Re: Two Netgear WGT624 models will not communicate

On 19 Jul 2006 19:55:11 GMT, phil-news-nospam@xxxxxxxx wrote:

| Were to access points to talk to each other, they would by necessity
| need to bridge more than one MAC address. That means a bridging
| protocol that tracks the interface location of all the wireless
| clients. That's missing in the typical access point.

Or alternatively, translate to level 3 and re-announce as IP addresses
in a routing protocol like RIP. But none of this is new; wire switches
do this all the time.

Ok, you lost me. Translate what to the IP layer? What will that do
to provide universal interoperability?

RIP on layer 3 is very similar to STP on layer 2. However, that would
dramatically increase the leve of complexity of wireless. By leaving
everything (except management and configuration) on layer 2, wireless
bridges avoid the complications of the IP stack.

Would not the encryption of the packets themselves be sufficient
security?

Maybe. Dunno for sure. Security in a WDS network is marginal. The
first problem is that many routers ran out of sufficient flash ram to
impliment both WPA encryption and WDS at the same time. The result is
that these are now mutually exclusive and only WEP is supported in WDS
mode. This has been fixed on some routers. I don't have the list of
winners and losers. I don't consider WEP to be adequate security.

Incidentally, the WAP54G wireless bridge has a similar problem. Bridge
mode and WPA are mutually exclusive. Grrr....

Even with WAP and WDS, there's a problem. There's only one WPA key
for the entire system. Everything, including the clients, have to
know this key. There are some routers that have multiple SSID's and
encryption methods/keys, but not in WDS mode.

As I see it (probably wrong), the MAC address in the configuration is
used to create the MAC to port mapping table (whatever it's called)
and to add an additional layer of security by doing some light weight
MAC address wireless filtering. Only those MAC addresses listed in
the WDS config page can "join" the WDS network. See:
http://www.linksysinfo.org/portal/forums/showthread.php?t=47118
for a WRT54G sample configs. Oops. WEP again.

Seems to me that once you get RF into a bit stream/packet
then you want to be sure it is authorized (security) before doing
any more with it (valid SSID, phrase, key, etc).

It sure would be nice to have WDS authenticate with 802.1x using a
RADIUS server. That would give each connection a temporary and unique
encryption key with a secure method of key exchange. Not this week.

However, I agree. If you consider WEP to be adequate security, then
it's probably also adequate for WDS.

For ethernet over wireless it's not much different than ethernet over
a coaxial cable, besides the greater noise, more lossage, and hackers
tapping in.

Nope. 802.11 encapsulates 802.3 ethernet packets. Coax cable
(whether DOCSIS RF or 10base2 baseband) is simply layer 1 of the ISO
pile. The problem is that wireless tends to have more dropouts, more
lost packets, more noise, lousier signal to noise, and other anomalies
as compared to wired networks. The effects are the same with both
media, but the degree of imparement is much worse with wireless. I
can produce some S/N ratio comparisons for wired protocols versus
wireless protocols if you really need them. (Say no, I'm busy).

Operationally, it seems like it should be the same. But
if there are separate RX and TX frequencies, a few things could get
more complicated.

Actually, they get simpler with full duplex. Flow control would
actually work. There would be no dead zones in the sliding window.
Repeaters could be built that don't cut the thruput in half. Etc.

That's what we have ethernet, IP, TCP, etc, for. Of course if two
strange machines want to talk to each other in Gibberish 2.0 then
why not.

Wired TCP error control has no mechanism for dealing with repetative
errors. The best it can do is a random backoff algorithm to vary the
retransmission time to hopefully avoid the repetative interference.
802.11 wireless has multiple mechanisms, including flow control and
fragmentation control, to deal with interference issues.

| No. Everything in 802.11 wireless is half duplex. A box can transmit
| or receive, one at a time. In a WDS systems, all radios are on the
| same channel.

Then I can't see the reason for separate client mode at the media layer
other than to force the star topology. IMHO, star topology should not
be used in many cases.

This is not a la carte networking. You don't chose your topology,
protocols, and media from a menu as you need them. You get the whole
mess packaged as Wi-Fi, blessed by the Wi-Fi Alliance, and certified
by the FCC. There are plenty of places where a different topology
would be more useful. Too bad they're a minor consideration compared
to the huge number of situations where a star will work just fine. If
you want creative toplogies, look into Zigbee and mesh networking.

A limit on MAC addresses is something I can get around.

It's a table size limit. Bottom of the line router manufacturers are
cheap. For example, Linksys was doing just fine with a WRT54G v3 that
had 16MBytes of RAM and 4MBytes of flash. However, they're latest
incantation has only half the RAM and flash. Never mind that it barfs
when faced with a large number of simultaneous streams, apparently
from running out of table space. Unless you can control the memory
allocation, you're not going to increase the MAC address count much.

Incidentally, some manufacturers seem to think that the way to
stratify the pricing for their bridges is by number of MAC addresses
passed. A "workgroup bridge" will typically do 4-16 MAC addresses.
The same model as a "transparent bridge" can do perhaps 2048.

I'll just split
up in subnets and route from one of the Linux boxes.

Sure. No problem. Sorry, I forgot to mention that. You only need
one MAC address passed to do routing. Put a router at both ends and
it should work.

(more later.... I gotta get back to work).

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@xxxxxxxxxxxxxxxxxxxxxx
# http://802.11junk.com jeffl@xxxxxxxxxx
# http://www.LearnByDestroying.com AE6KS
.

Relevant Pages

  • Re: Two Netgear WGT624 models will not communicate
    ... Translate what to the IP layer? ... | dramatically increase the leve of complexity of wireless. ... old 802.11b nameless bridge to work with the WGT624, ... passing on the MAC addresses (cheap nameless bridge might have a limit ...
    (alt.internet.wireless)
  • Re: wireless router capable of being an access point client
    ... to a wireless router, since wireless bridges tend to be proprietary ... The bridge need only bridge one MAC address so any "game adapter" will ... client that will bridge exactly one MAC address, ...
    (alt.internet.wireless)
  • Re: Two Netgear WGT624 models will not communicate
    ... Wireless topology was originally designed to be a star. ... Central access point and clients that only talk to the central acccess ... the MAC address is on the ethernet LAN, ... need to bridge more than one MAC address. ...
    (alt.internet.wireless)
  • Network Bridging & MAC Address Filtering Help?
    ... DLink DI-624 wireless router. ... ZoneAlarm Pro and XP's Internet Connection Firewall is ... My issue is that I wish to enable MAC Address Filtering. ... is because the MAC address for the BRIDGE is ...
    (microsoft.public.windowsxp.network_web)
  • Re: Bridging PLUS Wireless Client Connections
    ... I want a "AccessPoint/Bridge" that can bridge LANs and can ... That's the exact description of a WDS (wireless distribution service) ... and a bridge for a backhaul to the main router. ...
    (alt.internet.wireless)
Quantcast