Date: Thu, 8 Jun 2006 17:33:31 +1000 From: Nick Withers <nick@nickwithers.com> To: Mark Moellering <mark@msen.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Wireless Access Points with Atheros Cards Message-ID: <20060608173331.279d1f3f.nick@nickwithers.com> In-Reply-To: <200606071142.30426.mark@msen.com> References: <20060607221131.a001ae57.nick@nickwithers.com> <200606071142.30426.mark@msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Jun 2006 11:42:30 -0400
Mark Moellering <mark@msen.com> wrote:
> Nick,
>
> I tried this maybe a month back. I added an ath card to a firewall (becoming
> the third NIC) and set it up following the directions. While I could connect
> to the access point/firewall, I could not get to anything beyond it. After some
> reading, I decdied to buy a standalone access point and replace the
> wireless ath card with a wired card to use to connect to the access point.
> The standalone access point (Netgear) wasn't that much more than the card and
> from everything I have read is the better way to go.
I decided to go with a FreeBSD-based access point for a number
of reasons, including (in no particular order):
- Security: I trust FreeBSD in the security arena more that I
do NetGear / D-Link / etc.
- Security: I insisted on implementing a full-blown 802.11i /
802.1x / RADIUS configuration and as such was going to require
an 802.1x / RADIUS server anyway (I'm not aware of these
features being available on any cheap-ish stand-alone access
point, but then I'm not aware of a lot of things!)
- Configurability: Though I have no experience with
stand-alone access points, my past experience with things like
DSL routers tells me that I'll be able to a lot more, and see
a lot more of what's going on, with a FreeBSD-based solution.
This includes things like firewalling the segment at the router
with both ingress and egress rules, implementing QoS, etc.
- Consolidation: The customer wanted a server for things like
web proxying with anti-virus filtering, file serving and
routing anyway, so I figured I'd bundle it all into one. I did
consider the fact that this means that if the server goes down,
their LAN's down too, but this would be similar if the server
were doing the network's 802.1x work, and they also don't plan
on using the LAN extensively - it's more for internet access
and the like
- Cost: Though we did look at several access points which
supported connecting to a backend 802.1x server, these
appeared to cost at least twice as much as an appropriate
wireless card.
I should point out that my wireless knowledge is somewhat
limited and am definitely keen on hearing any comments anyone
may have.
> If you are able to sned data through the access point, I would love to hear
> about it...
Certainly am. The setup's fully functional and routing traffic
from the LAN to the 'net and vice-versa. Happy to provide more
detailed information on the installation, if you like, though
perhaps off-list would be best (unless others are interested, of
course).
> Sincerely
>
> Mark
>
> On Wednesday 07 June 2006 8:11 am, Nick Withers wrote:
> > G'day all,
> >
> > I was recently asked to set up a wireless access point by a
> > mate. Having read section 27.3.3.2 - "Building a FreeBSD Access
> > Point"
> > ("http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireles
> >s.html") from the FreeBSD Handbook I duly advised my friend that they'd
> > need to procure one of the Prism cards listed in the wi(4) man
> > page, as, according to the Handbook, "In order to set up a
> > wireless access point with FreeBSD, you need to have a
> > compatible wireless card. Currently, only cards with the Prism
> > chipset are supported".
> >
> > When he got back to me the next day and said he couldn't find
> > one in any major store and that he'd been told they were no
> > longer available first-hand (whether all this is true or not,
> > I'm not entirely sure - but it's not really all that relevant
> > for the purposes of this question) I was a little surprised.
> >
> > After much more stuffing about, the ath(4) man page caught my
> > eye and I found the magic sentence: "Supported features include
> > 802.11 and 802.3 frames, power management, BSS, IBSS, and
> > host-based access point operation modes".
> >
> > I've subsequently set the thing up and it's now chugging away
> > merrily in hostap mode with hostapd helping out with 802.11i
> > shennanigans. It appears to be fully operational.
> >
> > My question, then, is this: Is the access point I've set up not
> > actually functioning as an access point in the strictest sense
> > of the term? Is the Handbook in need of a little attention in
> > this area?
> >
> > I'll happily create a patch for the doc and submit a PR to
> > have it updated, but just wanted to check before doing so that
> > I'm not just being an idiot (I'm particularly good at that!).
> >
> > Thanks all!
> > --
> > Nick Withers
> > email: nick@nickwithers.com
> > Web: http://www.nickwithers.com
> > Mobile: +61 414 397 446
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
--
Nick Withers
email: nick@nickwithers.com
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060608173331.279d1f3f.nick>