# Setting up a second wifi WAP w/o wep encryption



## DonLandis (Dec 17, 2003)

This one for network GURU's

I have a single cable modem connected to a firewall and then a router. From that router I have a half dozen computers connected with the 400Mbs hard wire and a WAP802.11b set with 128bit encryption (WEP) Usually connected to that are 3 laptops. All net equipment is Linksys DHCP So far so good!

I would like to add a second WAP with 802.11b where the access to the internet is an open access but access to anything behind the firewall would be blocked. To do this, would I need to insert the open access WAP between my current modem and router firewall. In other words- Cablemodem to a WAP open access and feed through it's built in router to the hard firewall/router where the second WEP system is connected. Would this do what I want? that is, allow open access to the internet for non wep wifi and keep those connections from seeing my lan behind the firewall.


----------



## CoriBright (May 30, 2002)

I think if you google for instructions up a wifi hotspot you might find more details. a router behind a router isn't the easiest thing to setup... I gave up and use two Access Points because I couldn't be bothered with a three hour phone to Linksys. But both are protected. In theory what you suggested should work, but the configuration isn't going to be a 5 minute job.

Good luck.


----------



## cdru (Dec 4, 2003)

Doing double NAT (router behind a router) is possible and actually isn't too difficult, but it can cause problems with some protocols. You also obviously have a performance hit as well as one more thing that can fail.

You might look into the WRT54G (or WRT54GS) with Sveasoft firmware running on it. The hacked firmware will allow you to VLAN off your wLAN from your LAN. Set it up so that the WRT54G is your main router with the wLAN having no encryption on one vLAN and your wired ports get used for our computers on the other. Then just use your current router as an AP. Connect the two routers via a lan port (don't use the WAN port). The 2nd router then just acts as a switch and AP, the router portion doesn't get used.


----------



## SimpleSimon (Jan 15, 2004)

Hmmm.

How about plugging the cable modem into a hub, then the WAPs into that?

This requires that the cable modem allow multiple IPs (IOW, has DHCP & NAT).

Set the two WAPs to have different subnets than the cable modem (for a total of 3 subnets).


----------



## DonLandis (Dec 17, 2003)

The first part may work but I'm not sure you understood how I explained my needs.

I want one WEP access point to be behind the firewall and see all my computers in shared resources mode.
The other access point would be open so no key required and also have access to my internet connection but not my LAN. 

I have enough hardware sitting around to try it but I was more inquiring as to how to configure the DHCP setup on the new WAP between the cable modem and the firewalled LAN. If the current Lan is set for 192.168.1.XXX, and 255.255.255.0 How does the setup look for the WAP that is outside the LAN? Right now the first thing my Cable modem sees is the linksys firewall/router(s)/WEP-WAP box.


----------



## SimpleSimon (Jan 15, 2004)

Don - maybe you misunderstood me.

I think you're thinking of a hierarchical pair of WLANs.

I'm thinking of a side-by-side pair of WLANs. One open, one secure. Both have access to the internet.

Both WAPs are firewalls in and of themselves, and so is the cable modem (assuming the cable modem has NAT & DHCP).

Cable-LAN = 192.168.a.xxx with 2 attached devices:
WLAN1-WANPort=192.168.a.11 and WLAN2-WANPort=192.168.a.22
WLAN1-LAN = 192.168.b.xxx
WLAN2-LAN = 192.168.c.xxx

With the standard 192.168 mask of 255.255.255.0 the two WLANs can't see each others LAN sides - although they can see each other's WAN ports - but that's not a problem.


----------



## DonLandis (Dec 17, 2003)

"_With the standard 192.168 mask of 255.255.255.0 the two WLANs can't see each others LAN sides - although they can see each other's WAN ports - but that's not a problem."_

Thanks for clarifying that. I see what you are saying now. Can't wait to get back to Florida next week to try it out.


----------

