Wi-Fi How To

Revision as of 00:35, 18 September 2009 (view source)

JohnNavas (Talk | contribs)

(→Two wireless networks on one router: edit)

← Older edit

Latest revision as of 21:55, 19 March 2013 (view source)

JohnNavas (Talk | contribs)

m (→Measure wireless network performance: update)

Line 16:

* Internet speed testing (''e.g., ''[http://nitro.ucsc.edu/ NDT]) probably ''won't'' tell you anything about your wireless network performance (because wireless is normally faster than an Internet connection).

* Instead, measure data transfer throughput between two computers on your network, using software tools such as:

-

** [http://~~dast~~.~~nlanr~~.net~~/Projects~~/Iperf/ ~~Iperf~~]

+

** [http://iperf.sourceforge.net/ Iperf]

+

** [http://code.google.com/p/xjperf/ Jperf]

** [http://freshmeat.net/projects/netio/ Netio]

* Wireless to ''wireless'' speed will probably be much less than wireless to ''wired'' speed, because ''only one wireless link in one direction can be active at any one time''.

Line 52:

Line 53:

:''Based on [http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_1 Implementing Inexpensive Multiple SSID Networks]<br>[Wi-Fi Planet.com Tutorial by Eric Geier, December, 2007]''

-

Two separate wireless networks are a good way to isolate private and public (guest) network clients, where:

+

Two separate wireless networks are a good way to isolate private and public/guest network clients, where:

* ''Private'' network clients have access not only to the Internet, but also to each other (file and/or printer sharing), wired and wireless

-

* ''Public'' ~~(guest)~~ network clients have access ''only'' to the Internet, ''not'' to each other (see [[Wi-Fi#Wireless Isolation|Wireless Isolation]]), and ''not'' to the private clients

+

* ''Public/guest'' network clients have access ''only'' to the Internet, ''not'' to each other (see [[Wi-Fi#Wireless Isolation|Wireless Isolation]]), and ''not'' to the private clients

While some wireless routers have this capability built-in (see [[Wi-Fi#Guest Account|Guest Account]]), it can also be done with [[wikipedia:Linksys WRT54G series#Third-party firmware projects|third party firmware]], which can provide additional functionality as well.

Line 63:

Line 64:

#* ''Wireless Physical Interface '''wl0'''''

#** This will be the ''private'' wireless network

-

#** ''Recommendation'': Click ''Disable'' for ''Wireless Network Name (SSID)'' broadcast to avoid conflict with the visible public (guest) wireless network [see ''Overcoming Multiple SSID (Not BSSID) Connectivity Issues'' in the reference above]

+

#** ''Recommendation'': Click ''Disable'' for ''Wireless Network Name (SSID)'' broadcast to avoid conflict with the visible public/guest wireless network [see ''Overcoming Multiple SSID (Not BSSID) Connectivity Issues'' in the reference above]

#* ''Virtual Interfaces''

-

#** Click ''Add'' to create the ''public'' ~~(guest)~~ wireless network, which will be<br>''Virtual Interfaces '''wl0.1'''''

+

#** Click ''Add'' to create the ''public/guest'' wireless network, which will be<br>''Virtual Interfaces '''wl0.1'''''

#** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John Doe's Guest Wireless'')

#** Click ''Enable'' for ''AP Isolation'' (to isolate public/guest wireless clients from each other)

Line 85:

Line 86:

:* Click the '''''Management''''' tab

:* Click ''Apply Settings'' (down at the bottom)

+

== Isolate Two Networks ==

+

[[Image:Isolated Networks.png|right|frame|Two Networks with Internet access that are isolated from each other]]

+

Isolate two local networks from each other with both able to access the same Internet connection using low-cost routers:

+

* Use three (3) routers (A, B, and C)

+

* Connect network A to the wireless and/or LAN ports on router A

+

* Connect network B to the wireless and/or LAN ports on router B

+

* Connect router A and router B WAN (Internet) ports to LAN ports on router C

+

* Connect the WAN (Internet) port on router C to the Internet

+

Notes:

+

* Routers A and B can be wired and/or wireless.

+

* This method involves Double NAT, which can sometimes cause problems. (See [[wikipedia:Session Traversal Utilities for NAT|Session Traversal Utilities for NAT]])

+

* The same effect can also be achieved with a single router that supports [[wikipedia:Virtual LAN|Virtual LAN]] (VLAN) without double NAT, although it may be less secure.

== WPA/WPA2 ==

Line 102:

Line 116:

=== Use WPA/WPA2 Enterprise ===

WPA Enterprise enhances security and is preferred over WPA because each client is authenticated separately. (Sharing a key is a security risk.) Practical authentication ([[wikipedia:RADIUS|RADIUS]]) solutions for small wireless networks include:

-

* [http://us.zyxel.com/web/product_family_detail.php?PC1indexflag=20040520161256&CategoryGroupNo=1FD9B843-06BE-448D-B770-5383D40CD32E ZyXEL G-2000 Plus] ~~(wireless router with built-in PEAP server)~~

+

* '''RADIUS Service'''

+

** [http://cloudessa.com/ Cloudessa] ''(free for up to 100 users)''

+

* '''Wireless Router with built-in PEAP Server'''

+

** [http://us.zyxel.com/web/product_family_detail.php?PC1indexflag=20040520161256&CategoryGroupNo=1FD9B843-06BE-448D-B770-5383D40CD32E ZyXEL G-2000 Plus]

== Secure a wireless network ==

Line 362:

Line 379:

* Run Cat-5 or better cable from one of wireless router's RJ45 ports around or (drilled) through the wall, and on the other side of the wall attach a wireless access point.

* Use [[wikipedia:HomePlug Powerline Alliance|powerline]], [[wikipedia:HomePNA|phoneline]], or [[wikipedia:Multimedia over Coax Alliance|coax]] networking to attach a wireless access point on the other side of the wall, if any of these cables are available on both sides of the wall.

+

== Block Wi-Fi signal ==

+

[[wikipedia:Mobile phone jammer|Jamming]] isn't lawful (in the USA at least), but these methods are:

+

* Paint with [[wikipedia:Radio frequency|RF]] shielding (e.g., [http://www.lessemf.com/paint.html Y-Shield], claimed attenuation of 40 dB per layer)

+

* [http://www.baesystems.com/ProductsServices/ss_tes_atc_adv_mat_stealthy.html Stealthy wallpaper]

+

* [http://www.tempestusa.com/DataStop.html RF shielding glass]

+

== Disable b Wi-Fi ==

+

* Pro

+

* Con

+

* How

+

== Roam seamlessly (using VPN) ==

Line 384:

Line 413:

== Make a Wi-Fi enclosure ==

+

== Hack Wi-Fi ==

From Navas Wireless Wiki

Latest revision as of 21:55, 19 March 2013

Views

Personal tools

Navigation

main articles

Search

Toolbox

@@ Line 16: / Line 16: @@
 * Internet speed testing (''e.g., ''[http://nitro.ucsc.edu/ NDT]) probably ''won't'' tell you anything about your wireless network performance (because wireless is normally faster than an Internet connection).
 * Instead, measure data transfer throughput between two computers on your network, using software tools such as:
-** [http://dast.nlanr.net/Projects/Iperf/ Iperf]
+** [http://iperf.sourceforge.net/ Iperf]
+** [http://code.google.com/p/xjperf/ Jperf]
 ** [http://freshmeat.net/projects/netio/ Netio]
 * Wireless to ''wireless'' speed will probably be much less than wireless to ''wired'' speed, because ''only one wireless link in one direction can be active at any one time''.
@@ Line 52: / Line 53: @@
 :''Based on [http://www.wi-fiplanet.com/tutorials/article.php/10724_3714521_1 Implementing Inexpensive Multiple SSID Networks]<br>[Wi-Fi Planet.com Tutorial by Eric Geier, December, 2007]''
-Two separate wireless networks are a good way to isolate private and public (guest) network clients, where:
+Two separate wireless networks are a good way to isolate private and public/guest network clients, where:
 * ''Private'' network clients have access not only to the Internet, but also to each other (file and/or printer sharing), wired and wireless
-* ''Public'' (guest) network clients have access ''only'' to the Internet, ''not'' to each other (see [[Wi-Fi#Wireless Isolation|Wireless Isolation]]), and ''not'' to the private clients
+* ''Public/guest'' network clients have access ''only'' to the Internet, ''not'' to each other (see [[Wi-Fi#Wireless Isolation|Wireless Isolation]]), and ''not'' to the private clients
 While some wireless routers have this capability built-in (see [[Wi-Fi#Guest Account|Guest Account]]), it can also be done with [[wikipedia:Linksys WRT54G series#Third-party firmware projects|third party firmware]], which can provide additional functionality as well.
@@ Line 63: / Line 64: @@
 #*  ''Wireless Physical Interface '''wl0'''''
 #** This will be the ''private'' wireless network
-#** ''Recommendation'': Click ''Disable'' for ''Wireless Network Name (SSID)'' broadcast to avoid conflict with the visible public (guest) wireless network [see ''Overcoming Multiple SSID (Not BSSID) Connectivity Issues'' in the reference above]
+#** ''Recommendation'': Click ''Disable'' for ''Wireless Network Name (SSID)'' broadcast to avoid conflict with the visible public/guest wireless network [see ''Overcoming Multiple SSID (Not BSSID) Connectivity Issues'' in the reference above]
 #*  ''Virtual Interfaces''
-#** Click ''Add'' to create the ''public'' (guest) wireless network, which will be<br>''Virtual Interfaces '''wl0.1'''''
+#** Click ''Add'' to create the ''public/guest'' wireless network, which will be<br>''Virtual Interfaces '''wl0.1'''''
 #** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John Doe's Guest Wireless'')
 #** Click ''Enable'' for ''AP Isolation'' (to isolate public/guest wireless clients from each other)
@@ Line 85: / Line 86: @@
 :* Click the '''''Management''''' tab
 :* Click ''Apply Settings'' (down at the bottom)
+== Isolate Two Networks ==
+[[Image:Isolated Networks.png|right|frame|Two Networks with Internet access that are isolated from each other]]
+Isolate two local networks from each other with both able to access the same Internet connection using low-cost routers:
+* Use three (3) routers (A, B, and C)
+* Connect network A to the wireless and/or LAN ports on router A
+* Connect network B to the wireless and/or LAN ports on router B
+* Connect router A and router B WAN (Internet) ports to LAN ports on router C
+* Connect the WAN (Internet) port on router C to the Internet
+Notes:
+* Routers A and B can be wired and/or wireless.
+* This method involves Double NAT, which can sometimes cause problems. (See [[wikipedia:Session Traversal Utilities for NAT|Session Traversal Utilities for NAT]])
+* The same effect can also be achieved with a single router that supports [[wikipedia:Virtual LAN|Virtual LAN]] (VLAN) without double NAT, although it may be less secure.
 == WPA/WPA2 ==
@@ Line 102: / Line 116: @@
 === Use WPA/WPA2 Enterprise ===
 WPA Enterprise enhances security and is preferred over WPA because each client is authenticated separately. (Sharing a key is a security risk.) Practical authentication ([[wikipedia:RADIUS|RADIUS]]) solutions for small wireless networks include:
-* [http://us.zyxel.com/web/product_family_detail.php?PC1indexflag=20040520161256&CategoryGroupNo=1FD9B843-06BE-448D-B770-5383D40CD32E ZyXEL G-2000 Plus] (wireless router with built-in PEAP server)
+* '''RADIUS Service'''
+** [http://cloudessa.com/ Cloudessa] ''(free for up to 100 users)''
+* '''Wireless Router with built-in PEAP Server'''
+** [http://us.zyxel.com/web/product_family_detail.php?PC1indexflag=20040520161256&CategoryGroupNo=1FD9B843-06BE-448D-B770-5383D40CD32E ZyXEL G-2000 Plus]
 == Secure a wireless network ==
@@ Line 362: / Line 379: @@
 * Run Cat-5 or better cable from one of wireless router's RJ45 ports around or (drilled) through the wall, and on the other side of the wall attach a wireless access point.
 * Use [[wikipedia:HomePlug Powerline Alliance|powerline]], [[wikipedia:HomePNA|phoneline]], or [[wikipedia:Multimedia over Coax Alliance|coax]] networking to attach a wireless access point on the other side of the wall, if any of these cables are available on both sides of the wall.
+== Block Wi-Fi signal ==
+[[wikipedia:Mobile phone jammer|Jamming]] isn't lawful (in the USA at least), but these methods are:
+* Paint with [[wikipedia:Radio frequency|RF]] shielding (e.g., [http://www.lessemf.com/paint.html Y-Shield], claimed attenuation of 40 dB per layer)
+* [http://www.baesystems.com/ProductsServices/ss_tes_atc_adv_mat_stealthy.html Stealthy wallpaper]
+* [http://www.tempestusa.com/DataStop.html RF shielding glass]
+== Disable b Wi-Fi ==
+* Pro
+* Con
+* How
+{{TODO}}
 == Roam seamlessly (using VPN) ==
@@ Line 384: / Line 413: @@
 == Make a Wi-Fi enclosure ==
+{{TODO}}
+== Hack Wi-Fi ==
 {{TODO}}