good
> enough. MIMO is better but is currently not standardized and will
> probably create future compatibility issues.
> 3. One access point is not enough for 50 full time users. You
> mumbled something about a "lab". My experience with one biotech lab
> is that they do real time video over wi-fi and send giant files over
> the network almost continuously. I think you need to do some capacity
> planning.
> 4. Mixing vendors is wonderful as long as you're not the one that has
> to maintain the system. You might look into a wireless switch system
> (Aruba, Symbol, etc) and something with bundled admin and monitoring
> tools. However, if all you want to do is tack on a few AP's to your
> existing M0n0wall, that's also overkill.
> 5. There is almost always a public/private WLAN issue, where visitors
> need to connect to the internet, but IT doesn't want them on the
> inside LAN. Think about AP's with multiple SSID's or possibly
> multiple AP's exclusively for visitors. Both 3com AP's will do this,
> but you should remember to make it a key part of the config.
>
>

rick <(E-Mail Removed)> hath wroth:

>Thanks for your response. I have setup the network as following:
>
>- added two WRT54G v6 routers (firmware v1.00.9) as AccessPoints using
>wired connections.

The v5 and v6 mutations of the WRT54G/GS router are not the best. They
tend to hang on streaming media. It's apparently a hardware issue,
not software. If you see any indication of hangs during streaming
media downloads, I suggest you find a replacement.

| http://forumz.tomshardware.com/netwo...derasc-25.html

>- divided the users among two AccessPoints depending on where they sit
>in the office.

That will take care of the user balanace between access points.
However, it will not do any load balancing.

>- a third AP has been designated as a visitor AP with internet-only
>access. If one of the "employee" accesspoints went down, they will still
>be able to connect to this and VPN to the network.
>
>- the number of users currently is ~ 35 and we think it will be around
>50 by the end of the year. Will add another AP then.
>
>The new setup seems to work well. I decided to not go with 3CRWX275075A
>or 3CRWE776075.
>
>I do have a question about setting up the WRT54Gv6 as an AccessPoint.
>Here's my setup:
>
>================================================= ==================
>- Setup >> Basic Setup
> * Internet Connection Type: Automatic Configuration - DHCP
> * Router Name: UDaMan
> * MTU (manual): 1430

The Maximum MTU should be 1500 for ethernet and 1492 for PPPoE. I
forgot the number for frame relay.

> * Local IP Address: 10.100.1.4 (gateway/pfSense is 10.100.1.1 and
>APs are 3,4)
> * Subnet mask: 255.255.255.0
> * Network Address Server Setting (DHCP): Disable
> * Time Setting: Time Zone Set
>
>- Setup >> Advanced Routing
> * Operating Mode: Router
> * RIP: Disabled
>
>- Wireless
> * Basic Wireless Setting
> * Wireless Security (WEP)

WEP? Why?
You're going to have compatibility problems between users that insist
on typing in ASCII WEP keys and Hex keys.
>
>- Security
> * Firewall
> Unchecked all settings

Firewall doesn't matter. The firewall isn't used as nothing is
plugged into the WAN port.

>- Administration
> * Management
> + UPnP: Enable
> + Wireless Access Web: Enable

You forgot to disable the DHCP server!!!!

See FAQ How-To at:
| http://wireless.wikia.com/wiki/Wi-Fi...s_access_point
I'm not 100% sure that "AP Isolation" has to be turned off to make
this work as an access point. Try turning it on to make sure there's
no wireless client to wireless client connection.

>================================================= ==================
>
>Questions:
>1. "Internet Connection Type" could be Automatic Configuration or
>Static. Should I choose Static? If I choose Static, I need to enter a
>Internet IP Address and a Local IP address, and they cannot be the same.
>What should I set for them?

Doesn't matter if (and only if) you're using the WRT54G as an access
point. The "internet connection" of for the WAN (internet) port which
is not used when setup as an Access Point.

>2. In the Automatic Configuration, what is bothering me is that I am not
>entering the gateway information anywhere. While the setup is working,
>is that a problem?

That's easy. As an access point, the WRT54G is acting as a wireless
bridge on ISO Layer 2. Bridges don't know anything about Layer 3
protocols such as TCP/IP. The only thing you need that has IP
addresses is the managment IP address of the access point 10.100.1.xx
and pointing the gateway IP to 10.100.1.1.

>3. Should UPnP be enabled?

Disabled. It does nothing when used as an access point.

>4. In the Status, Current Time comes up as "Not Available". How can I
>ensure that it has the correct time?

If the gateway IP eventually goes to the internet, the NTP time server
should eventually find whatever time server Linksys is using. Are you
blocking or filtering any ports at the main router?

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Thanks for your response.

On 9/26/2006 12:47 AM, Jeff Liebermann wrote:
> rick <(E-Mail Removed)> hath wroth:
>
>
>> Thanks for your response. I have setup the network as following:
>>
>> - added two WRT54G v6 routers (firmware v1.00.9) as AccessPoints using
>> wired connections.
>>
>
> The v5 and v6 mutations of the WRT54G/GS router are not the best. They
> tend to hang on streaming media. It's apparently a hardware issue,
> not software. If you see any indication of hangs during streaming
> media downloads, I suggest you find a replacement.
>
> | http://forumz.tomshardware.com/netwo...derasc-25.html
>
Thanks for the link. I just purchased the WRT54G from OfficeMax. Do you
recommend any other make/model? Should I flash DD-WRT onto WRT54Gv6
using http://www.bitsum.com/openwiking/owb...WRT54G5%5FCFE?

>> - divided the users among two AccessPoints depending on where they sit
>> in the office.
>>
>
> That will take care of the user balanace between access points.
> However, it will not do any load balancing.
>
Agreed. This was a quick and dirty attempt at load balancing. There may
be one user who is hogging all the bandwith. I'll re-assign as required.

>> - a third AP has been designated as a visitor AP with internet-only
>> access. If one of the "employee" accesspoints went down, they will still
>> be able to connect to this and VPN to the network.
>>
>> - the number of users currently is ~ 35 and we think it will be around
>> 50 by the end of the year. Will add another AP then.
>>
>> The new setup seems to work well. I decided to not go with 3CRWX275075A
>> or 3CRWE776075.
>>
>> I do have a question about setting up the WRT54Gv6 as an AccessPoint.
>> Here's my setup:
>>
>> ================================================== =================
>> - Setup >> Basic Setup
>> * Internet Connection Type: Automatic Configuration - DHCP
>> * Router Name: UDaMan
>> * MTU (manual): 1430
>>
>
> The Maximum MTU should be 1500 for ethernet and 1492 for PPPoE. I
> forgot the number for frame relay.
>
We have a ADSL connection and users have problems connecting to
mail.yahoo.com if MTU is set at 1500. 1430 has worked the best.

>> * Local IP Address: 10.100.1.4 (gateway/pfSense is 10.100.1.1 and
>> APs are 3,4)
>> * Subnet mask: 255.255.255.0
>> * Network Address Server Setting (DHCP): Disable
>> * Time Setting: Time Zone Set
>>
>> - Setup >> Advanced Routing
>> * Operating Mode: Router
>> * RIP: Disabled
>>
>> - Wireless
>> * Basic Wireless Setting
>> * Wireless Security (WEP)
>>
>
> WEP? Why?
> You're going to have compatibility problems between users that insist
> on typing in ASCII WEP keys and Hex keys.
>
Can you please suggest what I should use?

>> - Administration
>> * Management
>> + UPnP: Enable
>> + Wireless Access Web: Enable
>>
>
> You forgot to disable the DHCP server!!!!
>
> See FAQ How-To at:
> | http://wireless.wikia.com/wiki/Wi-Fi...s_access_point
> I'm not 100% sure that "AP Isolation" has to be turned off to make
> this work as an access point. Try turning it on to make sure there's
> no wireless client to wireless client connection.
>
I disabled DHCP -- please see able where I say "Network Address Server
Setting (DHCP): Disable".

>> Questions:
>> 1. "Internet Connection Type" could be Automatic Configuration or
>> Static. Should I choose Static? If I choose Static, I need to enter a
>> Internet IP Address and a Local IP address, and they cannot be the same.
>> What should I set for them?
>>
>
> Doesn't matter if (and only if) you're using the WRT54G as an access
> point. The "internet connection" of for the WAN (internet) port which
> is not used when setup as an Access Point.
>
>
>> 2. In the Automatic Configuration, what is bothering me is that I am not
>> entering the gateway information anywhere. While the setup is working,
>> is that a problem?
>>
>
> That's easy. As an access point, the WRT54G is acting as a wireless
> bridge on ISO Layer 2. Bridges don't know anything about Layer 3
> protocols such as TCP/IP. The only thing you need that has IP
> addresses is the managment IP address of the access point 10.100.1.xx
> and pointing the gateway IP to 10.100.1.1.
>
In the Automatic Configuration, the only IP address I enter is
10.100.1.xx. I am not entering the IP of the gateway, 10.100.1.1. Are
you saying I do not need to enter that?


>> 4. In the Status, Current Time comes up as "Not Available". How can I
>> ensure that it has the correct time?
>>
>
> If the gateway IP eventually goes to the internet, the NTP time server
> should eventually find whatever time server Linksys is using. Are you
> blocking or filtering any ports at the main router?
>
>
No, I am not.

Thanks again for your response.

rick <(E-Mail Removed)> hath wroth:

>Thanks for the link. I just purchased the WRT54G from OfficeMax. Do you
>recommend any other make/model? Should I flash DD-WRT onto WRT54Gv6
>using http://www.bitsum.com/openwiking/owb...WRT54G5%5FCFE?

I don't know. I've had to deal with a few v5 versions. They would
hang all too often and had some other weird problems. At the time,
DD-WRT did not work with v5 so I just returned them and bought
something else. Try asking on the DD-WRT forums and see if anyone has
had any success with v5 and v6.

>We have a ADSL connection and users have problems connecting to
>mail.yahoo.com if MTU is set at 1500. 1430 has worked the best.

It probably won't make any difference as the MTU is a negotiated
value. 1454 is alledged the optimum value:
| http://www.mynetwatchman.com/kb/adsl/pppoemtu.htm
Use ping with the "don't fragment" flag set to test.
| http://support.microsoft.com/?id=319661
| http://www.dslreports.com/tweaks/MTU
Don't forget to subtract 28 bytes for the actual value.

30-50 users on a single ADSL line is going to be constipated. We have
about 30 computers in my office complex running on one 1500/384 DSL
line. It only works because the usage is erratic. If all 30 machines
decided to download large medical images at once, it would be useless.
I suggest you do some bandwidth testing and QoS tweaking.

>> WEP? Why?
>> You're going to have compatibility problems between users that insist
>> on typing in ASCII WEP keys and Hex keys.
>>
>Can you please suggest what I should use?

WPA if possible. Anyone with a modern laptop will have WPA support.
Anyone showing up with a Windoze 98/ME laptop can be told to upgrade.
Recent experience showed that the few without WPA support just went to
the local store and bought a more modern PCMCIA card. Those with
internal wireless (MiniPCI) all had WPA support.

Again, the problem with WEP in this application is not security. It's
the compatibility problem between ASCII to Hex key conversions. If
you run into a few that just insist on using WEP, then setup a
seperate access point just for them running at the slowest possible
speed and the most restricted access. That should give them the clue.

You may have problems with PDA's and SmartPhones that only do WEP. I
don't have an answer for these other than I would not expect anyone to
view medical xray images on these devices.

>I disabled DHCP -- please see able where I say "Network Address Server
>Setting (DHCP): Disable".

Sorry. I missed it.

>In the Automatic Configuration, the only IP address I enter is
>10.100.1.xx. I am not entering the IP of the gateway, 10.100.1.1. Are
>you saying I do not need to enter that?

WHICH automatic configuration? The WAN (internet) connection or the
LAN side. If the WAN, then it doesn't matter because the WAN port is
not used in the access point configuration. If it's the LAN side, you
don't need a gateway because the access point is NOT doing any
routing. There's no way the access point can route packets to the
internet while acting as a bridge. Therefore, you only need the IP
address of the access point in order to configure and manage the
access point. No gateway is required.

http://www.linksysdata.com/ui/WRT54G...00.6/Basic.htm
The "internet connection" section is the WAN connection.
The "Network setup" section is the LAN section.
No gateway required on the LAN side.

>> If the gateway IP eventually goes to the internet, the NTP time server
>> should eventually find whatever time server Linksys is using. Are you
>> blocking or filtering any ports at the main router?
>>
>No, I am not.

Sorry. No clue why NTP isn't working.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558