[tech] Brave new wireless

[David Adam]

Tonight I finished configuring and installing the new wireless point, 
coromandel [1] to provide 802.11a/b/g/n connectivity to the clubroom and 
beyond. It is a D-Link DIR-825 with 2.4 & 5 GHz radios and five gigabit 
Ethernet ports.

It has been reflashed to run OpenWRT 10.03.1-rc4 (r24045) with wpad-mini 
replaced with the full version of wpad/hostapd.

It is configured to do VLANs 1, 6 (trusted wireless) and 8 (untrusted 
wireless) from the switch. All of the "internal" switch ports are 
configured for these VLANs, and VLAN 1 is untagged. The "uplink" port is 
not configured.

It has an IP on VLAN 1 (coromandel.ucc.asn.au) which is on the UCC 
management VLAN.

Coromandel is broadcasting the trusted wireless VLAN via the SSID 'UCC' 
on 2.4 GHz channel 3 & 5 GHz channel 149 with WPA2/RADIUS encryption. It 
is not currently broadcasting the UCC-Public SSID.

RADIUS authentication & accounting is enabled & working, thanks to a small 
patch from newer versions of OpenWRT [2].

Clearwing (old 802.11b/g AP), which was previously broadcast both the UCC 
and UCC-Public SSIDs, has had the UCC SSID disabled & is still 
broadcasting UCC-Public on channel 11.

Issues:

- The management IP is not routed outside UCC, which means that `opkg` and 
  friends don't work without a proxy server being set up.
- I don't have any .11n or 5GHz devices, so I have no idea if that stuff 
  actually works.
- Enabling .11n forces us to disable WPA+WPA2 mixed mode in favour of 
  WPA2-only. This makes some old devices like my laptop not work; I don't 
  know if we care.
- Setting up EAP/PEAP-MSCHAPv2 still requires manually accepting a 
  certificate and (in Windows) requires a bunch of daft default settings 
  to be disabled.

Thanks to [AHC] for purchasing the new AP!

[1]: http://www.fishbase.org/summary/Speciessummary.php?id=14292
[2]: http://patchwork.openwrt.org/patch/844/

David Adam
UCC Wheel Member
zanchey at ucc.gu.uwa.edu.au