Download (direct link):
Chapter 5: Combining Wired and Wireless Networks
A firewall, whether it comes just from NAT or from an SPI firewall in a router (or even from firewall software on your PC or Mac) doesnâ€™t take care of the wireless-specific security that we talk about in Chapter 8 (and which is so vitally important). You need to both take care of securing your network from Internet-based attacks (with a firewall) and also secure it from over-the-air threats on the wireless connection.
Understanding Your Home Router
When you connect your wireless network to the Internet via a broadband connection, you are using the NAT functionality in your router (whether itâ€™s a stand-alone wired router, or a router built into a wireless broadband router product) to create a private network in your home.
In a NAT environment, you configure your network based upon two separate IP address spaces:
Your public IP address: Youâ€™ve typically got only one of these assigned to your public-facing router by your Internet service provider (ISP).
Your private IP addresses: These IP addresses are used within your private subnet.
Your public IP address is (in almost all cases) uniquely yours â€” no one else on the entire Internet should have the same public IP address that you do.
Managing your IP addresses
The first decision you need to make when dealing with IP addresses in your wireless network is whether you want to let your router take care of everything or manually assign the addresses yourself.
Most people just let the router handle the task â€” using a system called Dynamic Host Configuration Protocol, or DHCP, which is built in to all of the major operating systems and supported by just about every stand-alone Wi-Fi device we know of. The default state of just about any router weâ€™ve laid our hands on in the past five years has had DHCP turned on, with the router automatically handling IP addresses.
This is a good setting for many folks â€” itâ€™s pretty much foolproof and it works right out of the box more than nine times out of ten. But in some cases, you might want to mess with the status quo. Some instances include
Part II: Boosting Performance on Your Wireless Network
You may have a device connected to your wireless network that needs a fixed IP address on the network to work properly. Some of the wireless gadgets discussed in Chapter 16 fit this rule.
^ You may be doing a lot of file sharing or other computer-to-computer networking within your LAN and want to make permanent bookmarks or shortcuts to your shares on your desktop (or somewhere on your computer). This is a lot easier to do when you know that those shares arenâ€™t going to change IP addresses all the time.
If youâ€™re using just Windows or OS X, you can pretty much rely upon the file share names used by those operating systems (like the NetBIOS names used in Windows), which remain constant even when IP addresses change. But if youâ€™re mixing and matching other devices (like Linux-based NAS storage devices), it sometimes pays dividends to have fixed IP addresses that you can use.
^ You may have multiple segments on your network that need to be configured manually. Perhaps you have more than one AP and you want to configure your network to allow network resource access from all wireless clients â€” or, conversely, you want to set up your network so that clients attached to some APs have no access to your networked resources.
The following scenarios provide some advice on how you may want to â€śmess withâ€ť your own IP addressing schemes on your routers and APs.
Cascading APs from a central router
Cascading APs from a central router works well if you have a really big home or office or a lot of users. In this scenario, you need, for reasons of coverage or capacity, to have multiple access points on your network â€” and you want them all to be on the same subnet.
Why would you want these wireless APs on the same subnet? Simply because you want to be able to do all of those fun (and common) networking things between and among the devices connected to the networks. For example, say you have two APs. Letâ€™s call them Opie and Cherry (not that either of your authors would name his AP ESSIDs after his dogs). You want a computer on Opie to be able to access network resources (like a printer server) connected to Cherry â€” the networks would have to be on the same subnet to do this.
To set up this kind of a network, youâ€™d need to have a single router providing connectivity to the Internet connection, handling NAT and handing out IP addresses to client devices (via DHCP or manual configuration). How you make such a connection physically depends upon what kind of gear youâ€™ve got on your network.
Chapter 5: Combining Wired and Wireless Networks
If youâ€™ve got a wireless broadband router (that is, one of your APs is also your router), you would simply connect the second (and third, and so on)
APs to one of the wired switch ports on your broadband router. If you are using a separate wired router with a built-in Ethernet switch, you would connect both APs to ports on that switch.