Our rural neighborhood is about to get high-speed at long last -- delivered using a Nortel 802.11b/g solution.
My problem is that the firewall/router type boxes with wireless available on the market seem to expect "the Internet" to be connected to the firewall/router/wireless part using ethernet (probably with a cable or xDSL modem in mind).
Does anyone know of an ethernet switch with firewall, designed with Internet access using 802.11b/g and supporting 802.1x and WPA, and all connecting to a local ethernet network?
I realize that I could use a two-box solution, adding a WAP to a router/firewall box but, I like to keep things simple if possible!
(I'd really like to get rid of my stand-alone Kerio Pro firewall PC security solution). I could keep using my old ethernet switch.
If I'm following you correctly, the idea is for you to use a 2.4GHz radio with directional antenna to connect to the ISP. And you also want to use 2.4GHz wireless in your house, to service wireless clients.
In that case, a "one-box solution" is not a good idea, as the one box would have one 2.4GHz radio to talk to the ISP and another
2.4GHz radio to talk to your wireless clients. The radios ideally would be separated by at least 5 feet, so this would make for a big box.
I would recommend that you run some Cat5 cable from the wireless bridge (or whatever the device is) that talks to your ISP, and hook it up to a separate 802.11g wireless router such as for example a Linksys WRT54G, on a separate channel, for your wireless clients.
Yes, such a thing exists, for example the Linksys WRT54G that I mentioned - see (apologies for the nasty URL):
It doesn't sound to me, however, like you REALLY want an access point. An access point is sort of a "server" device that allows wireless clients to associate to it. I doubt that an AP would associate to your WISP's equipment, which itself is an AP (or something similar ... using Cisco terminology, it would be a "wireless bridge".) You would want a wireless client bridge
- something like a Linksys WET54G - to talk to your WISP.
In any case, your starting point would be to ask your WISP what CPE they require.
The WRT54G was my starting-point. The trouble is, its firewall assumes that the Internet is connected to the Ethernet port, protecting all the wireless devices -- what I want is that type of box with a handful of
100BaseT Ethernet ports facing my computers, and the Internet connected to the wireless 802.11g port, a WRT54G mirror image effectively.
Yes so ignore the wireless part of it and has been suggested, use another wireless device as the bridge and connect the ethernet output of that to the WAN port of the WRT54G and you've got what you want plus a wireless service to your premises if you later require.
Sounds to me like the Linksys WET54GS5 is what you're looking for:
As the other poster suggests, you *might* be able to use the WRT54G by not using the WAN port, and just connecting to its LAN ports. However, I don't know that the WRT54G has a mode in which it can associate to a root AP. (For that matter, I don't know that the WET54GS5 will be able to connect to your WISP's AP, either ... you should ask them what they suggest.)
Note that neither of these devices will provide gateway functionality. If you need the firewall services that a gateway gives you (probably a good idea whenever you connect to the Internet), then I'd use a wireless bridge (like a plain old WET54G with only 1 LAN port) and connect that to a wired router/gateway such as the Linksys BEFSX41.
That will work fine, *if* the OP is willing to load third party firmware and do some unusual configuration.
Virtually every third party firmware distribution for the WRT54G has a "client" mode.
The WRT54G can provide every gateway functionality necessary.
The problem, which the OP correctly summarized, is that a WRT54G is configured out of the box to connect to the Internet via an ethernet port labeled "WLAN", and the firewall exists between that port and *all* other ports. The Wireless radio and the 4 LAN ports are all bridged as a single interface.
If I read the OP correctly, the desired configuration is one where the Internet access is via the Wireless, and that (rather than the WLAN port) would be separated by the firewall.
One way to accomplish that is to use 2 WRT54G units, one in client mode connecting to the AP via wireless, and with a connection from a LAN port to the WLAN port on the second WRT54G. The first WRT54G must have third party firmware loaded so that it can function in "client" mode. The second one could continue to run Linksys firmware, as its functionality is exactly as Linksys intended (with the firewall between the WLAN and the LAN plus the wireless, which can be just turned off if not needed).
However, a single WRT54G, with any third party firmware that allows logins via ssl or telnet, can be reconfigured as desired without the need for a second unit. The trick is to merely replace the WLAN port with the Wireless port; which might not be easy to initially figure out, but it really isn't that hard.
The Linux system, which has the firewall, has two ethernet hardware interfaces. It only uses one of them in the newer units (if I remember right the version 1 hardware used both, but I may be wrong about that), and multiplexes two channels between that and the VLAN. One channel is then tagged and connected to the WLAN port. The other channel is tagged and connected to the
6 port bridge. The other 5 ports on the bridge go to the 4 LAN ports and the wireless. All of that is controlled by software, and can be changed.
However I don't think any third party firmware currently provides a web interface that can accomplish that configuration, hence it will necessarily have to be done from a shell script. It takes some non-trivial familiarity with Linux and the WRT54G to work out a configuration mechanism.