Bridging to 'remote' LAN--AND accepting wireless notebooks, all with WPA

Hi, my "new" house has only one working phone jack, which the DSL modem
comes in on. However my network of three PCs is in another room, and
stringing an ethernet cable from the LAN switch to the router plugged
into the DSL modem is not an option. I also have 2 wireless notebooks.
So here's what I'm trying to do. It seems stupid simple, over two
weeks and several products, have yet to come close to accomplishing it.
Now I'm thinking of ordering two D-Link WAPs that can do WAP, client,
PtP, PtMP, and repeater--and give that a shot. But I read on their
FAQs that "wireless distribution" mode, they can't to WPA. Anyway,
here's basically what I have now:

* One end: DSL modem > Netgear WGR614v5 802.11g router/WAP/switch
(switch unused; encryption set to WPA-SPK).

* Other end (which I CANNOT string a wire from): three PCs on an
ethernet switch.

* Two more "other" ends: 2 notebooks w/ 802.11b.

The wireless router by the DSL switch, and the ethernet switch creating
the PC lan are only about 20 feet apart and within line-of-sight.
Right now the notebooks connect to the netgear WAP just fine. Getting
the PCs on the ethernet switch connected wirelessly is the tough part.
Of course temporarily running an ethernet cable from the switch to the
router does work. But for doing it wirelessly, I've tried a gaming
adapter plugged into the uplink port of the LAN switch, and more
recently a D-Link bridge (DWL-G810). Neither worked. In hindsight it
seems unlikely they would with that kind of configuration (pushing
traffic from multiple PCs without a NAT router). But I couldn't even
get the DWL-G810 to work plugged into just one PC's NIC, while one
notebook also worked. (Could get either to work if the other was off,
but not both at the same time.) But that isn't really my main problem,
since I don't care if that way works or not--just included it in case
it's relevant.

The challenge seems to be that I not only want to create a wireless
bridge from a router plugged into the DSL modem to a "remote" switched
LAN, but also want to connect wireless notebooks to the DSL
modem/router. Seems like I'd need a WAP at the DSL modem/router end,
the two notebooks, and a bridge on the LAN side--where the bridge and
the WAP don't mind traffic from multiple PCs travelling over one
wireless connection. (What "mode" would that be?)

It seems like two D-Link WAPs might do it, since they support WAP, PtP,
PtMP, client, and repeater mode. Surely one of those might do the
trick, no? But their FAQ specifically states that in "wireless
distribution mode", (not sure which of the five types that applies to),
it doesn't support WPA--which I need because I'm in a very dense
high-tech area and have very sensitive data and am very paranoid.

Any ideas on how to bring this all together, and/or anyone actually
successfully doing the same thing? I do have a Netgear RT311 router
with no wireless and which is more than suitable for firewall tasks,
that I could plug the DSL into one side and a WAP into the other (in
which case I'd throw my WGR614 away--hate that thing anyway).

One more far less important question: anyone know how adding the extra
wireless hop affects online gaming latency? I do gaming on the
weekends. Stringing a cable directly for a few hours is feasible, but
if the additional lag via 802.11g (or bonded "108mbps" G) is only a few
milliseconds, I'd stick with the wireless for good.

BTW, signal strengths are excellent as nothing is very far apart, and I
can and may also invest in multiple high-gain antennas.

Thanks,
Bob Himes

 

I'm not sure what you are saying. But if you are trying to get the wireless
router with DLS to the other network. You just need a wireless network cars
in one on the other wired network and share the connection threw the
computer to the wired network,"ICS".

 

Then you are understanding what I'm saying fairly well. However, "ICS"
is not an option, because not all PCs will be on at all times, and my
requirement is 1) an "always-on", reliable hardware solution, not a
software solution [and DEFINITELY not one based on Windows!], 2) a
solution that is transparent to all PCs, and 3) only one layer of NAT.


I do not nor cannot have two layers of NAT. The first NAT layer is at
the router connected to the DSL modem, right? The second, by your
recomendation, would be at the PC in "ICS" mode acting as a NAT router.

Maybe this "diagram" below might help. These devices do not have to be
independent. For example, right now, the [2.router] and [3.WAP...] are
one and the same device, but are of course logically two different
things. I can and will buy all new gear if necessary to make this
work. Seems simple enough, I can't imagine there is no solution out
there--that can also do WPA. Below is a logical diagram. Each LOGICAL
(not necessarily physical) device is noted inside brackets and with a
preceeding number for the sake of identification in discussion. (e.g.
"[ID.device]".) The "=" signs represents hardwired ethernet cables.

[1.DSL modem]===[2.router]===[3.*WAP/bridge/some magical device* superG
or MIMO]

(magic happens through the air at and/or between points 3
and 4)

[4.*bridge/some magical device* superG or MIMO]===[5.standard ethernet
switch]===[6.pc1], [7.pc2], [8.pc3] (individual wires to each PC from
switch not shown)

[9.notebook1 w/ 802.11b]

[10.notebook2 w/ 802.11b]

So you see what I've got? The DSL modem and router and WAP are an
isolated cluster. The LAN is another isolated cluster. I need a
hardware-based solution that is transparent to the PCs that bridges the
two--AND allows the two isolated notebooks to connect inside the
firewall wirelessly. This is the main architectural challenge I'm
trying to solve and really need help on. WHAT are the devices at
points 3 and 4 that will allow this to happen? OR is there some other
topology (or is that topography?) that could accomplish the same thing?


I realize this might be a little easier if the ethernet switch for the
LAN was also a NAT router--but for interet-to-PC routing purposes, this
is prohibitively complex.

(And to potentially complicate matters more, is the fact that I need
higher-speed "super-G" or MIMO for the "bridge", and for the WAP to
also work simultaneously with 802.11*b* clients. And for everything to
use WPA throughout.)

Thanks!
Bob

 

Consider 2 wap's in bridge mode, one to be plugged into the DSL Modem, and
the second's output will then look like the dsl output, but bridged to the
office area (something like 20-30 ft away), and then one single wap/router
in your computer room, wan input from the bridge output (actually the DSL
modem with the equivalent of a cable, but wireless since you are bridging
wirelessly), replacing the router in your office with a wap/router, but the
WAP part allows the laptops to access the wired network, while the router
part links your wired to the wireless and creates a two segment network (one
wired and one wireless).

Forget the super-g/super high speed wireless 108 rather than 54... Your DSL
modem will only run way SLOWER than even 802.11b! The 54 of regular G will
be way way more speed than the dsl can provide (maybe 3 or 4 max). Hint.. 54
is a bigger number than 4.

 

wrote in

There are two issues here which are related:
1. How to bridge to a remote Ethernet segment
2. What encryption will work

To create a wireless bridge from an access point to an Ethernet
segment requires a transparent bridge which will support multiple MAC
addresses. Most devices which can do this are implementations of
Wireless Distribution System (WDS), which is described in IEEE
802.11, but not in unambiguous detail. For this reason, WDS
implementations can and do differ, not only between manufacturers,
but also between devices from the same manufacturer! [Aside: There is
however an IEEE task group which will sort this out in due course.
IIRC it's 802.11s]

WDS implementations are found in so-called 'gaming bridges' and in
multi-mode access points, where WDS is used in Repeater mode and in
Wireless Client (AP Client) mode.

To do what I understand you to want, you need either a 'gaming
bridge' or a multi-mode access point configured in Wireless Client
mode.

While it's entirely possible that a D-Link device will act as a
wireless client to your Netgear wireless router, for the reasons
above I suggest you stick to Netgear kit.

In a WDS implementation, the MAC frames have four address fields.
These are used for:
- Destination Address (DA) - final destination
- Source Address (SA) - original sender
- Receiver Address (RA) - intermediate receiver
- Transmitter Address (TA) - intermediate transmitter

This allows for multiple 'hops' between devices. However, these
multiple MAC address fields can cause serious confusion when WPA-PSK
is used, since (part of) the key is derived from the MAC address. For
this reason, WPA-PSK using TKIP does not (generally) work across WDS
links, and you will be limited to WEP.

I said 'generally': I am aware of two WDS implementations which do
claim to work with WPA-PSK. These are the Apple Airport Express, and
the Linksys WRT54G running third party Sveasoft firmware.

Is anybody doing this? Well, I am - using D-Link DWL-900AP+ devices.
I can confirm that WPA-PSK does not work, and that WEP does. If you
want to try a higher speed D-Link device, then the DWL-2100AP will
also do the job, but I can't guarantee it will work with your Netgear
- you'll have to test it...

An overview of some WDS issues can be found in this article:
<http://www.smallnetbuilder.com/Sections-article78-page1.php>

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

 

AFAIK, the only products currently capable of doing WDS with WPA are
Apple's AirPort base stations (Extreme and Express). They can also
handle clients while doing WDS, although this obviously imposes a
performance penalty.

If you anticipate heavy network use by several of your five computers at
the same time, I suggest you rethink the option of installing an
Ethernet cable (or a phone jack near the wired computers) now, before
you spend money experimenting with wireless hardware. Wireless is a
great convenience, but it often disappoints those who expect it to be a
complete substitute for wire.

 

hi,
here's what I'd do:
get a coupla access points capable of running in "bridge" mode; Most
D-Link APs, Engenius/Senao APs are capable of this.
Connect one AP/Bridge to the LAN port of your Netgear wireless router.
Connect the other AP/Bridge to one of the ports on your switch (that
has the 5 PCs)
configure the bridges to talk to each other(enter one's mac address
into the other).
make sure the 5 PCs are in the same network segment as the LAN side of
the Netegear (same IP address range).
Enable WEP between the two bridges.
I havent seen a bridge do WPA (cos they arent supposed to) with the
other.
Dont bother with WDS because it involves a massive degradation in
throughput.

 

According to the manual the Zyxel G-402 bridge will do wpa-psk. It
will handle multiple macs.
About 110.00 each though you might find them cheaper.

 

Meant G-405

 

SMC claims to have the first bridge to support wpa SMC2870W about
75.00

 

Thanks that seems like a reasonable solution. Sounds like alot of
airwave traffic though, but hey, if it works why not.

I'm not real clear on what WDS is. Is there any short explanation of
why this would ever be needed and why it degrades performance (I'm
otherwise pretty tech savvy so I should 'get' the short story).

Bob


outbackwifi wrote:
hi,
here's what I'd do:
get a coupla access points capable of running in "bridge" mode; Most
D-Link APs, Engenius/Senao APs are capable of this.
Connect one AP/Bridge to the LAN port of your Netgear wireless router.
Connect the other AP/Bridge to one of the ports on your switch (that
has the 5 PCs)
configure the bridges to talk to each other(enter one's mac address
into the other).
make sure the 5 PCs are in the same network segment as the LAN side of
the Netegear (same IP address range).
Enable WEP between the two bridges.
I havent seen a bridge do WPA (cos they arent supposed to) with the
other.
Dont bother with WDS because it involves a massive degradation in
throughput.

 

Never mind on the WDS question--I failed to follow Richard Perkins WDS
link. (Thanks for that.)

 

Why would the super-G stuff be slower than B? I know the actual data
rate wouldn't really be "108 mbps". But isn't it still 2 bonded G
channels? Why would that be slower than one B channel? Are you
thinking that the compression adds extra overhead? Very
curious--myself I don't know which is correct.

Also, anyone know if D-Link's "MIMO" G products work in their previous
product's "Super-G" mode with compression and frame burst and all that
stuff? Their specs don't say, other than to suggest it's 108mbps..


Peter Pan wrote:
....
Forget the super-g/super high speed wireless 108 rather than 54... Your
DSL
modem will only run way SLOWER than even 802.11b! The 54 of regular G
will
be way way more speed than the dsl can provide (maybe 3 or 4 max).
Hint.. 54
is a bigger number than 4.

 

I meant to say "anyone know if D-Link's "MIMO" G products work *WITH*
their previous
products in 'Super-G' mode with compression and frame burst and all
that
stuff?"

 

You didn't read it very carefully... I said DSL/CABLE is WAY slower than any
B/G/SuperG. Why bother with superg at 108 when you are limited to 3 or 4 on
the dsl/cable? For that matter G at 54 is way more/faster than 3-4. Even B
at 11 is a bigger number than 3-4.
You will be limited by the slowest connection/smallest number, so what
possible good is having a 108 connection to a 3-4 dsl/cable connection? it
will NEVER be more than the slower connection/smallest number.
I don't understand why anyone would think that hmmmm I'll get a 108
connection on my dsl/cable if I buy this certain manufacturers product. THAT
IS ABSOLUTELY POSITIIVELY FALSE! You can NEVER EVER EVER speed up a
cable/dsl connection just because you get something with a bigger number!

 

absolutely not. Won't work with other manufacturers stuff either.

 

wrote in

I'll answer anyway I think...

1. Wireless networking (including what WDS and other distribution
systems are) is explained quite well in IEEE 802.11. Although
standards documents are generallypretty heavy going, IEEE 802.11 is
well worth skimming through if only for the diagrams in Section 5.2.
Get a copy from here:
<http://standards.ieee.org/getieee802/802.11.html>

2. WDS itself doesn't degrade performance: trying to do two things at
once when using a single radio does. And consumer class devices have
only a single radio. That means that a single-radio repeater must
first listen, then re-transmit. It can't do both at once, so the
bandwidth is reduced by half.

Note that it's entirely possible - indeed simple - to have a repeater
with two radios: simply connect a wireless client back-to-back to an
access point.

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

 

Peter Pan, why do you assume I "didn't read carefully"? In fact it is
yourself making the some pretty rotten assumptions.

First of all, you don't know what kind of DSL I have--you have clearly
just ASSUMED I have regular "consumer"-grade DSL.

Secondly, you have completely disregarded internal network transfers--a
big mistake considering I already stated I have three other PCs and two
notebooks. I have extremely large media files that I regularly
transfer back and forth. I can put up with slow wireless transfers for
the few times that I transfer such files that way, but will make
whatever investment is required within reason to get the fastest
transfer speeds possible over the air.

A few % better or worse won't matter much, but two bonded G channels,
to me, sounds like it would be a heck of alot faster than one B
channel. Call me crazy (as you essentially already have on false
assumptions).

I might also point out that YOU haven't read MY posts very well--to
throw your rediculous "accusation" back at you. I already said I know
that super-G isn't really "108mbps". But from what I've read on Tom's
Networking, they usually get about 40mbps actual data throughput on
that stuff. Call me crazy, but that sounds alot better than *3* mbps,
which is the best data throughput I have ever personally acheived in
reality on single B channel products.

Thanks...Bob

number!