?
Solved

Wireless Access Point Configuration

Posted on 2010-03-27
5
Medium Priority
?
588 Views
Last Modified: 2013-11-09
I believe my question was already in the previous thread, so I started a new thread for follow-up questions.

Link to previous question:
http://www.experts-exchange.com/Networking/Wireless/WLAN/Q_25553161.html



>>You will not need to change anything on his equipment,
That's good to know. I want to keep it as simple as possible.

>>maybe available addresses in their DHCP scope (if you wanted to set up statically)
I guess it will be better to just ask what IP address they would want to assign to the devices?

>>as for on different subnets, that isnt ...
Actually, I once had a project for synchronized digital clock through out the factory. The device each had a LAN module and was assigned a static IP address. Since the clocks are put in different parts of the factory, some are connected to a different subnet. In the same setup, if I am going to use WLAN instead of LAN, what will I need to do? Is it enough to just add a WAP for each subnet/location?

>>By turning DHCP off you are allowing either their server or their router to "dish" out IP addresses.  
I don't quite understand this. So will this happen when I turn the DHCP off on the router but ON on my device? And what problems will I face if I did forget to turn the DHCP off?

>>whether you assign static ips with MAC filtering or DHCP with MAC filtering you still get the same effect.
Hmm, so what exactly is the advantage of using DHCP/Static IP over the other and vice versa.

>>Port restriction is the way to go but dont be like every other person out there ...
I have done a little programming with TCP sockets and WCF, but afaik it can't do anything without an endpoint to receive the packets. How will it be possible to do anything from just one open port? I don't doubt that it is indeed possible for a good hacker, but I just want an idea on how it was done and how to prevent it. I don't want the addition of my device to be a possible cause of a breach to their network. Too much responsibility. :-)
0
Comment
Question by:Thomasian
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:TheSolutionCF
ID: 28795851
>>You will not need to change anything on his equipment,
That's good to know. I want to keep it as simple as possible.
+++ We have this part settled then ;)  --- I should have also put " SHOULD not have to"

>>maybe available addresses in their DHCP scope (if you wanted to set up statically)
I guess it will be better to just ask what IP address they would want to assign to the devices?
+++ That is what i would do. Check to see if they have a scheme they would like to follow for the new devices your are installing, that way everything is documented.

>>as for on different subnets, that isnt ...
 In the same setup, if I am going to use WLAN instead of LAN, what will I need to do? Is it enough to just add a WAP for each subnet/location?
+++Yes, Installing a WAP for each subnet would work just fine as long as their network is FULLY operational right now, meaning they have the different subnets talking to the correct networks(or vlans).  if you have the documentation i wouldnt mind seeing this setup of subnets your are trying to traverse, it would make what your are talking about a little more clear to me.  When thinking of a WLAN vs a LAN the only thing that changes is the media on which it travels and the "standard it uses IE. 802.11a-n.  NOTE: Before i elaborate on this more i would like to know more about the devices you are installing if you are permitted to discuss that.

>>By turning DHCP off you are allowing either their server or their router to "dish" out IP addresses.  
So will this happen when I turn the DHCP off on the router but ON on my device? And what problems will I face if I did forget to turn the DHCP off?
+++ We will take this one is steps because if explained in parts it is very simple ( the way i explained it before was a little shaky)
1. There are 2 parts of DHCP--  Client   and     Server
2. DHCP can be turned on/off on a server Example-- If my DHCP is turned on, on the server, it will take an address from a pool and give it to a client that is asking for one. Ex2.  If DHCP is Turned of (or not setup) a client asking for a DHCP address will usually get a APIPA adress IE. 169.x.x.x   This means the client CANNOT find a server to get an address from.
3.This is the "client side" of question 2.  So your client(or device) wants a network connection, when set to DHCP it will look for a server that is handing out IP's, like i said before, if it doesnt not find one it will usually assign an APIPA IP (APIPA=BAD) so at this point you would need to switch your client to a STATIC address.  There really isnt another half of the client side because you either find a DHCP or you set static.
+++ Now to answer the DHCP Questions about your device and router
Providing that said company has a DHCP server then your router will have DHCP OFF  and you would preferably have the WAP set to a STATIC address, because the server is handing out all the addresses.
+++You would notice right away if you still had DHCP turned on because odds are everything wont work... should damage anything but stuff just wont work.  its trying to hand out separate addresses
+++++I Can touch more on this if you ask
 

>>whether you assign static ips with MAC filtering or DHCP with MAC filtering you still get the same effect.
Hmm, so what exactly is the advantage of using DHCP/Static IP over the other and vice versa.
+++ Great question but the simple answer is that, llke i said in the previous post, MAC addresses are on a lower layer of the OSI model (look OSI model up if your curious)  Meaning that it uses a different method of Identification.  a server and computer use IP addresses to identify each other and to navigate to and from. so lets say you have a laptop that has a share on it and everyone has it mapped to 192.168.1.220 and your using mac filtering with dhcp your client will always change so the next time you connect you have the possibility of getting the IP address 192.168.1.221 and then then mapped share wont work.  Where if you were to set a static those computers that were pointed at 192.168.1.220 will always find that computer when it is on the netowork


>>I don't want the addition of my device to be a possible cause of a breach to their network. Too much responsibility. :-)
+++ it is called Packet injection my dear friend.  I dont really feel comfortable explaining that in a forum( liabilities) but you can either google it or PM on here if there is such a thing.... im still really new at this.
Its not something to be REALLY concerned with. you have to understand there is ALWAYS traffic entering and exiting your network, so there always has to be a way to get in...
0
 
LVL 2

Expert Comment

by:TheSolutionCF
ID: 28804880
You getting everything figured out ok?  Comment back if not, im bored.....
0
 
LVL 22

Author Comment

by:Thomasian
ID: 28839157
>> if you have the documentation i wouldnt mind seeing this setup of subnets your are trying to traverse,
Actually, I don't have one. The already have different subnets in their network before adding our devices. Our devices are configured by the end user, so they assigned each one with an IP address and subnet mask to fit into their exisiting system. The only problem we encountered then is that I used broadcasts to detect installed devices which does not work across different subnets.

>>NOTE: Before i elaborate on this more i would like to know more about the devices you are installing if you are permitted to discuss that.
The devices' function could vary, but basically it is connected to the network just for updating/synchronizing. One possible function of the device is used as a digital clock w/ alarm. The digital clocks are all connected to a network and updated from a single workstation (NTP server if available) for synchronization. So there won't be any vital/sensitive information passed.

>> and you would preferably have the WAP set to a STATIC address, because the server is handing out all the addresses.
Sorry, if this is a stupid question (maybe I already asked some already anyway), but do WAPs have their own IP addresses? Can't it be setup to just work like an extention or signal amplifier? Or is it because it will have a different encryption mode.

>>You would notice right away if you still had DHCP turned on because...
So wAPs can also work as a DHCP server? I though only routers can do that. What is the difference between them then?

>>so lets say you have a laptop that has a share on it and everyone has it mapped to 192.168.1.220 a
If I'm not mistaken, that is the difference between dynamic and static IP, with or without mac filtering. Wasn't mac filtering only used to check if the device is allowed to connect into the network? And like in your example, everything is identified by their IP address when already in the network.

>> it is called Packet injection my dear friend.  I dont really feel comfortable explaining that in a forum( liabilities
Maybe I will check it out when I got more knowledge about networking. Still trying to figure out the basics.


>>but you can either google it or PM on here if there is such a thing.... im still really new at this.
There is no PM here, but you can put your email address in your profile.

>>Its not something to be REALLY concerned with. you have to understand there is ALWAYS traffic entering and exiting your network
What I'm really just concerned with is if the addition of the WAPs and my devices can "weaken" the security of the network.

>>You getting everything figured out ok?  Comment back if not, im bored.....
Sorry, it was around 2am here when you posted your comment. It's sunday so slept a "little" longer. You have to get used to it since the members here are from all over the world.
0
 
LVL 2

Accepted Solution

by:
TheSolutionCF earned 2000 total points
ID: 29135636
Sorry, if this is a stupid question (maybe I already asked some already anyway), but do WAPs have their own IP addresses? Can't it be setup to just work like an extention or signal amplifier? Or is it because it will have a different encryption mode.
>>The WAP will almost always have a IP adress of their own because it is an actual network device.  and to answer your next question on the list, some WAP have the DHCP option and some dont, low end ones usually do, but the high end ones usually don't.  it really depends.

If I'm not mistaken, that is the difference between dynamic and static IP, with or without mac filtering. Wasn't mac filtering only used to check if the device is allowed to connect into the network? And like in your example, everything is identified by their IP address when already in the network.
>> Yes you are correct. it is the exact same with or without the MAC filtering, i was just explaining it as a "whole".  whether you have the ip set to static or DHCP you can still choose to either ran MAC filtering or not.

Address will be added into my profile tonight.

What I'm really just concerned with is if the addition of the WAPs and my devices can "weaken" the security of the network.
>> IMO you dont really have to worry about the WAP's as long as they are secured in some way, shape, or form, and you use MAC Filtering.

 it was around 2am here when you posted your comment.
>> i think it was late when i posted it too, i work nights and i was at work so i was wide awake.  This was a quick post so if anything doesnt make much sense just ask.



0
 
LVL 22

Author Closing Comment

by:Thomasian
ID: 31707880
Thanks. No more questions for now.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question