[KLUG Members] WAPs that don't suck

[Bruce Smith]

FWIW, I've had luck running Linux on some of the Linksys WAP's, and
there is a developer kit to compile your own if you want to change
anything or include other stuff (never did the compile myself).

These WAP's do have a WAN port, but I don't use it.  I only use the
local/switch side of them.  I have (4) installed here, and love them.

I don't know if they forward broadcasts, or can be configured to, but I
can bring up the config screen in a web browser tonight if you want to
poke around.

One other thought, can you use use one of your WAPs for the DHCP server?
Then you won't have the broadcast problem.

 - BS


> I'm looking for WAP recommendations - and I want simple WAPs, with no goofy WAN
> port and the like, just one simple ethernet work.
> 
> I've put up a RADIUS server so I can do EAP authentication and TKIP (new
> cryptographic keys get generated every so many packets, verses the old static
> WEP keys).  Authentication from XP SP2 works fine, and without any iptables and
> http redirection crap.  But finding a WAP that really works well with this seems
> to be the rub.  I have a D-Link DI-524 and everything works so long as I have
> the LAN plugged into the little internal switch... but I want to (actually I'm
> contractually obligated to) put a firewall between the wireless segment and the
> LAN which requires the WAP have a default route so it can contact the RADIUS
> server on the internal network.  BUT the only way you can specify a default
> route is on the WAN port, which then allows the WAP to access the RADIUS server
> BUT clients then can't acquire a DHCP address because the WAP doesn't forward
> broadcast traffic to the WAP port.  Sigh.
> 
> RADIUS<---192.168.1.x--->Firewall<----10.221.7.x--->WAP
> DHCP<-----192.168.1.x--->Firewall<----10.221.7.x--->WAP
>