Difference between revisions of "Wireless Bridge"
m |
m (Reverted edits by Atekysepiko (Talk); changed back to last version by Admin) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 9: | Line 9: | ||
* Repeater - The term WDS repeater describes the number of AP's in the link. | * Repeater - The term WDS repeater describes the number of AP's in the link. | ||
* WDS repeater hop - a single hop repeater is another way of saying a bridge with two Access Points | * WDS repeater hop - a single hop repeater is another way of saying a bridge with two Access Points | ||
− | * Mesh Access Points - WDS isn't the only way to bridge and repeat, however, WDS is a type of Mesh wireless networking | + | * Mesh Access Points - WDS isn't the only way to bridge and repeat, however, WDS is a type of Mesh wireless networking. A simple AP to AP bridge is hardly a 'mesh' since STP ([[Spanning Tree Protocol]]) wouldn't be necessary. |
+ | |||
+ | WDS may also be referred to as repeater mode because it appears to bridge and accept wireless clients at the same time (unlike traditional bridging). However, with this method, throughput is halved for all clients connected wireless. | ||
+ | |||
+ | To, TECHNICALLY, WDS describes a situation where as an AP may be connected to another AP to form the wireless bridge, while that AP is also connecting to other wireless clients. This hybrid WDS scenario is not a true bridge in the purest sense since. Yet, again the use of the terminology is so often abused once finds himself looking for WDS bridges even though he is only interested in a true Ap to AP bridge with no additional client accessibility. | ||
+ | |||
+ | Ideally what you want to achieve for your bridging of two wired networks, and using the best terminology is: | ||
+ | |||
+ | WDS (Wireless Distribution System) using two wireless bridge devices working in pairs (point-to-point), one on each side of the "bridge" and neither serving as a Wireless Repeater Bridge allowing simultaneously wired and wireless clients to access. | ||
== How to bridge two wired networks via wireless == | == How to bridge two wired networks via wireless == | ||
Line 58: | Line 66: | ||
The focus here is primarily on a single hop WDS bridging two wired networks via a wireless link. WDS AP Bridging is restricted to WEP encryption due to the nature of the two radios as explained above. The security therefore comes in using MAC addresses so the two AP's only connect to each other via radio link. | The focus here is primarily on a single hop WDS bridging two wired networks via a wireless link. WDS AP Bridging is restricted to WEP encryption due to the nature of the two radios as explained above. The security therefore comes in using MAC addresses so the two AP's only connect to each other via radio link. | ||
+ | |||
+ | Wi-Fi Protected Access (WPA) does not handle WDS. The reason is that WDS uses MAC addresses to communicate, and WPA is designed to encrypt the MAC addresses. | ||
WDS connections are MAC address-based. When discussing the 802.11 standard the WDS connection utilizes a special data frame type that uses all four of the (MAC) address fields. In the 802.11 frame header, address 1 is the destination address, address 2 is the source address, address 3 is the BSSID of the network and address 4 is used for WDS, to indicate the transmitter address. | WDS connections are MAC address-based. When discussing the 802.11 standard the WDS connection utilizes a special data frame type that uses all four of the (MAC) address fields. In the 802.11 frame header, address 1 is the destination address, address 2 is the source address, address 3 is the BSSID of the network and address 4 is used for WDS, to indicate the transmitter address. | ||
+ | |||
+ | Due to the limitations of WAP and certain unavoidable vulnerabilities in the budget WDS bridge AP market, one has to be practical about their approach to security. Don't risk using WDS to bridge directly to your LAN where you have a server with sensitive and confidential data. | ||
+ | |||
+ | In scenario where you have a main office with a wired LAN and you wish to connect a remote office you could place a router between the WDS AP and Switch/HUB on your main office LAN having that HUB also serve DHCP addresses on the new subnet in the main office, which could be considered a DMZ subnet. Set up the wireless bridge between the two offices. Clients at the remote office will grab a DHCP address from the router off the DMZ and not have direct access to the secure LAN at the main office. Using VPN any workstation at the remote office would have to authenticate as a VPN client to tunnel though the router to the secure LAN at the main office. | ||
+ | |||
+ | This scenario using VPN almost makes it seem silly to "bridge" to an alternate subnet. Why not then create a wireless link between two routers so the remote side is on a separate subnet? One reason is the p2p bridge does prevent additional clients from connecting to either AP. Remember, we only want the AP's to connect to each other. | ||
Latest revision as of 11:48, 24 November 2010
A wireless bridge allows for two locations to be connected as one integrated network. The two segments of LAN should be in the same subnet for their connection with a wireless bridge. The basic working of a wireless bridge involves the conversion of a data packet into a radio pulse for transmission. The other end of the network sends an acknowledgment to the transmitting radio, on receiving the radio pulse. Then the pulse is translated back into a wired ethernet packet and sent to the proper recipient. In the wireless bridge mode, all the devices which are connected to either access point, are contained within one unified subnet.
Contents
Key Terms to Know
Terminology is everything since this is a dynamic technology where old school definitions crash into slick marketing slang and, in general, an abuse of technology terminology in order to promote and sell products.
So here are some key terms to remember:
- WDS - Wireless Distribution System
- Repeater - The term WDS repeater describes the number of AP's in the link.
- WDS repeater hop - a single hop repeater is another way of saying a bridge with two Access Points
- Mesh Access Points - WDS isn't the only way to bridge and repeat, however, WDS is a type of Mesh wireless networking. A simple AP to AP bridge is hardly a 'mesh' since STP (Spanning Tree Protocol) wouldn't be necessary.
WDS may also be referred to as repeater mode because it appears to bridge and accept wireless clients at the same time (unlike traditional bridging). However, with this method, throughput is halved for all clients connected wireless.
To, TECHNICALLY, WDS describes a situation where as an AP may be connected to another AP to form the wireless bridge, while that AP is also connecting to other wireless clients. This hybrid WDS scenario is not a true bridge in the purest sense since. Yet, again the use of the terminology is so often abused once finds himself looking for WDS bridges even though he is only interested in a true Ap to AP bridge with no additional client accessibility.
Ideally what you want to achieve for your bridging of two wired networks, and using the best terminology is:
WDS (Wireless Distribution System) using two wireless bridge devices working in pairs (point-to-point), one on each side of the "bridge" and neither serving as a Wireless Repeater Bridge allowing simultaneously wired and wireless clients to access.
How to bridge two wired networks via wireless
WDS AP Bridge: Connecting two Networks Wireless is called Wireless Bridging. The term Bridging is a rather precise term in professional Wireless Networking. Unfortunately in order to “lure the mass” the Marketers of Entry Level Wireless Hardware do not adhere to terminology. As a result it is important to understand the simple principles of Bridging rather then to adhere to words that might be misleading.
In the classic definition of a wireless bridge, the true definition, the neither of the two networks have wirless computers, each of the two networks are wired, and the only wireless connection is the connection, or bridge, between the two networks.
This requires two access points that are capable to work in Bridge Mode (Almost all Stand Alone Access Point can do it). Plug One Access Point to an available Regular port on a Switch (or the switch part of a Router) in the Source part, plug the second Access Point into a simple Switch at the Destination, and Configure the Access Points as Bridges (read the instruction manual).
For the bridging of two buildings, an outdoor bridging solution is used and directional antenna should be implemented. Putting two directional Antenna facing one the other (using facing Windows, or rooftop) in an environment with direct line of sight (no obstructions) will provide for the best and most reliable connection.
WDS Link: Wireless Distribution System. Allows access points to link together and provide repeating.
Key Points to AP Bridging
WDS can be used to provide two modes of wireless AP-to-AP connectivity:
- Wireless Bridging in which WDS APs communicate only with each other and don't allow wireless clients or Stations (STA) to access them.
- Wireless Repeating in which APs communicate with each other and with wireless STAs
Two disadvantages to using WDS are:
- Wireless throughput is cut approximately in half for each WDS repeating "hop", i.e. an AP that data flows through before hitting the wired network. This is because all transmissions use the same channel and radio and must be retransmitted to reach the wired LAN.
- Dynamically assigned and rotated encryption keys are not supported in a WDS connection. This means that Wi-Fi Protected Access (WPA) and other dynamic key assignment technology may not be used. Static WEP keys only may be used in a WDS connection, including any STAs that associate to a WDS repeating AP.
Detailed specifications for WDS have yet to be created and agreed upon in the industry. What this means is that if you wish to create a WDS bridge it is best to use two identical products from the same manufacturer running the same bios.
A WDS link is defined as the MAC address pair of the connected APs. To create a WDS link between two OfficeConnect Wireless 11a/b/g Access Points, enter the peer AP’s MAC address on each AP via the Wireless WDS web page.
In addition, make sure you configure all WDS APs to work on the same radio channel. Since WDS links can operate in 2.4GHZ or 5.4 GHZ radio channels, using Auto Channel selection is not appropriate.
Throughput / Speed
Inexpensive 802.11g based mesh APs are available from Open-Mesh. Be warned, however, that throughput via 11g meshes is very low, in the single digit Mbps range. This is fine for basic connectivity for email, web browsing, etc. But not enough for high-quality video streaming. With WDS added to some 802.11n routers, it's now possible to get double-digit bandwidths through a single-hop bridge.
Security
The focus here is primarily on a single hop WDS bridging two wired networks via a wireless link. WDS AP Bridging is restricted to WEP encryption due to the nature of the two radios as explained above. The security therefore comes in using MAC addresses so the two AP's only connect to each other via radio link.
Wi-Fi Protected Access (WPA) does not handle WDS. The reason is that WDS uses MAC addresses to communicate, and WPA is designed to encrypt the MAC addresses.
WDS connections are MAC address-based. When discussing the 802.11 standard the WDS connection utilizes a special data frame type that uses all four of the (MAC) address fields. In the 802.11 frame header, address 1 is the destination address, address 2 is the source address, address 3 is the BSSID of the network and address 4 is used for WDS, to indicate the transmitter address.
Due to the limitations of WAP and certain unavoidable vulnerabilities in the budget WDS bridge AP market, one has to be practical about their approach to security. Don't risk using WDS to bridge directly to your LAN where you have a server with sensitive and confidential data.
In scenario where you have a main office with a wired LAN and you wish to connect a remote office you could place a router between the WDS AP and Switch/HUB on your main office LAN having that HUB also serve DHCP addresses on the new subnet in the main office, which could be considered a DMZ subnet. Set up the wireless bridge between the two offices. Clients at the remote office will grab a DHCP address from the router off the DMZ and not have direct access to the secure LAN at the main office. Using VPN any workstation at the remote office would have to authenticate as a VPN client to tunnel though the router to the secure LAN at the main office.
This scenario using VPN almost makes it seem silly to "bridge" to an alternate subnet. Why not then create a wireless link between two routers so the remote side is on a separate subnet? One reason is the p2p bridge does prevent additional clients from connecting to either AP. Remember, we only want the AP's to connect to each other.