[tech] Brave new wireless
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Jul 4 23:48:08 WST 2011
Tonight I finished configuring and installing the new wireless point,
coromandel [1] to provide 802.11a/b/g/n connectivity to the clubroom and
beyond. It is a D-Link DIR-825 with 2.4 & 5 GHz radios and five gigabit
Ethernet ports.
It has been reflashed to run OpenWRT 10.03.1-rc4 (r24045) with wpad-mini
replaced with the full version of wpad/hostapd.
It is configured to do VLANs 1, 6 (trusted wireless) and 8 (untrusted
wireless) from the switch. All of the "internal" switch ports are
configured for these VLANs, and VLAN 1 is untagged. The "uplink" port is
not configured.
It has an IP on VLAN 1 (coromandel.ucc.asn.au) which is on the UCC
management VLAN.
Coromandel is broadcasting the trusted wireless VLAN via the SSID 'UCC'
on 2.4 GHz channel 3 & 5 GHz channel 149 with WPA2/RADIUS encryption. It
is not currently broadcasting the UCC-Public SSID.
RADIUS authentication & accounting is enabled & working, thanks to a small
patch from newer versions of OpenWRT [2].
Clearwing (old 802.11b/g AP), which was previously broadcast both the UCC
and UCC-Public SSIDs, has had the UCC SSID disabled & is still
broadcasting UCC-Public on channel 11.
Issues:
- The management IP is not routed outside UCC, which means that `opkg` and
friends don't work without a proxy server being set up.
- I don't have any .11n or 5GHz devices, so I have no idea if that stuff
actually works.
- Enabling .11n forces us to disable WPA+WPA2 mixed mode in favour of
WPA2-only. This makes some old devices like my laptop not work; I don't
know if we care.
- Setting up EAP/PEAP-MSCHAPv2 still requires manually accepting a
certificate and (in Windows) requires a bunch of daft default settings
to be disabled.
Thanks to [AHC] for purchasing the new AP!
[1]: http://www.fishbase.org/summary/Speciessummary.php?id=14292
[2]: http://patchwork.openwrt.org/patch/844/
David Adam
UCC Wheel Member
zanchey at ucc.gu.uwa.edu.au
More information about the tech
mailing list