Need to add access point

"Zeppo" hath wroth:

Switch to WPA if possible.

I just ran into exactly the same problem. What the employees are doing is installing a PCMCIA card in the same (IBM/Lenovo) laptop. WEP is supposidly fine for the company security because all their wireless connections, even local connections, go through a VPN. When they take the laptop to work, they unplug the PCMCIA wireless card. I can't guaranteed that this will work because the admin may have prevented adding new hardware or drivers.

Sorta. You can't add a 2nd router to your existing network, but you can add an access point (i.e. wireless bridge). Any wireless router can be converted into an access point by simply:

1. setting up the IP address so that it does NOT conflict with the main router. If the WRT54G on the Comcast router is 192.168.1.1, then the added WRT54G should be 192.168.1.2.
2. Disable DHCP server.
3. Don't plug anything into the WAN (internet) port.
4. Connect a CAT5 cable between the two router *LAN* ports. You may need a crossover ethernet cable (not sure).

However, there's something wrong with this picture. There's nothing in her laptop that ties her to a specific encryption type. That's tied to the SSID of the wireless router. If you can add additional wireless connections with Windoze Wireless Zero Config, you should be able to configure that connection for your SSID and WPA (or WEP) connection. On the other hand, if the admin has prevented adding any additional wireless connections, you'll have to do it some other way. Basically, the question is how extensively is this laptop locked down?

WEP is really insecure anyway. use WPA2. However, what is stopping her adding a new network in windows as jeff says?

What's stopping her is the Windoze Group Policy Editor found in XP Pro (not Home). This is commonly used on company issued laptops to prevent users from screwing around with the settings, installing software, and trashing the system. The settings can be anything from permissive to draconian. I deal with a few insurance and banking customers. Judging by the way the laptops are setup and by the written policy statements, they do not want their laptops being used at hot spots, coffee shops, and random wireless connections.

There are some boiler plate templates for security and a Wireless Security plug-in for the GPE. |

Jeff, I was hoping to set up the second router/AP to match the network settings her laptop is looking for doing MAC filtering on it to her laptop's network device. Then add the MAC address of the AP/Router to my list of allowed addresses in my home network router.

The pieces I was missing are those you've listed below.

Do you think this would work?

Jon

That's exactly what it is, Jeff. We can't add any new networks to her laptop or I would just add our home networks to hers. Her laptop is an HP/Compaq NC6000 with a built-in Altheros wireless device. I've tried adding a wireless card to the laptop to see if that could be set up to connect to my network, but it won't let me edit or add any network settings either through Windows or Altheros config utility.

I was planning on switching from WEP to WPA in June when all the kids are home from college with their computers. I need to replace some older non-WPA able devices to do this.

Thanks, Jon

"Zeppo" hath wroth:

Wonderful, you're stuck. About the only way to get it to work is to duplicate the setup of the office wireless LAN with a 2nd access point. You have to know the WEP/WPA key used at the office. If it's setup with RADIUS authentication, you get to build up a RADIUS server, and try to guess your way through its settings. Yech.

If you just want connectivity, and don't care what it looks like, perhaps the ethernet port might be more useful. First, make sure it's setup for DHCP and that it works by plugging a CAT5 cable from the laptop to the router directly. Don't skip this step as it won't work if they've locked down the ethernet port. If that plays, then buy a "wireless bridge", "client adapter", "game adapter" or whatever. Basically, it's just an extension cable for ethernet. Kinda ugly to drag around but at least it's wireless.

Also, if you're just trying to get connectivity for the laptop in some remote part of the house, rather than roaming around the house, you might wanna consider power line networking (HomePlug) or phone line networking (HomePNA). I would run CAT5 cable but that may not be possible.

Sounds like a plan. Good luck.

"Zeppo" hath wroth:

Maybe. It would work only if you knew the exact setup at the office and all the requisite passwords, encryption keys, configs, and incantations used at the office. If there's any form of authentication being used at the office (i.e. RADIUS server), it won't work. The easiest way to test it is to temporarily turn your existing wireless contrivance into a simulated office enironment. If that works, buy another wireless router or access point and you're done. If not, you're stuck. See my other rant for suggestions.

Just out of curiosity, can you add a USB device? if so, maybe one of those USB WiFi dongles, it will still be wireless, but a different device than the built in... Could maybe do that for your kids too when they come home..

They do give us a setup sheet to help set up your home network to match theirs, so that's not a problem. No Radius server involved.

I guess since you need to VPN into their network they are not that worried, but they don't want to have to be responsible for more than there own network setup.

I won't get a chance to try this out until the 2nd weekend in June but your advice has been invaluable. I'll let you know how I make out.

Thanks, Jon

Unfortunately, no. I tried setting up a WUS54G device and it recognized the hardware, let me install the drivers, but wouldn't recognize any network setting for it.

Jon

"Zeppo" hath wroth:

If they have a VPN requirement, then there's no need for wireless based security. They could easily have left their network unencrypted and it would be just as secure with a VPN. If her IT people had done their homework, there would be no need to lock down the wireless just for their internal network if the only way to get anywhere is through their VPN.

For example, the local hospital has a wireless network. No encryption at all. You connect to the wireless with literally any wireless device. Fire up a web page and you get a one page splash screen with instructions. However, beyond that, you get nothing. You can't see any servers, config screens, or even other connected wireless clients. Without going through the VPN, it goes nowhere. There are enough passwords, encryption keys, authentication mechanisms, and IDS systems beyond the VPN to comply with HIPAA requirements. It's secure and unsniffable.