[KLUG Members] WAPs that don't suck

[lists at elite4god.com]

> I'm looking for WAP recommendations - and I want simple WAPs, with no
> goofy WAN
> port and the like, just one simple ethernet work.
>
> I've put up a RADIUS server so I can do EAP authentication and TKIP (new
> cryptographic keys get generated every so many packets, verses the old
> static
> WEP keys).  Authentication from XP SP2 works fine, and without any
> iptables and
> http redirection crap.  But finding a WAP that really works well with this
> seems
> to be the rub.  I have a D-Link DI-524 and everything works so long as I
> have
> the LAN plugged into the little internal switch... but I want to (actually
> I'm
> contractually obligated to) put a firewall between the wireless segment
> and the
> LAN which requires the WAP have a default route so it can contact the
> RADIUS
> server on the internal network.  BUT the only way you can specify a
> default
> route is on the WAN port, which then allows the WAP to access the RADIUS
> server
> BUT clients then can't acquire a DHCP address because the WAP doesn't
> forward
> broadcast traffic to the WAP port.  Sigh.
>
> RADIUS<---192.168.1.x--->Firewall<----10.221.7.x--->WAP
> DHCP<-----192.168.1.x--->Firewall<----10.221.7.x--->WAP
>
> --
> Adam Tauno Williams - http://www.whitemice.org
>
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
>
>

What are you using for a firewall?

I'd recomend a Cisco or HP WAP.
Configure the Firewall to bootpforward to the DHCP Server of your choice
or make it the DHCP server for the wireless segment.

I've had too many of the Linksys/D-Link/Netgear WAPs die just past their
warranty.
Cisco/HP are more expensive but you get what you pay for.

Jeremy