Skip to main content

extending a wired network wirelessly

More
19 years 4 months ago #5720 by senthil_kmr
Is it possible to connect a wireless access point to a HUB in a Windows 2000 Server based network. If it is possible whether the wireless computer can get an ip address from the DHCP server of Windows 2000 Server
More
19 years 4 months ago #5724 by TheBishop
Replied by TheBishop on topic Wireless
Two questions, two answers:
First, as long as your hub is part of your server network then I don't see why you can't connect your access point to it and have it work. However you don't say what your network is like or whether there are other devices besides the hub. If there are, there might be better places to connect your access point to.
Secondly, some access devices provide a mini-dhcp server for the wireless devices so you might not need to worry. If yours does, just set the dhcp scope on the access device to give you the address range you need, and remember to exclude those addresses from the scope on your main dhcp server so you don't get duplicates being assigned. Otherwise you might need to set up a dhcp relay agent - but this is where I get hazy. Perhaps one of our other members could help more on this second point?
More
19 years 4 months ago #5729 by sahirh
The AP should be on the same subnet as the DHCP server, then it should be able to pick up an IP via DHCP.

Just draw imaginary wires between the AP and the clients.. thats exactly how the wireless network is.

However something you might want to consider is not connecting the AP directly to your regular wired network. Firewall it off, wireless is too insecure to stick right on your normal net.

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 4 months ago #5753 by TheBishop
Replied by TheBishop on topic Wireless
Thanks for injecting some clarity on the DHCP point Sahirh. I must get my hands on some wireless kit and have serious playtime so I know what I'm talking about!
More
19 years 4 months ago #5761 by jhun
so if the wireless network cannot be firewalled from the wired network since they should also have access from the network resources, what else could you do then to better have a secured network since the wireless netowrk could provide a security hole in your network..

are there any monitoring tools also to somehow monitor the activity of the wireless network.
More
19 years 4 months ago #5764 by nske
Well the fact that you have to make available some services of the private network to the wlan doesn't mean that you have to leave it totally unfirewalled! You could control the traffic with a firewall to ensure connections are only allowed to the services that are supposed to be public and you should also make sure that the software for the services is up-to-date and not vulnerable. A stateful inspection firewall could also help with more indirect dangers such as spoofing attacks and an IDS could be set to detect anomalies that betray intrusion or intrusion/attack attempts and i.e. modify the firewall rules on the fly to block access to the intruder in the case of remote anomalous behaviour, or in general to triger whatever action you can think as a counter-attack/emergency defence measure.

As for wireless monitoring tools, in case of a hardware access point these are in general limited to what information/functionality the device can provide you with, i.e. via HTTP interface or SNMP. Same applies for filtering and general control. In such a case you can extract or modify these information in a quite raw format with any SNMP client and even automate this in some extend in case of flexible command-line clients, but there are also specific clients for access points that extract/modify information in a more readable format, such as Wireless AP utilities . Of course more expensive devices will have more functionality and options such as logging, IDS, filtering, but normal affordable AP don't.

Now, in case you have a wireless pci card that works as a computer device, things are perfect as you have the total control as you would with any wired network interface, i.e. you can use kismet to sniff the traffic and log it in a tcpdump compatible format, which means that you can use a bunch of IDS, monitoring and analyzing tools that exist and use that format. ;)

There are also some trully original tools, such as fakeap that make the lives of "wardrivers of fortune" more difficult :}
Time to create page: 0.153 seconds