Jeff Duntemanns Drive-By Wi-Fi Guide
|
|
Cabling a Multi-Zone Network
In general terms, you create a multi-zone network by connecting multiple access points to your router/switch appliance or uplinked switches. A single run of Ethernet cable can go 300 feet before you start having problems, but a switch acts as a repeater and regenerates the signals passing through it. I like to keep single runs of CAT 5 cable to 150 feet where possible. If you need a longer run (and that's a big house!), uplink to a switch and continue the run from the switch. A simple cabling example is shown in Figure 9.13.
Running cables in office suites is usually pretty easy: Most modern construction has dropped or suspended ceilings over which cable can be run very easily. I did a lot of this years back, when we were still running RG-58 ThinNet coaxial cables, and while it can be dusty work it's no more difficult than pushing up the next ceiling panel a few inches and yanking the cable another two or three feet toward its destination.
Running a CAT5 cable to a second access point elsewhere in the house can be a challenge, especially if you don't have a convenient attic or basement for horizontal runs and access to the spaces inside walls for vertical runs. This is why for home installations I recommend installing your first access point near your broadband Internet modem, and then auditing the field in the rest of the house to be sure you really need additional access points. If you have an office or a bedroom on the fringe of your access point's useful field, weigh the cost and difficulty of cutting holes in the walls and pulling cables against the (minor) inconvenience of adding external antennas to the computers out on the fringe.
One caution to amateur electricians: Do not attempt to pull CAT5 cable through a conduit already containing (or due to contain) AC power wiring! This is against all conceivable building codes, and a minor nick in the power cables' insulation could put 120V on your network conductors, destroying equipment and causing a potentially lethal safety hazard.
HomePlug Powerline Networking
Ironically, there are recent technologies that safely mix AC power and network data, by transmitting data over an RF signal conducted on power mains. Powerline networking is somewhat outside the charter of this book, but if you can't pull cable it might be an option to get data to the far corners of your mansion. The Homeplug Powerline Alliance acts like the Wi-Fi alliance to certify powerline networking products as compliant with the HomePlug standard. Linksys and Netgear are major players here, with full products lines that you can read about on their Web sites. HomePlug devices operate at a bit rate of up to 14 Mbps (somewhat faster than 802.11b) and can bridge to a wired network. You can use a pair of HomePlug Ethernet bridges to bring Ethernet data from your router to a wireless access point elsewhere in the house. Figure 9.14 shows schematically how this might be done.
The power lines carry Ethernet data from one bridge to another, just as a wireless bridge (like the Linksys WET11) would do, but without dead spots and interference from nearby electronic equipment.The Linksys PLEBR10 PowerLine EtherFast bridge costs about $100, and two are required for a connection through your home power lines.
See these Web URLs for more information:
Homeplug Powerline Alliance | http://www.homeplug.org/index_basic.html |
Powerline Networking Test Drive | http://www.extremetech.com/article2/0,3973,9262,00.asp |
Powerline Technology eLibrary | http://www.homeplugandplay.com/index.shtml |
Access Point Configuration
There's nothing particularly difficult about configuring a network for multiple access points. Here are the major issues:
-
All access points must have the same SSID value, because they all belong to the same network, and the SSID is the network-not the access point-ID.
-
If the fields of the access points adjoin at any point, adjoining access points must be set to operate on non-overlapping channels. There are only three such channels (1,6, and 11) so if your network is to include more than three access points, you must begin paying attention to the geometry of the network, and where fields intersect. Turn back to Chapter 4 and Figure 4.5 to see how this is done.
-
If your access points support the feature, give them descriptive names. This name is specific to the access point and should not be the same as the SSID. The name will be displayed in the DHCP clients list, and will allow you to tell which client is which without having to check a naked MAC address against a list relating devices to MAC addresses. Irrespective of how it's labeled by some access points, this name is not technically a hostname, and you can't ping the name over the network. (You can still ping an access point by using its local IP address, however.)
As long as you don't need to do anything exotic and (currently) outside the Wi-Fi standard, like roaming, that's about all you need to do. A client adapter can connect to your network from anywhere that lies within range of one of the network's access points.
Configuring Client Adapters
A Wi-Fi client adapter needs an SSID and nothing else to connect to an access point. (It also needs the WEP keys, assuming WEP is enabled for the access point. More on this in Chapters 13 and 14.) If you're not concerned about which access point a given client connects to, there's not much else to do.
Left to their own devices, client adapters will choose which access point to connect to, typically in terms of signal strength: A client will choose the strongest signal it can hear from its location. Forcing a client to connect to a specific access point is more difficult than it should be. With some higher-end client adapters, there is a specific configuration parameter into which you enter the MAC address of the access point that you want the client to connect to. The Cisco 340 client adapters provide this parameter as part of the client profile. Figure 9.15 shows one of the client profile edit screens. Note the list of four fields labeled 'Specified Access Point.' You can set the order in which you want the client to choose an access point from the list of four. If it can hear and connect to #1, it will go with #1. If it can't hear or for some other reason connect to #1, it will try connecting to #2, and so on down the list. If it can't connect to any access point on the list, it will consider itself free to connect to any access point in the network that it can hear. (It will not, of course, try to go outside the network to something with an SSID different from the one specified in the profile.)
Cisco's system is the high road and it works very well. For access points without this feature, you can use MAC address filtering. MAC address filters are worthless for security purposes; that is, to keep out motivated hackers. (Dumb hackers maybe, but those you don't really need to worry about.) However, you can set an access point's filter to refuse connection from any client adapter not on its list.
This works. The downside is that there is no provision for fallback, as there is with Cisco's system of specified access points. If all access points but one refuse a client adapter, and that client adapter's own access point fails or otherwise becomes inaccessible, that client cannot connect to the network and is left out in the cold.
Every access point handles MAC address filtering in a slightly different way. Typically, you must manually enter the Mac addresses of the client adapters you want to allow to connect to the access point. Some access points, however, will show you a list of client adapters connected to them, and allow you to pick clients from the list to add to a MAC address filter.The D-Link DWL-900AP+ is particularly good at this (see Figure 9.16).
The MAC addresses of all clients connected to the access point are contained in the drop-down list labeled 'Connected PCs.' By clicking the Clone button, the displayed MAC address is added to one of the two MAC address filters (allow and deny) as desired.
Once you have all your clients up and running and connecting to your access points, your network is ready to secure. Read Part 3 on Wi-Fi security, and enable Wired Equivalent Privacy for your network.
|
|