[KLUG Members] WAPs that don't suck

[Dan DeSloover]

I'm sorry if this sounds stupid, but pretty much anything you can shove Linux onto can run a
netfiltering bridge. 

You have the best of both worlds. 

You have a killer firewall, and it's transparent from a network standpoint. So DHCP and pretty
much any other traffic you deem as necessary passes through.

--- Adam Tauno Williams <awilliam at whitemice.org> wrote:

> I'm looking for WAP recommendations - and I want simple WAPs, with no goofy WAN
> port and the like, just one simple ethernet work.
> 
> I've put up a RADIUS server so I can do EAP authentication and TKIP (new
> cryptographic keys get generated every so many packets, verses the old static
> WEP keys).  Authentication from XP SP2 works fine, and without any iptables and
> http redirection crap.  But finding a WAP that really works well with this seems
> to be the rub.  I have a D-Link DI-524 and everything works so long as I have
> the LAN plugged into the little internal switch... but I want to (actually I'm
> contractually obligated to) put a firewall between the wireless segment and the
> LAN which requires the WAP have a default route so it can contact the RADIUS
> server on the internal network.  BUT the only way you can specify a default
> route is on the WAN port, which then allows the WAP to access the RADIUS server
> BUT clients then can't acquire a DHCP address because the WAP doesn't forward
> broadcast traffic to the WAP port.  Sigh.
> 
> RADIUS<---192.168.1.x--->Firewall<----10.221.7.x--->WAP
> DHCP<-----192.168.1.x--->Firewall<----10.221.7.x--->WAP
> 
> -- 
> Adam Tauno Williams - http://www.whitemice.org
> 
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
> 


Thanks,
Dan DeSloover
zifferent at yahoo.com