














Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
An in-depth look at the components involved in setting up wireless networking hardware, including wired connections, choosing wireless components, and building a Linux-based access point. It covers topics such as interoperability, range, and hidden risks when choosing commercial solutions, as well as setting up a masquerading access point and a transparent bridging access point.
Typology: Exams
1 / 22
This page cannot be seen from the preview
Don't miss anything!
In the last couple of years, an unprecedented surge in interest in wireless networking hardware has brought a huge variety of inexpensive equipment to the market. So much variety, in fact, that it would be impossible to catalog every available component. In this chapter, well look at the sort of features and attributes that are desirable in a wireless component, and see several examples of commercial and DIY gear that has worked well in the past.
With a name like “wireless”, you may be surprised at how many wires are involved in making a simple point-to-point link. A wireless node consists of many components, which must all be connected to each other with appropri- ate cabling. You obviously need at least one computer connected to an Eth- ernet network, and a wireless router or bridge attached to the same network. Radio components need to be connected to antennas, but along the way they may need to interface with an amplifier, lightning arrestor, or other de- vice. Many components require power, either via an AC mains line or using a DC transformer. All of these components use various sorts of connectors, not to mention a wide variety of cable types and thicknesses.
Now multiply those cables and connectors by the number of nodes you will bring online, and you may well be wondering why this stuff is referred to as “wireless”. The diagram on the next page will give you some idea of the ca- bling required for a typical point-to-point link. Note that this diagram is not to scale, nor is it necessarily the best choice of network design. But it will intro- duce you to many common interconnects and components that you will likely encounter in the real world.
Joe!Hello
Joe!Hello
Wireless to
bridgeEthernet
Ampli
fier
InjectorPOE
UPS Ethernet switch
PointAccess
DC
Transformer
DC
Transformer
RP-TNC
Connectors
N
Connectors
dishParabolic24 dBi
Omni8 dBi
arrestorLightning
Pigtail
adapter cable feed lineLMR-
UPS
Ethernet switch
CAT5 carrying
data and DC power
[ 10+ Kilometers ]
ACto Power
ACto Power
Figure 5.1: Component interconnects.
136 Chapter 5: Networking Hardware
an antenna is included). With this information, you can calculate the theo- retical range as described in Chapter 3.
By answering these questions first, you will be able to make intelligent buying decisions when it comes time to choose networking hardware. It is unlikely that you will be able to answer every possible question before buying gear, but if you prioritize the questions and press the vendor to answer them be- fore committing to a purchase, you will make the best use of your budget and build a network of components that are well suited to your needs.
138 Chapter 5: Networking Hardware
Your network project will almost certainly consist of components purchased from vendors as well as parts that are sourced or even fabricated locally. This is a basic economic truth in most areas of the world. At this stage of human technology, global distribution of information is quite trivial compared to global distribution of goods. In many regions, importing every component needed to build a network is prohibitively expensive for all but the largest budgets. You can save considerable money in the short term by finding local sources for parts and labor, and only importing components that must be purchased.
Of course, there is a limit to how much work can be done by any individual or group in a given amount of time. To put it another way, by importing technol- ogy, you can exchange money for equipment that can solve a particular prob- lem in a comparatively short amount of time. The art of building local tele- communications infrastructure lies in finding the right balance of money to effort needed to be expended to solve the problem at hand.
Some components, such as radio cards and antenna feed line, are likely far too complex to consider having them fabricated locally. Other components, such as antennas and towers, are relatively simple and can be made locally for a fraction of the cost of importing. Between these extremes lie the com- munication devices themselves.
By using off-the-shelf radio cards, motherboards, and other components, you can build devices that provide features comparable (or even superior) to most commercial implementations. Combining open hardware platforms with open source software can yield significant “bang for the buck” by providing custom, robust solutions for very low cost.
This is not to say that commercial equipment is inferior to a do-it-yourself solution. By providing so-called “turn-key solutions”, manufacturers not only save development time, but they can also allow relatively unskilled people to install and maintain equipment. The chief strengths of commercial solutions are that they provide support and a (usually limited) equipment warranty. They also provide a consistent platform that tends to lead to very stable, often interchangeable network installations.
If a piece of equipment simply doesnt work or is difficult to configure or trou- bleshoot, a good manufacturer will assist you. Should the equipment fail in normal use (barring extreme damage, such as a lightning strike) then the manufacturer will typically replace it. Most will provide these services for a limited time as part of the purchase price, and many offer support and war- ranty for an extended period for a monthly fee. By providing a consistent
Chapter 5: Networking Hardware 139
Likewise, while individual products can always be discontinued at any time, you can limit the impact this will have on your network by using generic components. For example, a particular motherboard may become unavail- able on the market, but you may have a number of PC motherboards on hand that will perform effectively the same task. We will see some exam- ples of how to use these generic components to build a complete wireless node later in this chapter.
Obviously, there should be no ongoing licensing costs involved with open source software (with the exception of a vendor providing extended sup- port or some other service, without charging for the use of the software itself). There have occasionally been vendors who capitalize on the gift that open source programmers have given to the world by offering the code for sale on an ongoing licensed basis, thereby violating the terms of distribution set forth by the original authors. It would be wise to avoid such vendors, and to be suspicious of claims of “free software” that come with an ongoing license fee.
The disadvantage of using open source software and generic hardware is clearly the question of support. As problems with the network arise, you will need to solve those problems for yourself. This is often accomplished by consulting free online resources and search engines, and applying code patches directly. If you do not have team members who are competent and dedicated to designing a solution to your communications problem, then it can take a considerable amount of time to get a network project off the ground. Of course, there is never a guarantee that simply “throwing money at the problem” will solve it either. While we provide many examples of how to do much of the work yourself, you may find this work very challenging. You will need to find the balance of commercial solutions and the do-it- yourself approach that works for project.
In short, always define the scope of your network first, identify the re- sources you can bring to bear on the problem, and allow the selection of equipment to naturally emerge from the results. Consider commercial so- lutions as well as open components, while keeping in mind the long-term costs of both.
When considering which equipment to use, always remember to compare the expected useful distance, reliability, and throughput, in addition to the price. Be sure to include any ongoing license fees when calculating the overall cost of the equipment. And finally, make sure that the radios you purchase oper- ate in an unlicensed band where you are installing them, or if you must use licensed spectrum, that you have budget and permission to pay for the ap- propriate licenses.
Chapter 5: Networking Hardware 141
Lightning is a natural predator of wireless equipment. There are two differ- ent ways lightning can strike or damage equipment: direct hits or induction hits. Direct hits happen when lightning actually hits the tower or antenna. Induction hits are caused when lightning strikes near the tower. Imagine a negatively charged lightning bolt. Since like charges repel each other, that bolt will cause the electrons in the cables to move away from the strike, creating current on the lines. This can be much more current than the sen- sitive radio equipment can handle. Either type of strike will usually destroy unprotected equipment.
Figure 5.2: A tower with a heavy copper grounding wire.
Protecting wireless networks from lightning is not an exact science, and there is no guarantee that a lightning strike will not happen, even if every single precaution is taken. Many of the methods used will help prevent both direct and induction strikes. While it is not necessary to use every single lightning protection method, using more methods will help further protect the equip- ment. The amount of lightning historically observed within a service area will be the biggest guide to how much needs to be done.
Start at the very bottom of the tower. Remember, the bottom of the tower is below the ground. After the tower foundation is laid, but before the hole is backfilled, a ring of heavy braided ground wire should have been installed with the lead extending above ground surfacing near a tower leg. The wire should be American Wire Gauge (AWG) #4 or thicker. In addition, a backup
142 Chapter 5: Networking Hardware
packets at any level from the data-link layer through the application layer. Routing decisions can be made based on any information contained in a network packet, from the routing addresses and ports to the contents of the data segment. A Linux-based access point can act as a router, bridge, fire- wall, VPN concentrator, application server, network monitor, or virtually any other networking role you can think of. It is freely available software, and re- quires no licensing fees. GNU/Linux is a very powerful tool that can fill a broad variety of roles in a network infrastructure.
Adding a wireless card and Ethernet device to a PC running Linux will give you a very flexible tool that can help you deliver bandwidth and manage your network for very little cost. The hardware could be anything from a recycled laptop or desktop machine to an embedded computer, such as a Linksys WRT54G or Metrix networking kit.
In this section we will see how to configure Linux in the following configura- tions:
Consider these recipes as a starting point. By building on these simple ex- amples, you can create a server that fits precisely into your network infra- structure.
Before proceeding, you should already be familiar with Linux from a users perspective, and be capable of installing the Gnu/Linux distribution of your choice. A basic understanding of the command line interface (terminal) in Linux is also required.
You will need a computer with one or more wireless cards already installed, as well as a standard Ethernet interface. These examples use a specific card and driver, but there are a number of different cards that should work equally well. Wireless cards based on the Atheros and Prism chipsets work particularly well. These examples are based on Ubuntu Linux version 5. (Breezy Badger), with a wireless card that is supported by the HostAP or MADWiFi drivers. For more information about these drivers, see http://hostap.epitest.fi/ and http://madwifi.org/.
The following software is required to complete these installations. It should be provided in your Linux distribution:
144 Chapter 5: Networking Hardware
The CPU power required depends on how much work needs to be done be- yond simple routing and NAT. For many applications, a 133MHz 486 is per- fectly capable of routing packets at wireless speeds. If you intend to use a lot of encryption (such as WEP or a VPN server), then you will need some- thing faster. If you also want to run a caching server (such as Squid) then you will need a computer with plenty of fast disk space and RAM. A typical router that is only performing NAT will operate will with as little as 64MB of RAM and storage.
When building a machine that is intended to be part of your network infra- structure, keep in mind that hard drives have a limited lifespan compared to most other components. You can often use solid state storage, such as a flash disk, in place of a hard drive. This could be a USB flash drive (assum- ing your PC will boot from USB), or a Compact Flash card using a CF to IDE adapter. These adapters are quite inexpensive, and will make a CF card ap- pear act like standard IDE hard drive. They can be used in any PC that sup- ports IDE hard drives. Since they have no moving parts, they will operate for many years through a much wider range of temperatures than a hard disk will tolerate.
This is the simplest of the scenarios, and is especially useful in situations where you want a single access point for an office setting. This is easiest in a situation where:
Chapter 5: Networking Hardware 145
Alternately, you can use a readable string by starting with “s:”
Now give your wireless interface an IP address in a private subnet, but make sure it is not the same subnet as that of your Ethernet adapter:
In order for us to be able to translate addresses between the two interfaces on the computer, we need to enable masquerading (NAT) in the linux kernel. First we load the relevant kernel module:
Now we will flush all existing firewall rules to ensure that the firewall is not blocking us from forwarding packets between the two interfaces. If you have an existing firewall running, make sure you know how to restore the existing rules later before proceeding.
Enable the NAT functionality between the two interfaces
Finally we need to enable the kernel to forward packets between interfaces:
On Debian-based Linux distributions such as Ubuntu, this change can also be made by editing the file /etc/network/options , and be sure that ip_for- ward is set to yes :
ip_forward=yes
and then restarting the network interfaces with:
or
Chapter 5: Networking Hardware 147
At this point we actually should have a working access point. It can be tested by connecting to the wireless network “my network” with a separate machine and giving that machine an address in the same address range as our wireless interface on the server (10.0.0.0/24 if you followed the examples). If you have enabled WEP, be sure to use the same key that you specified on the AP.
In order to make it easier for people to connect to the server without knowing the IP address range, we will set up a DHCP server to automatically hand out addresses to wireless clients.
We use the program dnsmasq for this purpose. As the name indicates, it pro- vides a caching DNS server as well as a DHCP server. This program was developed especially for use with firewalls performing NAT. Having a caching DNS server is especially helpful if your Internet connection is a high-latency and/or low-bandwidth connection, such as a VSAT or dial-up. It means that many DNS queries can be resolved locally, saving a lot of traffic on the Inter- net connection, and also making the connection feel noticeably faster for those connecting.
Install dnsmasq with your distributions package manager. If dnsmasq is not available as a package, download the source code and install it manually. It is available from http://www.thekelleys.org.uk/dnsmasq/doc.html.
All that is required for us to run dnsmasq is to edit a few lines of the dnsmasq configuration file, /etc/dnsmasq.conf.
The configuration file is well commented, and has many options for various types of configuration. To get the basic DHCP server up and running we just need to uncomment and/or edit two lines.
Find the lines that starts:
interface=
...and make sure it reads:
interface=wlan
...changing wlan0 to match name of your wireless interface. Then find the line that starts with:
#dhcp-range=
Uncomment the line and edit it to suit the match addresses being used, i.e.
148 Chapter 5: Networking Hardware
face would be your Internet connection, and the other would connect to a switch. Then connect as many access points as you require to the same switch, set them up as transparent bridges, and everyone will pass through the same firewall and use the same DHCP server.
The simplicity of bridging comes at a cost of efficiency. Since all clients share the same subnet, broadcast traffic will be repeated throughout the network. This is usually fine for small networks, but as the number of clients increases, more wireless bandwidth will be wasted on broadcast network traffic.
The initial setup for a bridging access point is similar to that of a masquerad- ing access point, without the requirement of dnsmasq. Follow the initial setup instructions from the previous example.
In addition, the bridge-utils package is required for bridging. This package exists for Ubuntu and other Debian-based distributions, as well as for Fedora Core. Make sure it is installed and that the command brctl is available be- fore proceeding.
On Ubuntu or Debian the network interfaces are configured by editing the file /etc/network/interfaces.
Add a section like the following, but change the names of interfaces and the IP addresses accordingly. The IP address and netmask must match that of your existing network. This example assumes you are building a wireless repeater with two wireless interfaces, wlan0 and wlan1. The wlan0 interface will be a client to the “office” network, and wlan1 will create a network called “repeater”.
Add the following to /etc/network/interfaces :
auto br iface br0 inet static address 192.168.1. network 192.168.1. netmask 255.255.255. broadcast 192.168.1. gateway 192.168.1. pre-up ifconfig wlan 0 0.0.0.0 up pre-up ifconfig wlan1 0.0.0.0 up pre-up iwconfig wlan0 essid “office” mode Managed pre-up iwconfig wlan1 essid “repeater” mode Master bridge_ports wlan0 wlan post-down ifconfig wlan1 down post-down ifconfig wlan0 down
150 Chapter 5: Networking Hardware
Comment out any other sections in the file that refer to wlan0 or wlan1 to make sure that they don't interfere with our setup.
This syntax for setting up bridges via the interfaces file is specific to Debian-based distributions, and the details of actually setting up the bridge are handled by a couple of scripts: /etc/network/if-pre-up.d/bridge and /etc/network/if-post-down.d/bridge. The documentation for these scripts is found in /usr/share/doc/bridge-utils/.
If those scripts don't exist on your distribution (such as Fedora Core), here is an alternative setup for /etc/network/interfaces which will achieve the same thing with only marginally more hassle:
iface br0 inet static pre-up ifconfig wlan 0 0.0.0.0 up pre-up ifconfig wlan1 0.0.0.0 up pre-up iwconfig wlan0 essid “office” mode Managed pre-up iwconfig wlan1 essid “repeater” mode Master pre-up brctl addbr br pre-up brctl addif br0 wlan pre-up brctl addif br0 wlan post-down ifconfig wlan1 down post-down ifconfig wlan0 down post-down brctl delif br0 wlan post-down brctl delif br0 wlan post-down brctl delbr br
Once the bridge is defined as an interface, starting the bridge is as simple as typing:
The “-v” means verbose output and will give you information to what is going on.
On Fedora Core (i.e. non-debian distributions) you still need to give your bridge interface an ip address and add a default route to the rest of the network:
#ifconfig br0 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1. #route add default gw 192.168.1.
You should now be able to connect a wireless laptop to this new access point, and connect to the Internet (or at least to the rest of your network) through this box.
Use the brctl command to see what your bridge is doing:
Chapter 5: Networking Hardware 151
All of these distributions are designed to fit in machines with limited storage. If you are using a very large flash disk or hard drive, you can certainly install a more complete OS (such as Ubuntu or Debian) and use the machine as a router or access point. It will likely take a fair amount of development time to be sure all needed tools are included, without installing unnecessary pack- ages. By using one of these projects as a starting point for building a wire- less node, you will save yourself considerable time and effort.
One of the most popular consumer access points currently on the market is the Linksys WRT54G. This access point features two external RP-TNC an- tenna connectors, a four port Ethernet switch, and an 802.11b/g radio. It is configured through a simple web interface. While it is not designed as an outdoor solution, it can be installed in a large sprinkler box or plastic tub for relatively little cost. As of this writing, the WRT54G sells for about $60.
Back in 2003, network hackers realized that the firmware that shipped with the WRT54G was actually a version of Linux. This led to a tremendous in- terest in building custom firmware that extended the capabilities of the router significantly. Some of these new features include client radio mode support, captive portals, and mesh networking. Some popular alternative firmware packages for the WRT54G are DD-Wrt ( http://www.dd-wrt.com/ ), OpenWRT ( http://openwrt.org/ ), Tomato ( http://www.polarcloud.com/tomato ) and Frei- funk ( http://www.freifunk.net/ ).
Unfortunately, in the fall of 2005, Linksys released version 5 of the WRT54G. This hardware revision eliminated some RAM and flash storage on the moth- erboard, making it very difficult to run Linux (it ships with VxWorks, a much
Chapter 5: Networking Hardware 153
smaller operating system that does not allow easy customization). Linksys also released the WRT54GL, which is essentially the WRT54G v4 (which runs Linux) with a slightly bigger price tag.
A number of other Linksys access points also run Linux, including the WRT54GS and WAP54G. While these also have relatively low price tags, the hardware specifications may change at any time. It is difficult to know which hardware revision is used without opening the packaging, making it risky to purchase them at a retail store and practically impossible to order online. While the WRT54GL is guaranteed to run Linux, Linksys has made it known that it does not expect to sell this model in large volume, and it is unclear how long it will be offered for sale.
Fortunately, wireless hackers have now been able to install custom firmware on the notoriously difficult WRT54G version 5 and 6, and the latest revisions as well(v7 and v8). For details on getting alternate firmware installed on a v5 or v6 access point see: http://www.scorpiontek.org/portal/content/view/27/36/
For more information about the current state of Linksys wireless router hack- ing, see http://linksysinfo.org/
One popular alternate firmware for the Linksys family of access point hard- ware is DD-WRT ( http://www.dd-wrt.com/ ). It includes several useful fea- tures, including radio client mode, adjustable transmission power, various captive portals, QoS support, and much more. It uses an intuitive web- based configuration tool (unencrypted or via HTTPS), and also provides SSH and telnet access.
Several versions of the firmware are available from the DD-WRT website. The general procedure for upgrading is to download the version of the firm- ware appropriate for your hardware, and upload it via the router's "firmware update" feature. Specific installation details vary according to the hardware version of your router. In addition to Linksys hardware, DD-WRT will run on Buffalo, ASUS, the La Fonera, and other access points.
For specific instructions for your hardware, see the installation guide on the DD-WRT wiki at http://www.dd-wrt.com/wiki/index.php/Installation. The de- fault login for a fresh DD-WRT installation is root with the password admin.
154 Chapter 5: Networking Hardware