"I need my WiFi"

Show the kid your wrinkles and explain that super-zoot electronics is something you do for _other_ people, not something you have for yourself.

If your PC's aren't set up to see each other, then you're probably safe to just hook up an access point to the router. If they _are_ set up in some sort of an easy peer-peer network, then you'll probably have to fiddle with the security settings on each one.

--
My liberal friends think I'm a conservative kook. 
My conservative friends think I'm a liberal kook. 
Why am I not happy that they have found common ground? 

Tim Wescott, Communications, Control, Circuits & Software 
http://www.wescottdesign.com

I keep the neighbors at bay by declaring at cocktail parties, "I make chips"... without further explanation ;-)

It's all peer-to-peer, but requires password log-in.

Maybe that's adequate? ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     | 
| Analog Innovations, Inc.                         |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| Phoenix, Arizona  85048    Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

You can do that easily with another (wireless) Router between your Linksys and your cable modem. Provided your linksys has a decent firewall, it should work. It would look like this:

-------------------< 8port linksys Router>--------- Lan | | Wireless clients

You may have to recycle the cable modem power to update the bridging to use the new MAC address of the router. Also, configure the Wireless Router to a different IP address of your lan. Something like 192.168.150.1

Cheers

Potato or Corn? ;-)

I use a spare wireless router, plugged into a spare port in the main router. That allows access to the net, but not the private network. That makes it easy to turn off, when you don't need wireless. To make it even more secure requires a little bit more hardware. Linksys/Cisco, Netgear and other OEMs have some decent information on their websites.

Yep, you certainly do need to update the MAC address.

Wouldn't it be easier just to plug the wireless into an unused Linksys port? ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     | 
| Analog Innovations, Inc.                         |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| Phoenix, Arizona  85048    Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

Then the Wireless would be on the same lan segment, I thought you wanted it separated from your 'Stuff'. The 8Port Linksys would keep them out.

Cheers

OK. Now I understand. (Network set-up is not by best suite :-) ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     | 
| Analog Innovations, Inc.                         |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| Phoenix, Arizona  85048    Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.

I celebrated Hanukkah a week earlier. December is one long party for me.

You need Wi-Fi if you have kids or smartphone users in the house. Kids are easy. Smartphone, iPad, Android, or laptop addicts are not. Be prepared to have them spend the day on Facebook updating the world on YOUR activities.

As I recall, it was a BEFSR81, which belongs in a museum, but could use replacement. What you want is dual band, guest access, WPA2/AES encryption, and aerodynamic styling.

How few? If it's more than 4 ports, you will probably need to also add a cheap 5 or 16 port ethernet switch. However, I think this would be a good time to think about upgrading to Gigabit (1000baseT) ethernet. Fast is fun.

Thank you for not specifying a budget. Fortunately, it's after Christmas so many things are on sale.

It's not so much the size, but what's in the walls. If your inside walls are stuffed with aluminum foil backed insulation, they will block all RF. However, since you have ethernet all over the house, it will be easy to add a 2nd radio in the form of an access point. Note that an access point is just a wireless router with the router section disabled, leaving just the wireless access point and ethernet switch functional.

Some things to know about guest access before taking the plunge: Note that the guest login is isolated from the desktops, so the grand-brat is unlikely to do further damage.

Ask the grand-brats for tech support?

Here's what I suggest:

- Linksys EA2700, EA3500, or EA4500 wireless router depending on your budget. $70 to $160. Setup guest access for the grand-brats and other transients. If you can't figure it out, I'm sure the kids can show you how it's done. Make sure that you have normal wireless access setup for WPA2-AES wireless encryption to keep the neighbors out of your system. I'm not a big fan of WPS (wireless protected setup) but if you don't want to deal with passwords, it does make life easier.

- Few of todays wireless routers have 8 ethernet ports, so you'll need to add an ethernet switch. I suggest gigabit ethernet as in Linksys SE2800 for about $60: Just about anything that claims to play gigabit will work so you're not stuck with buying anything that's "compatible" with the wireless router.

- If you need to expand the system into the other end of the house because of weak signals, just get a lower tech wireless route that has guest access. One of the cheaper model Linksys routers such as the EA1200 will suffice. You can move it around to other ethernet ports as needed. If you have to unplug something, just move it to one of the unused LAN ports on the back of this "portable" wireless access point. For setting up a wireless router as an access point, see:

However, if you're in a rush, and just need something to plug in immediately, I suggest getting just the EA1200. Configure it as an access point (not as a router). Nothing to change in the existing BEFSR81. Setup a guest login. Give the EA1200 a static IP address that's one digit more than the your existing BEFSR81. If the router IP is 192.168.1.1, then configure your EA1200 for 192.168.1.2. Plug it into one of the BEFSR81 spare ports, and have the grand-brat provide the necessary testing and quality assurance.

What can go wrong? Well, if you just plug the unconfigured EA1200 into your existing LAN, you will have a duplicated IP address. Nothing will work and you'll blame the grand-brat who will immediately start crying. To avoid this disaster, take a computah off the network, plug only this computer into the EA1200, and do ALL the configuring. When done and you have a new 192.168.1.2 IP address configured, only then plug it into the LAN.

Note: alt.internet.wireless exists.

Footnote: Happy Holidaze.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

Your setup allows the wireless access to your lan , but you can't access the wireless lan. Netbios is not routable, so you wouldn't see any computers with windows.

I think If you made one port a vlan then that would work. But, I never played with vlans.

Cheers

You can put your own network behind an extra router (with NAT, I have good experiences with the 3COM officeconnect routers) and connect the Wifi router(s) to your internet connection.

Make sure your Windows PC's are setup to use non-administrator accounts.

--
Failure does not prove something is impossible, failure simply 
indicates you are not using the right tools... 
nico@nctdevpuntnl (punt=.) 
--------------------------------------------------------------

I missed the part about how you're connecting to the internet. I assume there's a NAT router somewhere in the system. Here's what I do. My DSL modem has built-in wireless. I try to keep the bad guys out with passwords and MAC address filtering. But it creates a real PITA when I want to do something quick and dirty. I have a wired switch plugged into the modem too.

So, I have a second wireless router with it's WAN port plugged into the switch. I like the Linksys WRT54G. There are a zillion in the wild. And every time anybody buys cable or a smartphone, one goes surplus. I pick 'em up at garage sales for a buck. And there's firmware available to give them much more capability. Your time crunch may prevent that, so virtually any modern wireless router should do.

I set the Linksys wireless router as a DHCP server on a different subnet. Wireless devices connect. The router doesn't know what to do with the packets, so they get sent out the WAN port. Your existing wired router doesn't know what do do with the packets, so they get sent out to the internet.

Depending on how many firewalls you have and where they're located, some reconfiguration may be required.

The two subnets probably can't see each other on the screen, so you have to take some deliberate action to make one interact with the other. So, there is a security risk. You're relatively safe from accidental damage, but not malicious intent. You can patch some of that with firewalls. Or you can enable MAC filtering on the added router if you have fixed clients.

If you're a hundred feet from the nearest neighbor and there's not a windowless black van parked in front of the house, you're probably reasonably safe for short term use. I just run mine wide open for convenience and shut it down as soon as I get the job done.

AS always, if you have anyone in the house and/or anywhere near your computer, make sure all your backups are current.

I don't know if it's true story or urban legend, but it goes like this...

Kid is surfing on dad's computer. OOOOH, music by my favorite band. Kid starts clicking and is led through the process that uses a torrent to download illegal music. Life is good. Kid goes off to college never realizing that there's a shared folder with the music and a torrent server running on dad's computer.

A year later, dad gets a registered letter from some RIAA lawyer accusing him of running an illegal download server and offers to settle for $4000 per song times the 22 songs being served. Last I saw, dad was given a pass when he gave up the daughter. The case was still in the courts, so I don't know the resolution.

Don't know if it's true or false, but it's easy to imagine something equally disasterous happening.

With Cisco dumping Linksys, I'm not so sure I'd go that way. Linksys support was awful with Cisco in charge. I can't believe it will get any better, plus they might orphan the old routers.

Personally, I'd get a router that runs DD-WRT. Some do this with factory firmware, so you don't even have to hack installing DD-WRT or similar programs.

I'm having good luck with a Linksys E4200. Isolation is depends on your equipment.

• If you have a NAT/router, it can probably serve multiple subnets. Change all of your existing network clients to use a static IP address rather than DHCP. For simplicity, the static address can be the DHCP address they have now. Now on the NAT/router, change DHCP to give out addresses for different subnet. Any device that pops itself onto the network via DHCP won't see your other gear until it is manually assigned an address in the other subnet. The WiFi can operate in bridged mode so there's nothing on it to configure. I'm not sure if this is secure enough for an 11 year old.

• More secure solutions are available if you replace your existing router with the Linksys E4200 or another device that supports WiFi guest networks. The guest WiFi account runs on a separate LAN from everything else. WiFi routers don't have much LAN-WAN bandwidth so it's not a good idea for very fast connections. Trying to get more bandwidth from this configuration means you'd need to mess with SOHO routers. "SOHO" is networking term describing a product that is completely FUBAR and has no hope of working correctly. It might just blow smoke when plugged in.

• This problem is trivial if you're given multiple IP addresses from your ISP. Set up the WiFi as an independent router and plug it into a WAN jack

--
I will not see posts from Google because I must filter them as spam

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

Hello Jim

This is not hard if you can get a so called "managed switch" that supports IEEE 802.1Q VLANs.

Right now I use a setup here that matches your requested one almost exactly:

- Internet connection via DSL router (for both wired LAN and WiFi)

- Wired LAN (not accessible from WiFi)

- WiFi (not accessible from wired LAN)

For the managed switch I use a TP-Link TL-SG3216 (configured for 2 VLANs, the second one for WiFi only), so I'll use the TL-SG3216 for the example, it should be possible to port this to other swithes with similar functions however.

The hardware setup is rather straightforward:

- connect the modem/router that you use for internet access to one port of the switch (e.g. Port 1)

- connect the WiFi access point (any type will do) to another port of the switch (e.g. Port 14)

- mark these two ports as "special" so nothing else gets connected there in the future

- the remaining ports are freely usable for the LAN PCs

- To perform the configuration use a PC connected to the switch through a port which is neiter 1 nor 14

In the switch configuration (this is specific to the TL-SG3216 but you may find similar options on other switches):

- in Port Config set all the ports' Link Type to "general"

- in VLAN Config set up 2 VLANs

- VLAN ID=1 between all ports, this should also be the System VLAN (where the switch itself is)

- VLAN ID=2 between Ports 1 and 14 only, set all ports' Egress Rule to "untag" (this is for the WiFi)

- in Port Config set Port 14's PVID value to "2" (or whatever value you have chosen for the second VLAN's ID)

- Now Port 16 cannot access the LAN and neither the configuration of the switch itself any more, so if you had your configuration PC connected there, you'd lock yourself out in the next step

- Apply the settings without saving (otherwise you can lock yourself out of the switch configuration permanently if anything goes wrong)

- If you locked yourself out, reboot the switch, it will load the last saved config, then repeat from start

- Test your setup if everything still works, and don't forget to "Save Config" at the end when all is ready

Some additional notes:

- The configuration interface of the switch is password-protected, but nevertheless make sure that the firewall on the router does not allow others from the unternet to access it.

- If you locked yourself out from the switch and saved the config already (don't try) then the only option is to use the RS232 serial console to reset or reconfigure it from the command-line, provided that the switch you choose has one (the TP-Link does, but its' proper use has a really steep learning curve).

Note that this should be possible with any type of managed switch that supports IEEE 802.1Q standard VLANs and has some kind of configuration interface, although the names and descriptions of the settings may vary quite widely, so it may take some looking and searching before you get one to work.

Regards Dimitrij Klingbeil

^ |

Sorry, that should have been Port 14 of course.

I know the drill. This 11 year-old is Duane's daughter and is being raised in the Jewish traditions. So we have a Menorah on hand for such occasions.

I don't facebook ;-)

"Styling"? Is that an engineering word ?:-)

Excellent suggestion! Thanks!

Same to you and yours! ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     | 
| Analog Innovations, Inc.                         |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| Phoenix, Arizona  85048    Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.

You will. Some of the parents I know are on Facebook solely to see what their kids are saying and doing.

Yes. I suspect it's something that isn't found in chip design. It's a major consideration for home networking. If it looks like something from a mad scientists lab, it won't sell. This year, projecting antennas, sharp corners, flashing lights, and white boxes are out, while internal antennas, rounded corners, no lights, and the black Darth Vader approved color schemes are in. Yes, there is such a thing as fashions, style, and aesthetics in network hardware.

It's also a pet peeve of mine, where styling becomes more important than function. For example, network boxes that can't be stacked on top of each other. The name of the game seems to be "I want my box on top of the pile". The Linksys devices I recommended are in this category. The ultimate example was the old Apple Airport wireless routers, which looked like a giant mushroom or flying saucer. Fortunately, Apple eventually came to their senses and switched to stackable network boxes.

Bah Humbug. It's the traditional post-Christmas rush for me. Two days out of the box, and I have two laptops with viruses arriving at the shop today. One more that may be dead on arrival. I expect more of the same in the following weeks. We had a storm last week. Only one lightning hit in the area, which unfortunately hit very close to one of my customers home. Wiped out most of the wireless and networking hardware. Anything connected with CAT5 or long wires was blown. Next, I get the call from a business, who wants to spend some "excess" capital on computer upgrades. The catch is that I have to spend it all in the next two days so that it can be deducted this year. Of course, I haven't finished this years billing and bookkeeping. Meanwhile, I'm dragging around a cold or flu for the last 7 weeks that won't go away. I hate Christmas.

Incidentally, I helped assemble a fancy treadmill exercise machine for a friend. In order to get firmware updates, it needs a wi-fi internet connection. I'll also be installing wi-fi at a customers. They got a Roku 2 XD IP video media player, which only connects to the internet via wi-fi. You will eventually need wi-fi. Resistance is futile.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

It's a rumor, not a certainty. Cisco hasn't commented on a possible sale yet: Personally, I wouldn't mind seeing Linksys independent of Cisco. Cisco has done a fairly lousy job of integrating (and then ignoring) their consumer products ventures (e.g. Flip, Umi, etc).

This is for someone with minimal networking experience to assemble in a day or two. DD-WRT is great, but not for beginners. I tried to supply what I thought his network would look like eventually, and then offered a fast fix for the immediate problem. DD-WRT isn't a good fit for the fast fix part. Also, if you haven't noticed, todays routers are starting to add many of the features that previously could only be found with DD-WRT.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

I'm the GRANDparent. The PARENTS of all these "kids" (5, 11, 12, 19,

20, 21, 21, and 23... that last one _now_a_working_woman_just_engaged) keep a watch on their Facebook activities.

Still works ;-)

I have a Roku Soundbridge that I use to listen to Internet radio, but it's connected via CAT-5 ...Jim Thompson

--
| James E.Thompson, CTO                            |    mens     | 
| Analog Innovations, Inc.                         |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| Phoenix, Arizona  85048    Skype: Contacts Only  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.