First foray into the wireless world, couple of questions...

Throwing out some thoughts/questions, welcoming any comments cause I'm a major nub on this subject...

I've got an E1505 coming with an Intel 3945 a/b/g card. At least I think so... in one place Dell says it is a/b/g and in another it just says a/g. So I'm trying to pick out a wireless router. In addition to the notebook I'll have a couple of desktops and a Canon MP780 multifunction printer. Based on what I've read I gather that that, as well as most multifunction printers, isn't designed to work when hanging off a [wireless] print server and if you are lucky you might get just basic printing to work. That sound about right? I don't print often and when I do use the Canon I'm just as likely to be scanning or faxing, and seeing as how I don't need any storage on the network I'm thinking that there is no real benefit to getting a wireless router with USB port and print server functionality. Perhaps I should just make due with what I have... switching USB cable or printing through a desktop... and then somewhere down the road purchase a networked multifunction printer(?).

Anyhoo, so this wireless router (lets say WR) will be in a back bedroom hanging off my cable modem, and need to support notebook use in other rooms on just that floor. The straight distance between the WR and the notebook would be no more than 35'. However, there would be wood doors and drywall/wood walls in beween the WR and notebook. Worst case direct path of the signal would travel diagonally through a door and like 4 to 6 walls. I'm kinda wondering if all that intervening wood/drywall is gonna be a problem. Repositioning the WR is possible but that would move the switched ethernet ports away from my desktops.

I've started looking at WRs and one of the ones I like is the WRT54GL. I think I'd have to switch firmware to get IPv6 support which I might need down the road, but upgradability is the nice feature of that WR. One thing that has surprised me is that that router and all the others I've looked at so far lack a wireless cutoff switch. If you won't be using the wireless network for awhile it would be a good idea to disable it, right? If you are using a WR with switched ethernet ports you can't simple kill the power without taking out the latter, right?

If SSID broadcast is disabled, MAC addresses other than those used by your notebook(s) are blocked, said notebook(s) are off, and we assume for a moment that no one has sniffed your MAC addresses and is trying to access your network, would the WR transmit anything? Is that as close as you can get to disabling the wireless short of changing a config setting?

Wow, this got long. A thank you if you made it this far and especially if you can share any info or tips or whatever.

Reply to
David
Loading thread data ...

On Wed, 8 Nov 2006 08:11:06 -0500, "David" wrote in :

Likely typo -- essentially all 'g' products are 'b' as well.

Yes, although some print servers have better support than others.

Your choice.

That many walls are likely to be a problem. Consider wired networking instead: Ethernet, powerline, phoneline, or coax.

Not really. You'll have ample security with WPA and a strong passphrase.

Right.

Bad ideas -- won't improve security, and likely to cause problems.

Just leave it on. Helps to discourage neighbors from setting up on your channel. ;)

Reply to
John Navas

"David" hath wroth:

Thoughts should be recycled, not thrown out. There may come a day, probably after global warming, when the world runs out of thoughts. Conserve now or risk rationing your thoughts in the future.

Look on the bottom of the Dell Inspiron E1505. It should have the service code. Inscribe the service code into the Dell Support web page and it will tell you exactly what's inside your specific machine. It's the same information that was supplied on the manafest that came with the computer. Hopefully, you didn't throw it out with the thoughts and questions.

Incidentally, Dell has a new wireless support center at: |

formatting link

For wireless hardware reviews, see: |

formatting link
|
formatting link

Unfortunately true. Multi-malfunction printer/fax/scanner/etc generally do not work unless the drivers and the print server are supported by the printer manufacturer.

I think that DLink added a few more supported printers to their DPR-1260 list. It has the Canon MP730 but not the MP780. That won't work:

formatting link

Methinks you should figure out what you're going to be doing before you spend the money.

Or purchase a multifunction printer with either built in wireless conenctivity, or a built in network print server. USB print servers are in my opinion problematic.

Yes, it MIGHT be a problem depending on the construction. Wood and drywall will act as a partial obstruction. These are usually not a problem. It's the foil backed insulation in the wall that's the killer. My usual rule of thumb is 1 wall is no problem. 2 walls are a potential problem. 3 walls will be unreliable or not work. I think

4-6 walls will not work.

Since it appears that your wireless router will be at one end of the house, and the users at the other, some manner of reflector behind the wireless router might be useful.

formatting link
The site seems to be down. Also try different positions for the cable modem and wireless router. Keep the antenna high and away from the tangle of wires. Try relocating into hallways and open areas. Maybe move it to the middle of the house.

Incidentally, that's the same as WRT54G v4. Avoid v5, v6, and v7 if possible. I suggest you install some alternative firmware such as OpenWRT or DD-WRT. Many more features. DD-WRT emulator: |

formatting link

IPv6 is supported on the alternative firmware versions. |

formatting link

None of the cheapo routers that I know of have a real switch. At best, they have it in software. |

formatting link
like the WRT54GL doesn't even have it in software.

DD-WRT doesn't either. However, you can adjust the xmit power down to almost zero. See "xmit power" setting at: |

formatting link

Yep. I tell people that pulling the plug is the ultimate security. Nobody seems to do it for security purposes. The only ones that do are some of my coffee shop and bar hot spot customers, that don't want the wireless active during peak business hours, or at night when nobody is around.

Nope. If you have seperate boxes for the router and wireless access point, you can do that. The ethernet switch goes with the router. Of course, you could turn off the whole thing.

Please do not bother with SSID broadcasting, MAC address filters, and other security band-aids. You're basic protection is the WPA or WPA2 encryption. If that works and your WPA pass phrase is secure, you're done with security. If not, all the band-aids suggested will create a few obstacles but not impediments to intrusion. See the FAQ at:

formatting link
However, if you disable broadcasting, and fill the WPA pass phrase with garbage, the wireless will be effectively unuseable which is probably what you want.

Yep.

formatting link

Reply to
Jeff Liebermann

I have a similar number of walls and have no problems. However, the layout of the walls and their relation to hallways and rooms may make your situation worse. In my worst case I have 5 walls and a door between the router and the client machine if you draw a straight line. Most likely there isn't much signal going down that path. Instead I probably get most of the signal from reflections going down the hall after making a right turn in the kitchen. Using an 802.11b router I still get 4Mbps transfer rate despite the walls and 40' distance. As always though, your mileage may vary.

Also look into the Buffalo WHR-G54S. They are cheaper than the WRT54GL, but have essentially the same hardware ($39 at newegg.com). Load up the DD-WRT firmware and you'll have your IPv6 support if you need it.

I would suggest just setting up good security and forget about turning off the wireless (MAC filtering and SSID hiding don't count as good security -- WPA with a good pass phrase does). If you really want to do this, get a simple wired router and use the wireless router as an plain access point. Then you can kill the wireless router and the wired router will still be handling your wired clients.

Reply to
Bryant Smith

Many years ago, I was running some tests on the number of walls that can be penetrated by a clients products. The signal would rapidly decrease linearly with the addition of wall until about 3 walls. After that, it would remain almost constant. I eventually found 8 walls (in a large office building) and the signal was still there. I did some crude direction finding and found that it was going out a window, bouncing off the office building next door, and coming back through another window. When I did the same test diagonally across the office building floor, the signal did the expected linear fade into oblivion.

I once had to figure out how to distribute Wi-Fi in a hospital that was terminally paranoid about RF, antennas, drilling holes, wiring, and such. I had fairly good success using the HVAC ducting as a waveguide. It worked fairly well until the maintenance group discovered what I was doing and ended he experiment. I've often suspected that miraculous indoor propagation is actually waveguide effects through the ducting.

Reply to
Jeff Liebermann

-snip-

Thanks for the earlier replies. I read them all and decided to give the WRT54GL a try, reporting back on what I found. I'm pleased to say that the E1505/Intel 3945 and WRT54GL/stock firmware combo was up and running quickly. I think I have all the security bases covered and then some, sanity check welcome...

- Changed default wireless router IP & DHCP starting address

- Max length, strong SSID, went ahead and disabled broadcasts since it was easy

- WPA2 Personal, TKIP+AES, max length strong WPA shared key

- Went ahead and enabled MAC filtering

- AP Isolation on

- Blocking anon net requests, filtering multicast and idents

- Max length, strong admin username & password

- Admin access via HTTPS, remote management off, wireless access on for convenience at least for now

- No holes opened for local network servers

The Intel wireless software reports 4 or 5 bars out of 5 for signal strength regardless of where I am and so far I haven't had any connection problems that I'm aware of. Speed tests via wireless are coming in around 7Mbps no matter where I am. Which is about half of what I get through the router via hardwired LAN. The wireless performance sounds low to me but I need to do some more research into that.

Reply to
David

On Wed, 15 Nov 2006 00:21:08 -0500, "David" wrote in :

No need or point.

Bad idea. Turn SSID back on. Just make it unique. Length is irrelevant. There's no (zip, zilch, nada) "strength" in the SSID.

Good. Enterprise would be better.

Bad idea. Won't do any real good, likely to cause problems.

Good.

OK.

Good.

OK.

Good.

The bars are only truly meaningful when the network is under load.

That is low. With good signal you should be getting about 22 Mbps wireless to wired, or about 11 Mbps wireless to wireless.

Reply to
John Navas

I've tried to read up on these and AFAICT both present low hurdles. I'm not relying on them, and the way I see it a hurdle is a hurdle and I'll take it even if it is low. The Intel software remembers the SSID for me and I only have one MAC address to whitelist so I'm not seeing an issue WRT inconvenience. Taking this into consideration, why do you say they are a bad idea?

Well after netstumbling for any problems and updating software and tweaking everything I could find I still get substantially lower test results over wireless vs hardwire on the Speak Easy Speed Tests. As a sanity check I used iperf to check desktopnotebook bandwidth and it reports a little over 25Mbps. Maybe after some sleep I'll finish getting to the bottom of this .

Reply to
David

On Wed, 15 Nov 2006 04:21:20 -0500, "David" wrote in :

THE SIX DUMBEST WAYS TO SECURE A WIRELESS LAN (Wireless LAN security hall of shame)

MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the person?s name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that person?s name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain.

The downside of MAC filtering is that it often results in mysterious problems that waste lots of time to troubleshoot and fix. With no real upside, and a significant potential downside, it just doesn't make sense. Think cost:benefit ratio.

SSID hiding: There is no such thing as "SSID hiding". You?re only hiding SSID beaconing on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all youve achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly. You dont need to take my word for it. Just ask Robert Moskowitz who is the Senior Technical Director of ICSA Labs in his white paper Debunking the myth of SSID hiding.

The downsides of SSID hiding are that it (a) makes it more likely that a neighbor will set up on the same channel as you, resulting in interference that can make your Wi-Fi problematic, and (b) can cause mysterious dropouts with products and/or drivers that don't handle it well. Again, with no real upside, and a significant potential downside, it just doesn't make sense. Cost:benefit ratio.

A likely cause of your problem is RF interference. (Check your error rate.) Perhaps a neighbor is using the same channel and hiding the SSID, so you haven't noticed. ;)

Reply to
John Navas

Both the Intel software and Netstumbler report the presence of my own wireless router when it is using SSID hiding so I wonder if the latter is a possibility. According to NetStumbler all the other devices around here (one or two of which are on my channel) are coming in at -85 dBm or worse while mine is around -17 dBM when testing here in my office. In Intel Advanced Statistics->Statistics signal strength is -18dBm, the percent transmit errors stat is 0, and nothing else seems to be reflecting any wireless problems.

FWIW, here is a summary of the Speakeasy download speed test results. The first is baseline (just through my Comcast cable modem), the next two include the Wireless Router in the path:

NotebookSpeakeasy (16Mbps) NotebookWRSpeakeasy (16 Mbps) NotebookWRSpeakeasy (7 Mbps)

Next, I used iperf to exercise all paths through the router and eliminated my cable modem and the Internet from the picture. In these tests I used my notebook and desktop computers, with both being directly connected to the specified ports on the router:

NotebookWRDesktop (19.6 Mbps) NotebookWRDesktop (25 Mbps) NotebookWRDesktop (40 Mbps) NotebookWRDesktop (93.5 Mbps)

Assuming 25Mbps over TCP over a non-accelerated G only wireless connection is good, I'm inclined to think that my wireless connection is good and RF interference isn't really a problem. I've played with every Intel 3945 and WRT54GL setting I could think of and that didn't have any noticeable impact on performance in any of the above scenarios. I don't know what is going on, but one thing jumps out and that is the reduced throughput when traffic is moving through the uplink port.

Reply to
David

On Thu, 16 Nov 2006 02:09:31 -0500, "David" wrote in :

It's also a good idea to turn off *all* security and restore everything to *default* values when troubleshooting (including turning SSID broadcast ON). I've seen a number of cases where something like SSID hiding resulted in performance problems. Then configure to your taste, and track resulting changes.

Interference could be coming from many other possible sources. See wiki below for a list of possible sources.

OK.

Also try , which I've found more reliable than other test sites.

From these it seems the WR isn't playing nice with the CM with a wireless client. Even though wired seems to work OK, check for a bad WAN cable, connector, or (as Jeff suggested and I discounted in another thread) NWay Autonegotiation failure (e.g., duplex mismatch ).

A drop isn't unexpected, because the router only comes into play between WAN (uplink) and LAN ports.

I personally wouldn't waste too much time on this -- I'd try another wireless router; e.g., pick up a Buffalo at your local Best Buy that you can return if it doesn't help.

Reply to
John Navas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.