[KLUG Members] WAPs that don't suck

Adam Tauno Williams awilliam at whitemice.org
Tue Sep 27 14:52:22 EDT 2005

Previous message: [KLUG Members] GPG and PHP
Next message: [KLUG Members] WAPs that don't suck
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm looking for WAP recommendations - and I want simple WAPs, with no goofy WAN
port and the like, just one simple ethernet work.

I've put up a RADIUS server so I can do EAP authentication and TKIP (new
cryptographic keys get generated every so many packets, verses the old static
WEP keys).  Authentication from XP SP2 works fine, and without any iptables and
http redirection crap.  But finding a WAP that really works well with this seems
to be the rub.  I have a D-Link DI-524 and everything works so long as I have
the LAN plugged into the little internal switch... but I want to (actually I'm
contractually obligated to) put a firewall between the wireless segment and the
LAN which requires the WAP have a default route so it can contact the RADIUS
server on the internal network.  BUT the only way you can specify a default
route is on the WAN port, which then allows the WAP to access the RADIUS server
BUT clients then can't acquire a DHCP address because the WAP doesn't forward
broadcast traffic to the WAP port.  Sigh.

RADIUS<---192.168.1.x--->Firewall<----10.221.7.x--->WAP
DHCP<-----192.168.1.x--->Firewall<----10.221.7.x--->WAP

-- 
Adam Tauno Williams - http://www.whitemice.org

Previous message: [KLUG Members] GPG and PHP
Next message: [KLUG Members] WAPs that don't suck
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list