klukac
asked on
Linksys wireless router setup
I purchased a Linksys WRT54G wireless router to act as a wireless AP for my home network. Referring to the WRT54G as a WAP, my LAN configuration is:
Wireless client(s) -> WAP -> Linksys switch1 -> CISCO PIX -> DSL modem
Ethernet clients -> Linksys switch1 -> CISCO PIX -> DSL modem
client(s) with external IP -> Linksys switch2 -> DSL modem
The basic setup options on the WAP are automatic/DHCP (default) and static IP, among others that don't apply such as PPOE (since I have it set as router, not as gateway). The static IP setup expects two networks - but strangely, when I tried giving the WAP a spare external IP for testing, the config page returned an error that the subnet masks for my LAN and my WAN don't match. Of course they don't match! I have at least 255 local IPs I can use, but only one remaining routable IP which I'd rather not use. The error was probably about something else, but I want the WAP and my wireless clients behind the PIX (which does NAT) and the static IP options don't apply anyway. So I left the default config/DHCP setting in place on the WAP, wishing I could find a bridge mode instead, but that option is nowhere in the config pages.
I have disabled the DHCP server and assigned a local IP to the WAP in the same subnet as the internal ethernet card on the PIX. I can ping the PIX from the WAP and vice versa. However when I ping an Internet IP from the WAP I get no response. The WAP is included on the PIX host list. My wireless network settings are the defaults: mixed 11/54 Mbps, channel 6 - 2.437 GHz. The Operating Mode is router, with dynamic routing enabled for LAN & wireless. Checking the status, the IP address I have assigned the WAP isn't registering:
Firmware Version: v1.00.6, Jan. 20, 2006
Current Time: Not Available
MAC Address: xx:yy:zz:etc
Router Name: WRT54G
Host Name: wap
Domain Name: mydomain.com
Internet
Configuration Type
Login Type: Automatic Configuration - DHCP
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
DNS 1: 10.0.x.x
DNS 2: 10.0.x.x
DNS 3:
MTU: 1500
I do all of my network configuration from Linux systems. I wasn't able to browse the CD that came with the WAP, but wasn't concerned since I can access the WAP config pages with my browser. How do I fix this?
Wireless client(s) -> WAP -> Linksys switch1 -> CISCO PIX -> DSL modem
Ethernet clients -> Linksys switch1 -> CISCO PIX -> DSL modem
client(s) with external IP -> Linksys switch2 -> DSL modem
The basic setup options on the WAP are automatic/DHCP (default) and static IP, among others that don't apply such as PPOE (since I have it set as router, not as gateway). The static IP setup expects two networks - but strangely, when I tried giving the WAP a spare external IP for testing, the config page returned an error that the subnet masks for my LAN and my WAN don't match. Of course they don't match! I have at least 255 local IPs I can use, but only one remaining routable IP which I'd rather not use. The error was probably about something else, but I want the WAP and my wireless clients behind the PIX (which does NAT) and the static IP options don't apply anyway. So I left the default config/DHCP setting in place on the WAP, wishing I could find a bridge mode instead, but that option is nowhere in the config pages.
I have disabled the DHCP server and assigned a local IP to the WAP in the same subnet as the internal ethernet card on the PIX. I can ping the PIX from the WAP and vice versa. However when I ping an Internet IP from the WAP I get no response. The WAP is included on the PIX host list. My wireless network settings are the defaults: mixed 11/54 Mbps, channel 6 - 2.437 GHz. The Operating Mode is router, with dynamic routing enabled for LAN & wireless. Checking the status, the IP address I have assigned the WAP isn't registering:
Firmware Version: v1.00.6, Jan. 20, 2006
Current Time: Not Available
MAC Address: xx:yy:zz:etc
Router Name: WRT54G
Host Name: wap
Domain Name: mydomain.com
Internet
Configuration Type
Login Type: Automatic Configuration - DHCP
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
DNS 1: 10.0.x.x
DNS 2: 10.0.x.x
DNS 3:
MTU: 1500
I do all of my network configuration from Linux systems. I wasn't able to browse the CD that came with the WAP, but wasn't concerned since I can access the WAP config pages with my browser. How do I fix this?
Is the WAP only for internet access or will you use it for internal networking too? If you don't need internal networking access, just connect the wan port of the wap to the pix, enable it to get it's wan address from dhcp from the pix and you should have internet access. On the lan and wireless side of the wap enable dhcp too, but use a different subnet than the wan side uses. Give the wap itself a fixed ip for the lan so that you can manage it using your browser.
If you will be using it for normal networking too, don't connect the wan port, just connect the lan port to the network, give it a static ip and disable the internal dhcp server, as the connections will now get their ip's from the normal dhcp server on your lan. Now you should be able to use both, the internet and you lan.
If you will be using it for normal networking too, don't connect the wan port, just connect the lan port to the network, give it a static ip and disable the internal dhcp server, as the connections will now get their ip's from the normal dhcp server on your lan. Now you should be able to use both, the internet and you lan.
ASKER
rindi, the 2d option is what I tried to implement - I connected one of the 4 lan ports on the back of the wireless router to the network, and as you know I disabled its internal dhcp server and tried to assign it a static ip. I don't have dhcp running on my lan at all, but if I choose not to assign an external ip on the router, it will have to get its IP from the PIX. I really don't want to work with DHCP, which makes no sense for such a small network, and I'm wondering if DHCP will work on the PIX at all when it's used only for a single device. I have no choice but to try - it'll take some time, will get back to you on this.
saxicolous1, your first diagram is correct. My DSL modem is in bridge mode so as not to compete with the PIX, and I have an old laptop in the DMZ to see if my web and mail services are making it outside the LAN. I don't have experience with VLAN. I know that a router is not a WAP, but was advised that I could make it work like one.
saxicolous1, your first diagram is correct. My DSL modem is in bridge mode so as not to compete with the PIX, and I have an old laptop in the DMZ to see if my web and mail services are making it outside the LAN. I don't have experience with VLAN. I know that a router is not a WAP, but was advised that I could make it work like one.
If you don't use a dhcp server, and you only connect the wap via the lan port, you just need to enter the following values into the nic's of your clients:
static ip different from others on the lan, but within the same subnet. If you were using a lan segment like 192.168.0.x, the example would be 192.168.0.5
gateway ip, this would be the ip of your pix on the lan side, example 192.168.0.1
subnet mask, if you want to use 254 ip's, that would be 255.255.255.0
dns server's ip. Normally that is the same as the ip of your pix, 192.168.0.1, but you could also use those of your ISP's dns servers.
Of course you still need to define an IP address for the wap, like 192.168.0.2.
static ip different from others on the lan, but within the same subnet. If you were using a lan segment like 192.168.0.x, the example would be 192.168.0.5
gateway ip, this would be the ip of your pix on the lan side, example 192.168.0.1
subnet mask, if you want to use 254 ip's, that would be 255.255.255.0
dns server's ip. Normally that is the same as the ip of your pix, 192.168.0.1, but you could also use those of your ISP's dns servers.
Of course you still need to define an IP address for the wap, like 192.168.0.2.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
rindi,
Sadly, your instructions don't work. I tried all that you describe before sending this request, and this fails because the GUI on the router offers no option to set the IP of the gateway - not in the basic setup and not in advanced routing. I have set the router to route (not gateway) mode and enabled dynamic routing on the LAN, but the wireless router still sees itself as the gateway.
sax,
I found out how to set up DHCP on the PIX, but I don't understand how to work with the wireless router: I have to assign a static IP to open the router's GUI, but once I enable DHCP on the PIX with a range of IP addresses, I can no longer access the router GUI because I don't know what IP address it's using.
Sadly, your instructions don't work. I tried all that you describe before sending this request, and this fails because the GUI on the router offers no option to set the IP of the gateway - not in the basic setup and not in advanced routing. I have set the router to route (not gateway) mode and enabled dynamic routing on the LAN, but the wireless router still sees itself as the gateway.
sax,
I found out how to set up DHCP on the PIX, but I don't understand how to work with the wireless router: I have to assign a static IP to open the router's GUI, but once I enable DHCP on the PIX with a range of IP addresses, I can no longer access the router GUI because I don't know what IP address it's using.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hmmm, I just thought of one more thing (a frequent occurrence seconds after I submit a post). If/when you are telling the PIX about the WRT54G's MAC address, so that it can reserve a particular IP address for it, it might (I repeat might) be the case that the WRT54G, being a router with a WAN side and a LAN side, has TWO different MAC addresses, probably one number apart at the very last digit. You said in your original post that the WRT54G was included in the PIX host list. Obviously, whichever MAC address shows up there (assuming it shows MAC addresses in that listing) would be the one to use.
ASKER
ok I'm back. First things first: I'm connected via the wireless router, yeah :)
First I got DHCP running on the PIX, connecting one Ethernet client at a time. I started with 2 addresses to minimize guesswork on the wireless router's IP. I did try to relate the mac id features to dhcp on the PIX but failed - you can list a mac id with a subnet mask in a certain format, but I didn't understand the subnet mask (examples show ffff.ffff.ffff and ffff.ffff.0000). I copied the first and it was accepted, however the only benefit of the mac id is to exempt the device from authentication/authorizati
Now I'm working on security. I have enabled a policy to restrict access on the wireless router to only those MAC addresses that need to connect, however I have no WAP or WEP security enabled. I'd like to implement WAP2, which I understand is recommended, but must first figure out how it works so that my Linux and XP clients can still connect (at some point I made the mistake of pressing the "Reset security" button in the Admin pages and the wireless router reverted to its default settings so I had to start over - if I lose the connection, starting over is my only option and it's a real pain).
Some observations: the speed is absolutely terrific, at least in the same room. At one point my XP laptop client connected to the Internet through the wireless router with a routable IP and I have no idea how that was even possible (the router is connected to switch1 which connects to the PIX and then to the DSL modem - switch1 is connected only to internal clients with non-routable IPs). But I was too scared to examine this problem too closely. Tomorrow is another day - can get back to you then and close this out.
First I got DHCP running on the PIX, connecting one Ethernet client at a time. I started with 2 addresses to minimize guesswork on the wireless router's IP. I did try to relate the mac id features to dhcp on the PIX but failed - you can list a mac id with a subnet mask in a certain format, but I didn't understand the subnet mask (examples show ffff.ffff.ffff and ffff.ffff.0000). I copied the first and it was accepted, however the only benefit of the mac id is to exempt the device from authentication/authorizati
Now I'm working on security. I have enabled a policy to restrict access on the wireless router to only those MAC addresses that need to connect, however I have no WAP or WEP security enabled. I'd like to implement WAP2, which I understand is recommended, but must first figure out how it works so that my Linux and XP clients can still connect (at some point I made the mistake of pressing the "Reset security" button in the Admin pages and the wireless router reverted to its default settings so I had to start over - if I lose the connection, starting over is my only option and it's a real pain).
Some observations: the speed is absolutely terrific, at least in the same room. At one point my XP laptop client connected to the Internet through the wireless router with a routable IP and I have no idea how that was even possible (the router is connected to switch1 which connects to the PIX and then to the DSL modem - switch1 is connected only to internal clients with non-routable IPs). But I was too scared to examine this problem too closely. Tomorrow is another day - can get back to you then and close this out.
ASKER
Sorry I was out sort of unexpectedly for like a week or so :(
All is fine, except that I occasionally lose the DHCP connection and have to renew it - a bit confusing at first, since the wireless signal is fine, but I couldn't get past the inside interface on the PIX. Also, couldn't use WAP because the wireless card on my Linux laptop only comes with WEP in the GUI tool I normally use to configure it...could investigate other means but for now, I don't expect my neighbors to break the 128-bit encryption :)
All is fine, except that I occasionally lose the DHCP connection and have to renew it - a bit confusing at first, since the wireless signal is fine, but I couldn't get past the inside interface on the PIX. Also, couldn't use WAP because the wireless card on my Linux laptop only comes with WEP in the GUI tool I normally use to configure it...could investigate other means but for now, I don't expect my neighbors to break the 128-bit encryption :)
1. Unless your DSL modem is a little fancier than those I've seen, how could you have your PIX and your switch#2 plugged straight into it at the same time, as indicated in your diagrams? If your DSL modem has an integrated router with a built-in switch, then fine, but unless that's the case, your diagram seems strange to me.
2. Do you mean that one of the devices is plugged in to the DSL modem via a USB port, and the other through an ethernet jack? If that's the case, only one of those ports is probably active, and from your description, I'd say it's NOT the one connected to your PIX, since you can't see the Internet from that part of your network. Besides, I'll bet your DSL modem only has one public IP address to give, so it can't well give it to two devices at once. That one, precious public IP goes to ONE device, which can hand out myriad private IP addresses in all kinds of configurations, all leading back to that one point of origin, that one device immediately behind your modem. That is, unles you have: a) paid for multiple public IP addresses and a fancy modem to hand them all out at once, or b) a modem with integrated router and switch, in which case any devices plugged straight into your modem are already getting private IP addresses. I'll operate under the assumption that a) is not the case, as you mention that this is for a home network. I will also assume that your modem has only one functioning LAN port.
3) You want two sub-networks? Now, I don't have any experience with PIX's, but how about:
/ wired clients
switch #1
/ \ WAP -> wireless clients
modem -> PIX
\
switch #2 -> client(s) in a DMZ, defined by the PIX [is this the effect you're after?]
Or, even better, does one of the switches have VLAN capability?:
/ wired clients and WAP on VLAN #1
modem -> PIX -> switch
\ wired clients in DMZ on VLAN #2
If it doesn't, would the PIX have any useful VLAN capability?
4. As you know, that WRT54G you've got there is no WAP; it's a full-fledged router. However, I don't think you want that. It is the WAP54G that you really want; it's just an access point (essentially a wireless switch). I believe you should let the PIX be your router, acting as the lone DHCP server for your entire network, etc. To try and get the WRT54G to work as a simple WAP and not fight with the other router on your network, see if pluggling the line from your switch into one of the LAN ports on the WRT54G, and NOT the "Internet" port, helps. Leave the "Internet" port unoccupied and see if that turns this thing into a lowly WAP. You've already got the operating mode set to "router," so I'm not sure what else to change. Just make sure the WRT54G isn't trying to show off and act like a DHCP server.
And by the way, I bet you shouldn't be manually assigning any IP addresses except right at the PIX, giving either: a) the x.x.1.x range to switch #1 and the x.x.2.x range to switch #2, or b) the same two ranges to two different VLAN's on a single switch. Also, your PIX wouldn't happen to have enough LAN jacks on it to do away with other switches entirely, would it....? I bet it can do VLAN's, in which case:
/ wired clients and WAP on VLAN #1
modem -> PIX
\ wired clients in DMZ on VLAN #2