No - I haven't got as far as making our Suse box to do wirelesss - yet. But its a small part of the plan.... We have decided to cover our campus with Wireless acces points. We went for 801.11g at a potential of 54Mb/s but with the longer range of the old 801.11b standard. At the moment this gives us more compatibility with existing kit - especially PDAs which only seem to have 801.11b cards. Of course I soon discover there is much to learn... Channels 1 to 14 in the UK. I set my AP to channel 12. Our PDAs would not pick it up. Why? Because only channels 1 to 11 are 'universal'; channels 12 to 14 are only available in UK (EEC?) In the process I also discover that although the channels are 5MHz apart each channel is 22MHz wide so there are only 3 effective non overlapping channels - so some though must be given to channel settings on adjacent APs to get maximum benefit vs coverage. I'm not sure as so decide which channel to use - if some channels are used peramanently by DECT phones, BlueTooth, etc how will I know? Is there any reporting software utilties? Then there is security. We've all heared of those tin cans used as aerials by hackers driving around in cars. So I set up 128bit WEP in the APs. Agh...the PDAs only cater for 64bit (not that it told me anywhere - it was just impossible to type in the key - and they wouldn't connect..) QUESTIONS: Why does the AP give me 4 keys? (but only transmit one?) Is it a random choice for me? Do I assign keys to different user groups so that I can forbid groups for connecting? What's the idea? Should I have the same key in the mobile (which only accepts one?) Can it be any of the 4 keys? Should I set the SSID to be the same for the whole campus? Does this make moving between access points easier (no need to select as you migrate?) (I don't think its quite as transparent as mobile phone cells there seems to a a gap of several seconds while it changes - and tends to stick with existing weak signal even if you are right next to another) Or should I give a descriptive name to each AP? If lots of users are in an area covered my more than one AP do the clients share out the connections? Do they pick the lowest channel or highest? At random? Or do they pick on the strength of the signal? Or the loading of the Access points? Anyone with experience in these matters? If so, what else would you draw my attention to? Many thanks. -- Alan Davies Head of Computing Birkenhead School
== Kind Regards, Kyle Williamson - Solent Educational Ltd Tel: (023) 80 843189 Fax: (023) 80 848715 kyle@solented.co.uk / http://www.solented.co.uk -----Original Message----- From: Alan Davies [mailto:staff.asd@birkenhead.wirral.sch.uk] Sent: 06 January 2032 15:32 To: suse-linux-uk-schools@suse.com Subject: [suse-linux-uk-schools] Wireless stuff No - I haven't got as far as making our Suse box to do wirelesss - yet. But its a small part of the plan.... We have decided to cover our campus with Wireless acces points. -- That's a good thing :-) We went for 801.11g at a potential of 54Mb/s but with the longer range of the old 801.11b standard. At the moment this gives us more compatibility with existing kit - especially PDAs which only seem to have 801.11b cards. Of course I soon discover there is much to learn... Channels 1 to 14 in the UK. I set my AP to channel 12. Our PDAs would not pick it up. Why? Because only channels 1 to 11 are 'universal'; channels 12 to 14 are only available in UK (EEC?) -- AFAIK, This is to do with regulation about what frequencies are available and which are not, each government (EEC?) has different sets of regulation as to which wavelengths are available for use by unregistered wireless devices and which are not. In the process I also discover that although the channels are 5MHz apart each channel is 22MHz wide so there are only 3 effective non overlapping channels - so some though must be given to channel settings on adjacent APs to get maximum benefit vs coverage. I'm not sure as so decide which channel to use - if some channels are used peramanently by DECT phones, BlueTooth, etc how will I know? Is there any reporting software utilties? -- I've not seen this as a problem personally, even at home I have at wireless network, DECT Phones etc and I just let it set itself up. From my experience, their fairly fault tolerant. Then there is security. We've all heared of those tin cans used as aerials by hackers driving around in cars. So I set up 128bit WEP in the APs. Agh...the PDAs only cater for 64bit (not that it told me anywhere - it was just impossible to type in the key - and they wouldn't connect..) -- That's not surprising, there's some 40bit Wireless Kit out there too. QUESTIONS: Why does the AP give me 4 keys? (but only transmit one?) Is it a random choice for me? Do I assign keys to different user groups so that I can forbid groups for connecting? What's the idea? Should I have the same key in the mobile (which only accepts one?) Can it be any of the 4 keys? Should I set the SSID to be the same for the whole campus? Does this make moving between access points easier (no need to select as you migrate?) (I don't think its quite as transparent as mobile phone cells there seems to a a gap of several seconds while it changes - and tends to stick with existing weak signal even if you are right next to another) -- It depends. For instance, if you wanted "Science" Laptops to only work on the "Science" AP, then yes, set for instance "Birkenhead Science" as that AP's SSID. However, if you want to move laptops around the campus, then Yes, keep to one SSID or you will end up tinkering with the configuration moving kit around (especially on PDAs) Or should I give a descriptive name to each AP? -- This is sensible, i.e: SSID: "Birkenhead Wireless" AP NAME: "Third Floor AP" If lots of users are in an area covered my more than one AP do the clients share out the connections? Do they pick the lowest channel or highest? At random? Or do they pick on the strength of the signal? Or the loading of the Access points? -- It seems to be a fairly random thing, as far as I know. One thing I have found, if I wireless connection is available, then wireless tends to find it. Anyone with experience in these matters? If so, what else would you draw my attention to? -- Working out a coverage map. Also, if you intend to have student banks of laptops, extra power supplies are a necessity and perhaps a LapSafe or some other form of security. Another problem may be the lack of power points in classrooms. Many thanks. - Alan Davies Head of Computing Birkenhead School -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
On Tue, 6 Jan 2032, Alan Davies wrote:
Anyone with experience in these matters?
If so, what else would you draw my attention to?
Josh Howlett at Bristol Uni seems to have public access wireless LANs pretty sorted. See: http://www.bris.ac.uk/is/services/computers/nwservices/nomadic/ Bob G
Many thanks.
We have decided to cover our campus with Wireless access points.
Same here.
We went for 801.11g at a potential of 54Mb/s but with the longer range of the old 801.11b standard.
Divide the range printed on the box by five or ten.
Of course I soon discover there is much to learn...
But how did you learn it? The necessary information just doesn't seem to exist anywhere.
Channels 1 to 14 in the UK.
Yes, you have only three channels, 1, 6 and 11.
If some channels are used permanently by DECT phones, BlueTooth, etc how will I know?
You couldn't have got this far in IT without being psychic, surely? Neither DECT nor Bluetooth has yet seemed to be a problem here.
Are there any reporting software utilities?
Do let me know!
Then there is security. We've all heard of those tin cans used as aerials by hackers driving around in cars. So I set up 128bit WEP in the APs.
Unless it's critical to your system, I wouldn't bother about wireless security. It's too much of a nuisance. Better operate your system so it's no more hackable internally than externally, so it's not too much of a bother if strangers get onto it internally. Our wireless has been accessible for the past three years all round our country village and on the local roads, and I am not aware of any problems. If any strangers should be able to connect then their MAC addresses will appear in my arp logs.
Should I set the SSID to be the same for the whole campus? Does this make moving between access points easier (no need to select as you migrate?)
We have the same SSID throughout. I am sure it makes life easier (for example, it's quicker for us to set up a new point). It's a secret word, seven letters long, starts with an "f", ends with a "d" and the middle ones include e and l and s and t in that order. Hackers need to guess it, or to pick it up from our transmitters (by the way, the e occurs a second time, and if you still can't guess the word there's a clue in my email address).
Or should I give a descriptive name to each AP?
Too much bother when you move or replace them.
If lots of users are in an area covered by more than one AP do the clients share out the connections? Do they pick the lowest channel or highest? At random? Or do they pick on the strength of the signal? Or the loading of the Access points?
I have never found the tools or the utilities or the time to find out but I suspect it's the first channel they pick up and they stay on it till the bitter end, however many others are using it. So it's no, neither, yes, no and no. No load balancing, just luck and statistics. You may be able to get load balancing with more expensive hardware and software, but I suspect this would tie you to one manufacturer. -- Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG 01371-822698, mobile 07816 821659 cchd@felsted.essex.sch.uk
Alan Davies wrote:
No - I haven't got as far as making our Suse box to do wirelesss - yet. But its a small part of the plan....
We have decided to cover our campus with Wireless acces points.
We went for 801.11g at a potential of 54Mb/s but with the longer range of the old 801.11b standard. At the moment this gives us more compatibility with existing kit - especially PDAs which only seem to have 801.11b cards.
Of course I soon discover there is much to learn...
Channels 1 to 14 in the UK. I set my AP to channel 12. Our PDAs would not pick it up. Why? Because only channels 1 to 11 are 'universal'; channels 12 to 14 are only available in UK (EEC?)
Yup - Americans only have channels up to 11. That's why its important to check that you're buying equipment suited to your geographic area, and be prepared for overseas vistors having problems connecting to high-channelled access points. Also, ensure that you have got the firmware for the correct region too before flashing anything.
In the process I also discover that although the channels are 5MHz apart each channel is 22MHz wide so there are only 3 effective non overlapping channels - so some though must be given to channel settings on adjacent APs to get maximum benefit vs coverage. I'm not sure as so decide which channel to use - if some channels are used peramanently by DECT phones, BlueTooth, etc how will I know? Is there any reporting software utilties?
You shouldn't need to worry about these other devices - they shouldn't interfere with the 802.11 standards. However, the overlapping channel problem is significant. Through popularity, Channels 1, 6 and 11 are generally used. (There's no huge benefit to the extra channels we have in the EU, as we can't get another non-overlapping field out them!) This gets to be more of a problem when you have a building that might have heavy wireless usage, but is relatively "permeable". We have a building that (somehow) can be covered by two WAPs. Yet there's a possibility of having a great number of laptops in this building. They would, of course, all be sharing that 54Mbps. Adding a third WAP would alleviate the situation slightly, but not to a revolutionary degree. If anyone has any ideas about this sort of problem, I'd be glad to hear them!
Then there is security. We've all heared of those tin cans used as aerials by hackers driving around in cars. So I set up 128bit WEP in the APs.
IIRC, crackers (this being a Linux list, after all :) ) only need to sniff about 2GB-worth of net traffic to have a stab at getting your WEP key - even for a 128-bit key. That doesn't mean don't use it, but make sure you use MAC filters as well. (OK, so you can spoof MACs too....)
QUESTIONS: Why does the AP give me 4 keys? (but only transmit one?) Is it a random choice for me? Do I assign keys to different user groups so that I can forbid groups for connecting? What's the idea? Should I have the same key in the mobile (which only accepts one?) Can it be any of the 4 keys?
The theory is that you can set up 4 static keys on your WAP and enter all four keys on the client machines. When you switch between one key and another on the WAP, you then switch to the same numbered key on the client. If that all sounds fiddly, you're right. A friend on mine wrote a couple of scripts to help under Linux, one of which was run by a LAN-side server as a cron job - it used wget to send the appropriate HTTP request to his D-link WAP to change the key to a different value. In fact, this script enabled the use of many more than four WEP keys :) He then had a client-side script that rotated keys at the same time via a cron job. Unfortunately, I don't know a way of doing this automatically on Windows. The "proper" way of doing dynamic keys is to use a RADIUS server at the centre of your network. (There are Free RADIUS servers available.) These assign a random and unique key to a client that passes a valid set of credentials. This means that the keys change at a configurable interval, often enough to make sniffing a pointless passtime. You will need to ensure that your WAPs support RADIUS (my D-link one's all do) and, obviously, configure the RADIUS server.
Should I set the SSID to be the same for the whole campus? Does this make moving between access points easier (no need to select as you migrate?)
Yes, this is what we do. Students pick up a laptop and move to a hot-spot. The laptop does the rest.
(I don't think its quite as transparent as mobile phone cells there seems to a a gap of several seconds while it changes - and tends to stick with existing weak signal even if you are right next to another)
Yes, this is right - most cards will only look for a new WAP when it loses contact with its "current" WAP completely. (There are some cards that claim to do this dynamically, but I'm willing to bet that this is a vendor-specific feature, and probably not supported with Linux drivers.)
Or should I give a descriptive name to each AP?
Nah - see above :)
If lots of users are in an area covered my more than one AP do the clients share out the connections? Do they pick the lowest channel or highest? At random? Or do they pick on the strength of the signal? Or the loading of the Access points?
Again, I've seen claims that some kit will choose a more distant underloaded WAP against a closer higher loaded one. Generally, it just seems to be which ever WAP responds first. However, I also would be interested if someone knows more about this part. Cheers, Tony
participants (5)
-
Alan Davies -
Christopher Dawkins -
Kyle Williamson -
Robert J Gautier -
Tony Whitmore