Running 2 AP's, One WEP and one WPA2 - will this work?

[hyt3k9]

I have a Dell Axim X5 with a Belkin Wifi CF card that I got from someone here on [H]

I have it all set up, and ready to surf the net, but one small problem presented itself. The Belkin card only works with WEP encrypted wireless, no support for WPA2.

My current network consists of my DSL modem > D-Link Gaming wireless router > Netgear 4 port GigE switch > off to all computers

I have an old clunky Linksys access point in the garage. I was thinking, could I put it between the DSL modem and my D-Link router, and have the Linksys run WEP, so I can access this AP with my Axim? This way (at least in my mind) the WEP enabled AP couldn't defeat my D-Link running WPA2, so if if the Linksys AP WEP was defeated, they still couldn't get inside my home network.

Think this will work? I know I will have to name the Linksys AP a different name than the D-Link, and I think they both use 2.4Ghz, will the wireless conflict or does anyone see any potential pitfalls with this setup?

TIA

 

[Malk-a-mite]

internet > modem > WEP AP > router > WPA AP

Is this something of what you are thinking about? One potential downside it the possiblity of ending up double NAT'ed which can cause serious headaches with some apps (not to mention the troubleshooting of problems).

 

[DF454]

Shouldn't you run the Linksys AP off of the switch? If you have it after the modem, but before your router, how will the router get it's WAN IP?

Internet > modem > D-Link Gaming Router WPA2 > Netgear GigE Switch > off to all computers
..........................................................................................................> Linksys AP WEP

 

[DF454]

Couldn't you just lock the Linksys AP to the MAC address of the Axim? That way no other device could get through?

 

[Asgorath]

Couldn't you just lock the Linksys AP to the MAC address of the Axim? That way no other device could get through?

MAC cloning is pretty weak. That would work, but its a false sense of security.

I would just double NAT. Its not a perfect solution, but it works. I've done it on numerous occasions.

 

[Xeth]

If your DSL connection type is straight IP with DHCP (not PPPoE, L2TP, etc) and your ISP allows multiple IP leases, then yeah you can just put the WEP AP on the WAN side of the router and it would work perfectly without exposing your other computers at all. You will need a (cheapo) switch between the modem, AP and router, unless the modem has one already.

The DSL company might not be too happy about this though as you would be opening the whole subnet to an insecure wireless AP.


*edit* PS, personally I just run WEP with MAC filtering for everything for the performance and compatibility. But then I have 3 completely open APs in my neighborhood acting as my lightning rods

 

[mobiux]

What kind of linksys router is it?
Can you flash it to dd-wrt and turn it into just an AP?

Or does this version have a strictly AP mode?

 

[Xeth]

What kind of linksys router is it?
Can you flash it to dd-wrt and turn it into just an AP?

Or does this version have a strictly AP mode?

I think his router is a D-Link and the Linksys is the AP.

 

[Asgorath]

You should Double NAT. Don't just use the second router (WEP) as an access point because then you're opening up a hole on your network. Double NAT will work fine for general web browsing use, but is a pain when you use a fancy app like bitTorrent or an app that requires port forwarding.

Don't pretend that WEP with MAC adress filtering is secure. Realize its unsecure and use it, but don't put it inside your current private network. If you put it outside your network (double nat), then at worst, someone will get some of yoru internet connection. Not a super big deal.

-Just my $.02

 

[hyt3k9]

internet > modem > WEP AP > router > WPA AP

Is this something of what you are thinking about? One potential downside it the possiblity of ending up double NAT'ed which can cause serious headaches with some apps (not to mention the troubleshooting of problems).

Actually, my D-Link is wireless. So it would be Modem > WEP AP > Router/WPA2 > Client PCs

If your DSL connection type is straight IP with DHCP (not PPPoE, L2TP, etc) and your ISP allows multiple IP leases, then yeah you can just put the WEP AP on the WAN side of the router and it would work perfectly without exposing your other computers at all.

My ISP is PPPoE access with the login info

The DSL company might not be too happy about this though as you would be opening the whole subnet to an insecure wireless AP.

Insecure, not completely open. The WEP would still need to be cracked. Not like advertising free internets to the neighborhood

*edit* PS, personally I just run WEP with MAC filtering for everything for the performance and compatibility. But then I have 3 completely open APs in my neighborhood acting as my lightning rods

I too have heard that this isn't secure. Can't you spoof a MAC addy?

What kind of linksys router is it?
Can you flash it to dd-wrt and turn it into just an AP?

Or does this version have a strictly AP mode?

The linksys is an access point only. Not a router. Not sure of model, was trying to see if it was worth fishing down from the attic. I will grab it and repost information on it.

You should Double NAT. Don't just use the second router (WEP) as an access point because then you're opening up a hole on your network. Double NAT will work fine for general web browsing use, but is a pain when you use a fancy app like bitTorrent or an app that requires port forwarding.

Well I tend to torrent time to time, as well as port forward for some game patching programs.

Also, I don't have 2 routers. I have one Linksys Access Point, and one D-Link M634 Wireless Router.

Don't pretend that WEP with MAC adress filtering is secure. Realize its unsecure and use it, but don't put it inside your current private network. If you put it outside your network (double nat), then at worst, someone will get some of yoru internet connection. Not a super big deal.

I agree 100%

Could someone enlighten me on what "Double NAT'ing" is? Also, could someone chime in here on the best, most secure way to pull this off?

I think putting the AP between the DSL modem and wireless router might work, but remember my connection is PPPoE, so information needs stored in the AP in order for Axim to browse.. and I am guessing that doing it this way, the D-Link wireless router would still be able to get a IP from the AP so it can distribute the IPs to the network PCs.

Also, someone suggested that I take the AP and hook it up to the switch (inside my network), and use WEP on AP and MAC address filtering and set up a relationship between the AP and the Axim, ONLY. Sounds good, but security is a concern.

Need... more.... input.

 

[Asgorath]

I thought you had two routers....my bad on that one.

It won't be very secure, but hook the access point up to your switch and use 128bit WEP + MAC filtering + do not broadcast SSID. That is about the best you can do to keep it secure.

Double NAT'ing is a NAT inside a NAT.

Good luck. I think things will work out just fine for you.