Get answers

Wi-Fi
to your
questions

an Networking eBook
Contents…
Get Answers to Your Wi-Fi Questions

This content was adapted from Internet.com’s Wi-Fi Planet Web site.
Aaron Weiss is a freelance writer, book author, and Wi-Fi enthusiast based in upstate New York.
You can follow his monthly Ask the Wi-Fi Guru column, and submit your own question at
http://www.wi-fiplanet.com/tutorials/article.php/3809101.

2
2 Range Extension

5 Coverage

5 8
8 Connections & Signal Boosting

11 DD-WRT

11 13
13 Mac/iPhone

1 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

Range Extension
By Aaron Weiss

Q
: I wish to extend the range and performance
of my laptop wireless card when used from
my sailboat. I have a Wi-Fi antenna installed
on the masthead with a coax terminated with
a mini UHF connector. It seems that repeating a WLAN
signal is what I need to do, as I’m trying to improve per-
formance to Wireless Access Points available at many
ports and anchorages. Can you recommend a good
technology to use between my
external antenna and my laptop
PC to accomplish this? -- Cpt
Monty
A: Wireless networking on the high
seas gives a whole new meaning
to computer pirates. The good
news is that if your sailboat were
commandeered by rogues, and
if one of those rogues was the
helpful kind who isn’t looking for
trouble, but instead looking for
trouble to solve, he would answer
your question with an enthusiastic
Yar! A wireless repeater is exactly
what you can use in this situation,
and you can do so quite cheaply
using the free firmware DD-WRT
loaded onto a compatible router
such as the Linksys WRT54G series.
You will probably need an adapter to mate your mini-UHF
connector with the antenna jack of a router. The WRT54G
routers use an RP-TNC connector, but DD-WRT supports a
wide range of routers, some of which may use other types of
jacks. I haven’t found a direct mini-UHF-to-RP-TNC adapter,
so you might need to string together a couple of adapters,
or buy a short length of custom cable with the appropriate
connectors at each end. Do be sure that a router you choose
has detachable antennas.
Once setup, you can access the router’s administration
interface from your laptop. In DD-WRT you can configure
advanced wireless settings to
direct the router to use your exter-
nal antenna for sending (TX) and
receiving (RX). Using the router’s
interface you launch a scan for
available networking using the
fabulous visualization tool called
WiViz, built in to DD-WRT, which
will display a real-time radar view
of access points within range of
your boat.
When you configure DD-WRT as
a repeater, you will define a virtual
wireless network (SSID) that will
be re-broadcast on your boat,
which you can connect to wire-
lessly from your laptop. Ahoy!
(Big aside: If for some reason you
cannot get DD-WRT repeater mode to work to your liking,
the second and slightly more complicated solution is to
build your own repeater using two routers, with one running
DD-WRT in client bridge mode. As in the first scenario, you
will connect your mast antenna to the DD-WRT router and
use it to scan for and associate with an available network.

When you configure DD-WRT as a repeater, you will define a

“ virtual wireless network (SSID) that will be re-broadcast on your

boat, which you can connect to wirelessly from your laptop. Ahoy! ”
2 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

But instead of trying to configure DD-WRT to also repeat the
signal, you would use an Ethernet cable to connect a LAN
port on the DD-WRT router to the WAN port on a second
wireless router of any make. This second wireless router
would then “see” your DD-WRT router as a broadband con-
nection, and broadcast it on your boat just like any DSL or
cable connection.)
Q: Hello! I have a question concerning connecting mul-
tiple routers with different wireless modes. I would like
to create the following:
• Router0 acts as an AP and is
Router1: WDS with MAC address of Router0 and Router2.
Router2: WDS with MAC address of Router1.
Keep in mind that each wireless link halves the available
bandwidth, so wireless clients connected to Router2 would
max out at 25% of LAN bandwidth when exchanging data
with clients connected to Router1.
If for some reason you simply had to preserve your mixed-
mode arrangement, you could add a fourth router (Router1a),
connected by wire to Router1. Configure Router1 as a
repeater for Router0 (as it is now) and

connected to the Internet.
• Router1 (Linksys WRT54G/GL/
GS, DD-WRT v24 (05/24/08)
std) acts as a repeater for
Router0 (AP) & is connected to
reported that, when
Router2 with WDS.
“
Router1a as a WDS node linked
to Router2. You might do this if, for
example, Router0 does not support
Many users have WDS—but then, if you’re buying a
new router, why not simply replace
Router0 with one that does support
cranked to max WDS?

• Router2 is connected to Rout- output, these Wi-Fi Q: I am grappling with the concept
er1 via WDS.
boosters can actually of the Wi-Fi booster. For example
the Hawking HSB2 is an RF signal
Is this possible to set up in DD-
WRT v24? - Josh
hinder performance amplification device with many
fans boasting magical improve-
of nearby clients, ments--but how? It’s surely easy
A: What you describe sounds very
much like a “mixed-mode daisy
whose own receivers enough to boost output power
and thus be seen as a stronger
chain.” If that sounds like a fancy
technical term, it’s not—I just made
essentially “drown” signal from farther away. But
the device comes with a paltry
it up. But this is theoretically a daisy in the noise 2dbi antenna, leaving us all with
chain configuration—router0 con- the cosmic mystery of how the

”
nects to router1 connects to router2.
But you’re using two different kinds
of relays for each link in the chain—DD-WRT repeater mode
in link 1 and WDS (wireless distribution system) in link 2.
Such a setup would require that your middle router (“rout-
er1”) act as both a wireless repeater client and a WDS
node. I don’t think this is possible. Configuring your router
as a WDS node is one state of being; configuring it as a
repeater client is a different state of being. As far as I know,
it cannot be in both states at the same time.
The first question that comes to mind is—why mix modes?
Why not configure WDS on all three routers? You can chain
via WDS and maintain the same physical relationships. Your
WDS configuration would look like this:
Router0: WDS with MAC address of Router1.
return signal becomes suddenly
adequate. I suppose that the re-
ceiver within the booster could be extra adept at rooting
around in the tall grass to extract signal, but if there is
that much SNR left over, why aren’t the “quality” compo-
nent manufacturers exploiting it already? – Ron
A: Although my expertise in RF is limited, I am inclined to
agree with the sentiment in Ron’s first paragraph. These
so-called “Wi-Fi boosters” are basically amplifiers that make
the transmitted signal “louder” (if you think about it in radio
terms). But unlike a radio, the client is not a passive receiv-
er—it, too, sends signal back to the wireless transmitter. The
client is limited by the power output of its own transmissions.
In other words, the Wi-Fi booster may let your client “hear”
the wireless router from a further distance than it would
otherwise, but the client itself might not be strong enough to
send anything back—leaving you in the same boat as if you
couldn’t see the wireless network at all. Or more specifically,

3 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

dangling an SSID that you can see, but not associate with.
Also remember that when you amplify signal you also amplify
noise. Many users have reported that, when cranked to max
output, these Wi-Fi boosters can actually hinder perfor-
mance of nearby clients, whose own receivers essentially
“drown” in the noise. To minimize this problem, one may
need to compromise by setting the Wi-Fi booster to a mid-
range power level—say, 100 to 200 milliwatts. Of course, this
will also reduce its maximum range, and so what’s the point?
The point, according to those who have evaluated these
boosters, is to better fill in your existing wireless range. In
other words, if you expect the booster to give you a strong
signal much further away than you could before, this may
not pan out. But, if you would like to give a boost within the
range you already experience—and maybe catch some of the
“dark corners” that are otherwise too weak—a signal booster
set to a mid-range power output could very well do the trick.
enough. Using repeaters in this scenario might not be the
best solution. For one, each repeater will reduce your net-
work bandwidth. Two, assuming these houses are outdoors
and not inside a glass bubble like in the underwhelming
Simpsons Movie, the span between them is outside, and in-
stalling networking gear outside adds an extra level of com-
plexity (power, weatherproofing, and thieves, for example).
You will want to use directional antennas connected to wire-
less routers in each house. It sounds like you have a reason-
able line of sight between houses—a few scattered trees
should not be a big problem; a forest, or a steel wall, might
be more significant.
It sounds like the Internet connection is at your father’s
house (hopefully he pays for it, too). You want one wireless
router there, with an external directional antenna. This means
you need to choose a router with a detachable antenna so
you can connect a replacement. In your house, you want to

An entirely different way of using a Wi-Fi booster would be for creating

“ a long-range fixed wireless link. In this case, you don’t care so much
about clients near the receiver, so you can pump up the power output. ”
use a wireless router that can be configured as a wireless
An entirely different way of using a Wi-Fi booster would be client. The easiest (and cheapest) solution is to use DD-
for creating a long-range fixed wireless link. In this case, you WRT with a supported router like the Linksys WRT54G, just
don’t care so much about clients near the receiver, so you like the sailboat captain in our first question. Buy yourself
can pump up the power output. Plus, you would want to use two yagi antennas, with appropriate connections or adapt-
a pair of boosters, one at each end of the link, so you don’t ers to plug into the two routers. Connect each antenna to a
wind up with the asymmetrical power problem described respective router in each house and aim them at each other.
above. Finally, you would also want to replace the “paltry” Chances are, this will do the trick. You may even be able to
2dbi antenna with a more powerful directional antenna. You’ll keep the yagis indoors, especially if you can position them
always get the longest range using directional antennas by windows. Installing the yagis outdoors is a little more
precisely aimed at one another, but of course this will not complicated because you’ll need to run the cable indoors to
provide much or any signal outside their straight-line path. the router.

Q: I have a big problem. I need to share an Internet con-
nection with my father, but we live 600 feet away from
one another, and we have a few trees in our sight line.
I tried a few new routers, but they only go like 200 feet.
Do you have any suggestions? Will any repeaters help...
could I use two repeaters or three? – Unsigned
A: Six hundred feet is indeed a far distance in wireless
networking speak, although if this were a personal relation-
ship column, 600 feet from a parent might not be nearly far
If for some reason yagi antennas aren’t strong enough, or
you need to connect a wireless link much longer than 600
feet—say, several miles—you can upgrade to a directional
grid antenna. Reminiscent of a medium-sized satellite dish,
a pair of grid antennas will cover a significant distance. But,
as always with wireless, the more clear your line of sight, the
longer a link you can achieve. n

4 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

Coverage

Q
: We use an 802.11n Draft 2 network with ca- find any citations online backing up such a possibility. The
ble backhaul for our home (and home office) reason that “n” devices produce better range than pre-n de-
network. When we upgraded our router from vices is because the n-standard requires the use of “MIMO”
an 802.11g Linksys model to an 802.11n Draft technology. Basically MIMO means that multiple antennas
2 TrendNet device, we also added TrendNet 802.11n cli- are used. Depending on the model, all antennas may be
ent upgrades to our computers on the network (a laptop, external, or a mix of internal and external. The purpose of the
and a desktop that sits in a antennas is to catch “multi-
location that is hard to reach path” reflections—basically,
with Ethernet). Both sys- in the real world signals tend
tems received a definite and to bounce around rather than
significant boost in signal travel is a purely straight line.
strength and throughput; This is because they invariably
the connection was much hit reflective objects from glass
faster and more dependable, to metal and so on.With pre-
particularly with the desktop MIMO wireless, this multi-path
because it sits the farthest effect resulted in reduced sig-
from the router. nal since only a portion of the
original signal would reach the
About a year later, we up- destination. MIMO “captures”
graded the RAM in the old the reflections and re-assem-
gal (it’s a five-year-old XP bles the signal, thus improving
desktop system) and the Wi- performance and effective
Fi signal strength doubled. signal strength. It is actually
We haven’t changed anything possible that the radio antenna
else about location, settings, ISP, tinfoil barriers, etc. you mention is assisting--it could be producing a “good” sig-
except that we put up the antenna on a radio several feet nal reflection, almost like an amplifying effect. Some people
away. Are we imagining the boost? Is it a fluke, is the ra- have reported improved Wi-Fi signals when their cell phone
dio somehow assisting, or can upgrading your RAM (we is near the computer, for example, and this could be a similar
nearly doubled it) actually improve your Wi-Fi reception? kind of thing. Of course the only way to know for sure is to,
Thanks for your help. You rule. —Naimy and Peeps you know, move the antenna and see what happens. We
must also consider the possibility that the improved signal
A: Fascinating! I enjoy a good mystery. Honestly, I can’t think could be the result of an unknown variable--something else
of any way that the RAM upgrade would influence signal that did change, but you don’t know it. Orientation of the PC
strength one way or another. It doesn’t add up, and I can’t after upgrade? Something subtle like a window screen up

The purpose of the antennas is to catch “multipath”

“ reflections—basically, in the real world signals tend to

bounce around rather than travel is a purely straight line. ”
5 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions
or down elsewhere in the room, and so on. Still, the antenna
theory at least has a plausible explanation, unlike the RAM
upgrade.
Q: I am desperately trying to find a wireless router to
buy. I have had a Belkin Draft-n and a Belkin N1 Vi-
sion. I found the Draft-N a better performance machine.
However, now I want to buy a new router that has great
coverage from a main house to an annex house. There
are walls to consider. I need coverage up to about 150
feet. What is your personal choice? – Nick
A: One thing to note when setting up a wireless network is
“
that range and speed are two different
things and you may need to optimize
for one or the other. In my experience,
pre-N gear can do a good job with
range, but is aggressive about reduc-
ing speeds to compensate—so you
To get the most
may get a connection from a distance out of any router
you couldn’t with another router, but
it might not be very fast. The reason
with MIMO, you
pre-N gear is generally good at range,
and obstacles, is because it uses
need to use a
MIMO—or multiple antennas—to “cap- wireless client with
ture” reflected signal paths. You can
also find MIMO on some enhanced
the same support.
‘g’ routers, which usually say so right
”
in their name, like “Super G with
MIMO”.
To get the most out of any router with MIMO, you need to
use a wireless client with the same support. (It’s not clear
from your question if you are also using the Belkin pre-N
card at the other end.) I don’t like to encourage vendor lock,
but in practice, edge technologies like MIMO (and “Range-
Max”) as well as pre-N seem to be most reliable when paired
with companions of the same vendor.
Besides all that, if your router has detachable antennas
(the typical “rubber ducky”), you can swap them for longer,
more powerful replacement antennas that can double or
sometimes triple their sensitivity. This doesn’t necessarily
mean a doubling or tripling of your range, but it can help you
squeeze out every last drop of performance.
Try to orient your wireless router as high as possible in your
main house, such as a top floor. Alternative possibilities
could include adding a second wireless router to your main
house, in a spot best for “seeing” the annex house (such as
a window). This secondary router could use WDS (wireless
distribution system) or an old-fashioned Ethernet cable to
6 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
connect with the primary router for service.
A third possibility would be to setup a wireless router in the
annex house and use WDS to repeat the signal from the
main house. You would be able to setup this annex router in
an optimal position (and/or with a stronger antenna) to re-
ceive the signal, and your wireless clients could more easily
pick up the rebroadcast signal.
For a 150-foot range, one or any of these scenarios should
do the trick. For longer distances, I would start to look at
directional antennas like yagis to create a point-to-point
link. But this seems like overkill at this distance unless your
houses are actually underground fall-
out shelters. Which would be pretty
cool, actually.
Q: I am connected by Time War-
ner Cable to my system through a
Linksys WRT54GL router. I put on
Tomato firmware and am transmit-
ting at 84mW. This set up is in the
front of my house on the second
floor. My basement is in the rear of
my house. When I’m in the base-
ment, my laptop seems to pick up
a better signal than my PC, but
the speed it about 25 percent of
upstairs. What can I do to get a
stronger signal wirelessly down in
the basement? Someone suggested
using two routers, namely an n-draft router upstairs
and placing my Linksys on the main floor just above my
basement in my dining room. Is Tomato good firmware
to use or should I install DD-WRT on a router upstairs as
well as the Linksys? – Arthur
A: For those readers who haven’t yet heard of “Tomato,” it
is not only a nutritious and delicious vegetable (technically
a fruit, but that’s for some other guru to explain)—Tomato is
also an open source firmware, like DD-WRT.
Where was I? It doesn’t sound like the firmware is the
problem in this situation. Whether you are using Tomato
or DD-WRT, the challenge here is primarily environmen-
tal. Basements are especially challenging for reception of
wireless signals, and in this case your router is two floors
away. Bumping the transmit power to 84mW (the default is
28mW) is probably hurting more than helping—when you
increase power, you increase both signal and noise. The
reason your connection speed is reduced by ¾ is because
your basement PC cannot negotiate a faster rate, which may
 Get Answers to Your Wi-Fi Questions

in part be due to interference from the extra noise.
The suggestion you received is basically to add a second
router into the mix, effectively re-distributing your wireless
signal. You could do this—there is more than one way to
get it done. Using an n-draft router might offer some slight
advantage for getting maximum signal to a router on your
main floor, only because the n router will be using a superior
MIMO antenna array; but your Linksys is not an n router,
and so the benefit of doing this is not hugely compelling.
Chances are that a second router just like your Linksys will
do the job.
If your second router supports WDS (wireless distribution
system) you may not even have to muck around with flashing
an alternative firmware (some stock routers support WDS
out of the box). You can setup WDS between your new
router and your Tomato-based router, which should improve
the signal to your basement.
It may be heresy to say this, but I’ve said it before so there’s
no turning back now—what about not going wireless to your
basement? If you plan on living in this house for a long time,
I would consider running Ethernet from the second floor to
another router in the basement. Maybe even along the outer
wall if it would be an easier install. In the long run (get it?
long run!), this would be the most stable and fastest solu-
tion, particularly if you want to run a gigabit LAN.
A third option would be to cable only from the second floor
to first floor—see the question and answer below for a similar
scenario. n

7 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

Connections & Signal Boosting

Q
: I am trying to use WRT54Gv2/DD-WRTv24 using the stock “rubber ducky” antennas included with your
antenna selection to have one antenna TX router, there really is no advantage to manually assigning
and the other RX. Does the menu option TX and RX to exclusive antennas, and effectively disabling
where you can select TX/RX and Left/Right diversity. However, in some scenarios you want to replace
antennas really do what it says? Namely can I have one the stock antenna with a high-powered directional like a grid
antenna exclusively for TX and the other exclusively for or yagi. Typically, this is done to create a long range wire-
RX. – Petar less link, say between houses or office buildings. In this
setup, you want to assign both TX and RX to the directional
A: Truth in advertising—it is indeed true that DD-WRT lets antenna and not bother with the second stock antenna—and
you manually select which of this is where DD-WRT’s set-
the two WRT-54G antennas is ting can become very useful,
assigned to sending (TX) and since the stock firmware does
receiving (RX). More interesting not let you make such an as-
still is not so much that you can, signment.
but why would you want to? It
turns out there are several rea- Oh, and you might be wonder-
sons one might do this, some ing—which antenna is the left
useful and some perhaps not one? The right one? With DD-
so much. WRT, left and right are based
on looking at the router from
First, it is important to clarify the front, where the LED’s are.
that wireless radios operate in However, other firmware might
half-duplex mode—they cannot use the reverse orientation,
send and receive data at the looking at the router from the
same time. Instead, they switch back. Of course, you have a
between sending and receiving modes. Furthermore, only 50% chance of guessing correctly, but to be sure, simply
one antenna is used for sending. Routers that have two an- remove one antenna, and change the RX/TX assignments to
tennas (some have only one) are using “diversity” reception, see whether “left” or “right” works with just the one antenna.
which means that they dynamically switch between them to
pickup the strongest signal, which may vary due to myriad Q: I have a Cradlepoint MBR1000 gateway that is wired
environmental factors including multipath interference and to the desktop and works fine. I use it wirelessly to con-
reflection. nect to a laptop and that works fine, but when I try to get
my Vaio PCG Z1VA to connect, it shows in the task bar
Diversity mode is used for a reason, so if you are simply that it has a good signal, but I can’t connect to the Inter-

Routers that have two antennas (some have only one) are using “diversity”

“ ”
reception, which means that they dynamically switch between them to pickup
the strongest signal, which may vary due to myriad environmental factors
including multipath interference and reflection.

8 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions
net. I get a message that states “Windows was unable to
find a certificate to log you on to the network.” Can you
you help me out? - Brad
A: You have to admire Microsoft for keeping its “Unhelpful
Error Message Department” busy, continually inventing new
and ever more cryptic ways to tell you that what you want
to do doesn’t work. The clue here is “certificate” because,
“
chances are, your wireless network
does not use a certificate. And the
problem is likely with the client PC—
in this case, your Sony Vaio, which
may be misconfigured to look for a If your WISP uses
different kind of network than the
one that you have. DHCP to assign
It isn’t clear whether you are con-
an IP address, your
necting to the wireless network router will need to be
using Windows’ built-in wireless
management or the Intel PROset configured likewise
wireless connection utility pre-
installed on the Vaio. If you are using
(this is usually the
the Windows connection utility, I default setting).
would first try to switch to the PRO-
”
set utility instead.
Failing that, two things to consider:
• The Vaio may be trying to establish a WPA-RADIUS con-
nection rather than WPA-PSK (or WEP), depending on
what kind of security you have in place on the Cradlepoint
router. If the Vaio is mistakenly trying to make a WPA-RA-
DIUS connection, and you aren’t actually using a separate
RADIUS server (which is almost certainly the case), this
error may appear.
• Disable IEEE 802.1X authentication on the wireless
adapter for the Vaio. Open the available wireless net-
works, right-click on your network, choose Properties, and
look for the “Authentication” tab, where you can hopefully
uncheck 802.1X.
Q: Most of the user manuals and instructions I have
found for wireless routers/gateways assume that the In-
ternet connection is via Ethernet/cable modem. I have a
wireless ISP and so want to access the Internet through
my Linksys WRT54GS. I already have a home wireless
net using Airport Extreme. Can you give me a few hints
on setup? – Jon
A: One would need more precise information about your
WISP (“wireless ISP”) to provide detailed instructions, but
9 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
on its face this seems like a relatively simple configuration to
achieve.
When you plug a cable/DSL modem into a wireless router’s
WAN/Internet port, the router requests an IP address from
the ISP’s server at the other end of the line. Depending on
the protocol in use by that ISP, this request might take place
by DHCP or PPPoE, among others, and so your router’s
Internet connection has to be config-
ured accordingly.
The situation is really no different
with a WISP. Depending on the
WISP, you probably have some kind
of “subscriber unit” (SU) in your
premises. This connects to the ex-
ternal antenna you use to receive the
WISP signal—or, in the case of some
like Clearwire, the antenna might be
integrated into the subscriber unit.
Chances are that the SU provided by
your WISP connects to your com-
puter using an Ethernet cable. You
can probably plug this cable right
into your wireless router’s WAN/
Internet port. If your WISP uses
DHCP to assign an IP address, your router will need to be
configured likewise (this is usually the default setting). If your
WISP uses PPPoE, you should configure the router to use
the same, with supplied username and password. There are
other possibilities, but you’d have to consult with your WISP
for details.
If your SU connects to a PC using USB rather than Ethernet
(this shouldn’t be very common), then this would not work
with your wireless router. In that case, request an Ethernet-
based SU from your WISP.
Unless you need two wireless routers for some reason, in
the above setup your WRT54GS should server your whole
wireless net. The Airport Extreme would seem to be redun-
dant.
Q: I was using my Linksys as my main router, but I’m us-
ing a Netgear router now. I still use my Linksys as an ac-
cess point by turning off the DHCP and just plugging the
cable into one of the four LAN ports. Now that I’m using
DD-WRT, I wanted to make another open Wi-Fi point, but
it’s not working. -- Dave
A: The good news is that what you are trying to do—config-
 Get Answers to Your Wi-Fi Questions
ure a second router as a “dumb” wired access point—is per-
fectly legitimate. The bad news is that it isn’t working. But it
should, so we can take solace in that there must be a simple
configuration oversight somewhere.
You were right to disable the DHCP server on your second
(AP) router. When it comes to DHCP servers on a LAN, you
must always apply “The Highlander Rule”—there can be only
one. But that’s not all—it is also a good idea to disable the
firewall on your AP router. Security should be handled by the
gateway (primary) router.
It sounds like your cable is plugged into the correct port—it
must be a “LAN” port, and not the “WAN” or “Internet” port
on the AP router. (You will not use the WAN/Internet port.)
This also means that your AP router is not going to receive a
DHCP assignment from your primary router, because it only
listens for DHCP on its WAN/Internet port. You will need to
manually configure your AP router’s network address using
an IP that is compatible with your primary router.
10
For example, suppose your primary router has the typical
IP of 192.168.1.1 (and network mask 255.255.255.0). On
your AP router, you will configure it with an IP address like
192.168.1.2 (same network mask). You may or may not need
to specify an IP for gateway and DNS, but if you do, it is the
IP of your primary router (192.168.1.1 in this example).
For testing purposes, at least, you should also configure the
wireless SSID on your AP router without any WEP/WPA/
WPA2 security. You can apply the security of your choosing
after verifying the AP connection.
Wireless clients who associate with your AP should receive
their IP address and related settings (gateway, DNS) from
your primary router. And you should be able to connect to
your AP router using the IP address you manually assigned
to it. n
Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions

DD-WRT

Q
: I have to set up a temporary Wi-Fi hotspot at compared to these others, and although it is quite powerful,
a seminar in a hotel. I would like to have some it may not be the most inviting choice for a turnkey solution.
sort of bandwidth limit and an acknowledge-
ment splash page, but no authentication. I Unfortunately, it does not seem like anyone has posted a
would also like to have to bring as little equipment as successful report of installing NoDogSplash on DD-WRT or
possible. (Chilispot and other hotspot servers mostly Tomato. However, there are two alternative approaches to
require another computer to run on. I’m hoping to find consider:
something I can run on a
router). I found NoDogSplash, • Flash your WRT54G-family
which seems to fit my situation, router to CoovaAP. This open-
however it likes OpenWRT. It source firmware is actually based
seems like DD-WRT is a much on OpenWRT and includes a cap-
more polished firmware. Do you tive portal (for your splash page)
think NoDogSplash will run on and traffic shaping (for bandwidth
DD-WRT? – Jason limiting). But unlike OpenWRT,
CoovaAP also includes a relatively
A: Let’s first unpack this scenar- user-friendly Web-based adminis-
io—you want to setup a single tration interface.
piece of hardware that will give
nearby users wireless Internet • Stick with DD-WRT and
access. But, you want to force use NoCatSplash for the splash
them to see a splash page upon page, which can be hosted on
connecting (such as ads from an external Web server. Limiting
sponsors), and you want to define bandwidth is slightly more com-
limits on their upload and down- plex (unless you buy the paid ver-
load speeds, presumably so that sion of DD-WRT, which includes
no single user can hog all the bandwidth management in the
available bandwidth to the Internet. GUI). You can create an iptables script for limiting band-
width by IP/MAC or other criteria using the nifty Windows
As you have discovered, NoDogSplash meets all of your app WRT54G Script Generator. Follow the step-by-step
needs, but with one catch—it runs on OpenWRT, which is wizard to generate an iptables script which you can paste
a less user-friendly router firmware than, say, DD-WRT (or into DD-WRT’s firewall script section.
Tomato). The OpenWRT learning curve is considerable
Like Jason says, most captive portal solutions require

You can create an iptables script for limiting

“ bandwidth by IP/MAC or other criteria using the nifty

Windows app WRT54G Script Generator. ”
11 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions
interacting with an external server, most typically a RADIUS
server.
Q: I have setup WDS with two routers using DD-WRT
sp1 at my folks’ house, which is in a different town. I can
remote into the base router with their IP address:port,
“
but I want to be able to access the
second router from my house, as
well. Do you know how to do this or
do even understand what I’m say-
ing? - Bob …most captive
A: I do understand! In fact, I have
portal solutions re-
setup the very same arrangement
for remote support. But first, let’s be
quire interacting with
sure everyone else understands what an external server,
we’re talking about, too.
most typically a
Suppose you have one wireless
router. Normally when you connect
RADIUS server.
”
your browser to this router’s admin-
istration interface you do so from a
client inside your LAN—that is, a client
connected to the router. What if you want to connect to the
browser’s administration page from outside your LAN—in
other words, remotely? Most routers, including those running
DD-WRT, offer a separate configuration setting for “remote
administration” that is often disabled by default. In DD-WRT,
this setting lives under Administration/Management/Remote
Access. You can customize the connection port, since the
usual Web port (80) is reserved for local access. From
outside the network, you connect to this router using the IP
address assigned to the incoming broadband connection (or
use a dynamic DNS service to translate the IP to a friendly
name).
Now suppose that the LAN in question is served by two
wireless routers, configured to extend range through either a
repeater or WDS configuration. You want to remotely admin
the second router, but how do you address it from outside
the LAN?
12 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
One problem is that the remote administration service listens
for connections coming in via the “WAN” or Internet port.
On your primary router, this is your cable or DSL modem.
But your secondary router probably has no connection on
the WAN port.
The workaround is that you actually
access your secondary router on its
“normal” administration interface, in-
stead of using remote administration.
To do this, you need to set up port
mapping (aka “port forwarding”) from
your primary router to your secondary
router.
Using DD-WRT, click on NAT/QoS
and then Port Forwarding. You need
to choose a public port that you’ll
connect to from outside the network.
In my scenario, the primary router is
configured to accept remote admin-
istration on port 8080. So I decided
to use port 8081 for remote access to
the secondary router. My DD-WRT port forwarding configu-
ration looks like this:
Application: “remote router 2”Port from: 8081Protocol:
TCPIP Address: 192.168.1.2Port to: 80Enable: Checked
The IP address is the LAN address assigned to my second-
ary router. Be sure to click “Apply Settings.”
Now, when I am outside the LAN and open a browser to
http://myremotenetwork:8081, the primary router will for-
ward that request to port 80 of the secondary router. Voila—I
can log in to the secondary router’s administration interface
remotely, even though I am not technically using its “remote
administration.” n
 Get Answers to Your Wi-Fi Questions

Mac/iPhone

Q
: I had a nagging problem with my son’s in repeatedly, every day—while others have never seen this
MacBook dropping wireless with a “security error. Based both on my personal experience with this error
compromised” message. Turns out, my wife’s and other user reports, it appears that the trigger involves
laptop (XP) was corrupting the network with the presence of a PC-based wireless client using WPA-TKIP.
VPN. As soon as I switched to AES versus TKIP the
problem disappeared. Not sure if Macs don’t do TKIP For example, at a friend’s house I had setup a wireless
well, or XP doesn’t... but AES is quite stable. – Al network using WPA-TKIP, and configured both her MacBook
and my PC to the appropriate
A: Perhaps we ganged up on settings. The MacBook would
Microsoft error messages too connect to the network, but as
soon. A good number of Mac soon as my PC would con-
users have reported frustration nect, the Mac would throw the
and confusion with the infa- security error and shut down
mous “Your wireless network her connection.
has been compromised” error.
What’s worse, in fact, than Mi- As Al discovered himself,
crosoft’s empty rhetoric is that changing all parties involved—
this message actually causes the router and the clients—to
OS X to disable your wireless WPA-AES encryption solved
network for one minute. Gee, the problem and everyone got
thanks Apple! along happily.

Of course, OS X thinks it is The question remains, though,

doing you a favor. After all, it is TKIP encryption tickling a
has decided that your wireless bug in OS X? Have you seen
network is being hacked by a this error on a Mac and found
nasty intruder, and so taking any other solution and/or
your machine offline is for your explanation? Considering how
own good. The only problem is, chances are, that there is no widely used TKIP is (as the default WPA encryption scheme
intruder. in most wireless routers), it seems odd that this bug would
persist in OS X for so many years. If you have insight to
Little seems to be known about the exact cause of this error, share, click on my byline above to send us your feedback, or
and Apple has yet to address it despite reports dating back use the Comments tool below.
to at least 2004. Some users are affected frequently—as

A good number of Mac users have reported frustration

“ and confusion with the infamous “Your wireless network

has been compromised” error. ”
13 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
 Get Answers to Your Wi-Fi Questions
Q: When using the iPhone internationally, is there a way
to be sure you’re on Wi-Fi and not using the phone net-
work? I know that icon is at the top for the Wi-Fi, but can
you turn off the phone so you’re sure you’re not popping
minutes and MB off at a huge cost?--Tom
A: Even the most devout iPhone lovers would be less than
thrilled to receive a $4,800 bill for international data roam-
ing. The iPhone uses both the cellular EDGE network and
local Wi-Fi for network access. Although connecting to
a wireless AP may be free, using EDGE will incur data
charges if you are roaming internationally—big charges.
Even though the iPhone will prefer Wi-Fi over EDGE when
available, it still must rely on EDGE for features like updating
visual voicemail.
Unfortunately, Apple did not build a simple hardware or soft-
ware switch into the iPhone so that you can manually disable
EDGE. From what I hear, it is possible to arrange for your
14 Get Answers to Your Wi-Fi Questions, an Internet.com Network eBook. © 2009, WebMediaBrands Inc.
cellular contract to disable international roaming, although
this could be inconvenient if you would like spontaneous
control over using data roaming. Fortunately, there are two
other solutions:
1. Brute force—pull the SIM card. If you remove the SIM
from your iPhone, it will not be able to get onto the cellular
network. Reports suggest that you can continue to use the
iPhone as a network client via Wi-Fi. Of course, this means
you also won’t be able to make calls using your iPhone until
you reinsert the SIM card, making it not so much of a phone
and more just an “i.”
2. Users of an iPhone running 1.x firmware can install the
Services app, which gives you a nifty little GUI through
which you can toggle EDGE, Bluetooth, and Wi-Fi. iPhone
2.x users will need a different app, called BossPrefs, to do
the same thing. n