Get the Flash Player to see the slideshow.

Mar 27 2009

Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point

Published by at 4:19 pm under IT

Today wireless is everywhere. In any point of your city you’ll find a dozen wireless access points with your laptop/PDA, more or less secured. In office buildings, on the streets, in the parc, in your neighborhood (no matter if you live in a residence or an apartment building).

Adding wireless to your home is cool since you can connect devices to your home LAN without drilling holes in your walls and fill them with wires to enable internet access from your bedroom or connect your HTPC to your wireless NAS.

Choosing an access point is easy since the technology itself is already matured enough and usually you cannot go wrong with products from Asus, Acer, MSI, Netgear, D-link, Zyxel and others. My pick however is Linksys. Mostly because is a Cisco Systems OEM (I feel a bit nostalgic for my network administration period). Secondly is price (more expensive in his class, but still very affordable). The third reason is signal strength: 2 layers of concrete walls are not a problem for a Linksys (I can pick up my network from across the street actually, or browse the internet from my toilet – well, I’m not actually doing this, but the potential is there and ready to be leveraged… :-) ).

But why should you get a wireless access point when you can get a wireless router for the same money, while having increased functionality of the equipment? A wireless router can be setup as a plain a wireless access point as well as directly connect your home network to your ADSL modem, PPPoE ISP, just plain WAN ethernet interface. Wireless router can also be used to connect 2 or more wireless networks. In need of a DMZ? Can be done.

Majority of wireless broadband routers as the case with my Linksys WRT54GL, besides the standard WAN Ethernet interface and Wireless LAN, offers the possibility to connect to the LAN via additional wired RJ-45 Ethernet interfaces. Those additional wired RJ-45 interfaces for the LAN network will allow the configuration of the wireless router as a plain access point. Here is how:

Linksys WRT54G connected and configured as plain Wireless Access Point

Linksys WRT54GL connected and configured in Wireless Access Point mode

  1. Completely ignore the wireless router’ WAN port (do not connect any cables to it). If anything is configured or attached there, the router will try to perform his best job: route, but we don’t want that.
  2. Connect the router to your LAN switch via one of the 4 available RJ-45 LAN ports.
  3. Access the management interface of the router via HTTP. For the Linksys WRT54GL default management address assigned is 192. 168.1.1 (check in the manual which is yours). If your network is not in 192.168.1.1/24 subnet or already one of your important network infrastructure is using the same 192.168.1.1 IP, have one of your computers or laptop directly connected to the router (no cross-over needed) by setting a random IP from the same class.
  4. Setup the desired management IP address (I’ve put 192.168.0.127 on mine).
  5. Re-enter the management interface with the new address.
  6. Double-check that wireless router’ WAN interface is in default DHCP mode.
  7. Setup the wireless network type.
  8. You’re done.

About the IP address assignment for the wireless clients there are 2 options. The most simple is to assign a DHCP scope on the router that is in the same subnet as your the rest of your LAN. The drawback here is that your wireless clients cannot connect to the internet because the default gateway as assigned via DHCP lease will be the IP address of your router. Therefore, your clients can access without problems resources from your LAN, but not the internet, since no route is configured between your internet default gateway (192.168.0.1 in my case – see above picture) and Linksys WRT54GL.

The second and smartest option is to disable DHCP server of the Linksys and build a DHCP scope on one of your servers from your LAN. You do not need here a full blown DHCP server authorized in the Active Directory. Any Open Source DHCP server will do (even installed on your Windows or Linux workstation). The scope must include address range, subnet mask, DNS server (if you do not rely on “hosts” file anymore) and default gateway. This way, after physical link has been established on 802.11b/g the client will broadcast a DHCP request package to 255.255.255.255; the request will be passed to all devices on your LAN and your DHCP server will respond with a valid IP address. Your wireless clients can now access both your LAN internal and external resources (as the correct default gateway has been correctly configures in the DHCP scope).

A few more words about securing your wireless network, since you do not want to provide internet services to your whole neighborhood.

  1. Setup a strong administrative password for Wireless Router Management interface (disable HTTP and enable HTTPS only access). By default, the administrative password for Linksys WRT54GL is “admin”, as I remember.
  2. Enable Media Access Code (MAC) address filtering. This way only the MAC addresses from the access list are allowed to communicate with the wireless router. “getmac” command will help you determine the mac address of your laptops’ wireless NIC. If this does not help, usually the MAC address is written on the back of each wireless enabled device (PDAs, HTPCs, MediaBox, Wireless SAN, etc). So, make a list of all of them, and write them down in the MAC filtering table of your router.
  3. Enable only WPA2 (Wi-Fi Protected Access) authentication and 128-bit AES encryption. Disable plain WPA + TKIP & WEP (Wired Equivalent Privacy) as both plain WPA & WEP are legacy authentication algorithms with serious security flaws. If you are forced to choose between WEP and WPA/TKIP due to legacy wireless client’ comptibility, go for the least of the worse: WPA/TKIP.
  4. And finally, from “Security through obscurity” series disable SSiD broadcast. What this is doing is very simple: the wireless network name will not be shown to someone who is searching for a wireless network. The whole network will either not be shown at all or it will show as “Unknown Network”. This requires for someone trying to connect to your network to know by hand your SSiD (Service Set Identifier) name. This is not a security measure that should substitute the other 3 above as a determined hacker can easily find out your SSiD by sniffing your wireless network traffic (SSiDs are send via clear text during 802.11 handshake).

If you want an additional layer of security in your network, on your DHCP machine, make a scope allowing only a number of DHCP leases that equals with your number of wireless devices (which preliminary have been MAC filtered on your wireless router). Assign for the scope IP address reservations which links the MAC addresses of your wireless clients to unique IP addresses from your subnet. That is: if I have 3 wireless devices, I filter the MACs on the wireless router and I create a DHCP scope with only 3 addresses for lease; in the same scope I create then 3 IP reservations assigned to the same MACs.

This is how you can setup a Linksys WRT54GL (and not only) Wireless Broadband router  as a plain Wireless access point and secure your newly created wireless network.

BTW: If confused about the differences between WRT54GL & WRT54G, the GL model is newer and the L stands for Linux, as the WRT54GL firmware comes packed with a mini Linux kernel.

Share

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

18 responses so far

18 Responses to “Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point”

  1. NETWORKING-THE.INFO |on 27 Mar 2009 at 5:30 pm

    [...] Originally posted here:Â Configuring Linksys WRT54G/GL Wireless G Broadband Router as a solid Wireless LAN Access Point [...]

  2. florinon 13 Apr 2009 at 4:21 pm

    ce header frumos!

  3. Zeton 14 Apr 2009 at 1:38 pm

    Care din ele?

  4. h.on 04 May 2009 at 6:43 pm

    Hiding the SSID may be a good measure, but if you have WPA2/AES you may leave it unhidden. If you have a good key, you’re safe. It’s less typing if you’re connecting with a mobile phone or other device without a comfortable keyboard.

    Another good security measure is good to disallow administrative access
    from the WLAN.

    I also have the WRT54GL model. I set the SSID to D-Link. No reason.

  5. Zeton 06 May 2009 at 1:05 pm

    @h:
    You type only once. The settings are saved.

    As for the SSID name, why not “Vodafone_Public”?

  6. h.on 31 May 2009 at 11:00 am

    There’s a fine line between ergonomic and lazy. However, I manage not to cross it… and remain in the lazy zone.

    It’s D-Link for the fun of letting hacker-wannabe-dumb-ass-neighbors trying to get free internet.

  7. [...] Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point;nLinksys WRT54GL access point mode… Related Websites [...]

  8. crison 30 Aug 2009 at 2:14 pm

    Sorry for a dumb question but what do you mean “Wireless router can also be used to connect 2 or more wireless networks”
    Can I use my Linksys WRT54GL to connect to a wireless network and forward the signal further, acting like a wireless amplifier?

  9. Zeton 31 Aug 2009 at 9:56 am

    Hi Cris,

    First of all, no questions are dumb.

    Secondly, if you only want to extend the range of your wireless, opt for a Wireless Extender. Cheaper and easier to setup. No need for a second router.

    In theory, you can connect another wireless network to your Linksys WRT54G router (via wireless) by installing 3rd party firmwares such as DD-WRT which enables the “Wireless Distribution System” or WDS within your Linksys WRT54GL. Make sure you do understand the performance and security limitations before going this path.

    If you want your 2 networks (meaning different subnets) to be connected, the easiest way is to connect each WAN interface of the WRT54GL to a 3rd wired router (also a Linux server with multiple NICs will do) and setup the routing accordingly.

  10. Sorinon 09 Sep 2009 at 9:56 pm

    Am de 2 ani acest router, am pus dd-wrt si merge super in configuratia de AP. Singura problema a aparut recent cind am vrut sa il accesez remote din afara LANului. Router este disabled evident (ai uitat sa mentionezi pentru cei mai incepatori), valoarea portului ptr webgui a fost schimbata de la 8080, noua valoare a fost introdusa in server la iptables ptr port forwarding si totusi nu reusesc sa-l accesez.
    Teoretic ar trebui sa fie asa cum spune si la help, http://adresa.ip.server:port, unde adresa.ip.server e IPul dat de provider iar port este valoarea schimbata de mine. In LAN il pot accesa fara probleme (cu adresa lui interna) dar din internet nu merge. Si ma roade pentru ca stiu ca am facut totul bine in server si in WRT54, e posibil doar sa fi uitat sa pun sau sa scot niste bife pe undeva.
    Sfaturile pentru securitate sint foarte bune doar ca eu il folosesc pentru clientii terasei si securitatea e 0 (decit sa stau sa explic la blonde cum se face conectarea cu pass mai bine las secu jos).
    Ce-a zis Cris voi incerca si eu sa fac si exact asta m-am gindit ca face, un extender la reteaua mea.

  11. Arion 14 Sep 2009 at 11:26 pm

    I have a WRT54GL router in my one ethernet-socket-student apartment. The internet connection is provided by the student union, and I have no access to the main router, it’s just like a black box, and all I have is a single ethernet socket in my apartment.

    To try to make things a little better for me and my roommate I wanted to setup my Linksys router so that it works as both ethernet switch (because we have an ethernet connected IP-phone) and as a wireless access point for our two laptops. So now you know what I want to be able to do (get both wired and wireless to the internet through my WRT54GL).

    The wired network works fine, I can connect both laptops and the IP-phone to that one, by turning off the WRT54GL’s DHCP server, but I don’t want the only wired network.

    According to your article (and, now, my bitter experience) it doesn’t work to let the WRT54GL’s DHCP server manage the wireless since it broadcasts it’s own IP address as the default gateway (which is not the student union router’s default gateway, so that doesn’t get me to the internet), and I don’t have the option of having a server in my tiny apartment, running a dedicated DHCP server, so my most important question is:

    Isn’t there a third way of getting DHCP assignments to the wireless network with broadcasting an arbitrary default gateway??

    I have looked at third-party firmwares for the WRT54GL, looking for clues to whether these firmwares can do what I need, but by my (admittedly rather short) inspection it seems that either it’s too trivial to mention in the “Capabilities”-section or they just can’t.

    Can you verify or debunk my theory that this is in fact possible with DD-WRT or Tomato or some other third-party firmware??

  12. Zeton 22 Sep 2009 at 3:26 pm

    @Ari,

    The quickest think to try is to set your IP/mask/DNS/Gateway manually for your wireless connection. See if that does it.

  13. Chuckon 30 Sep 2010 at 7:20 pm

    What if you have a wired router and 2 wireless ones? I have an 8-port wired router (linksys!), as well as 2 wireless routers. I’d like to connect the WAN to the wired router, then 2 wireless routers to that for wireless APs. I’m thinking disable the DHCP in the APs and have all DHCP come from the wired router. Would that work? I do not want to have a server running 24/7 just to supply DHCP.

  14. Laparoscopic Surgery :on 31 Oct 2010 at 4:21 pm

    my wireless router at home overheated when i used p2p heavily for 24 hours for the next 25 days _

  15. Mariuson 08 Nov 2010 at 3:07 am

    Thanks for these very thorough and helpful instructions. I live in a duplex in Brooklyn. Downstairs I have a modem with a built-in wi-fi router from Time Warner Cable (up to 50mbps/wideband). From this router a cat5 cable extends to the second floor, where there is an outlet attached to a patch cable, which in turn is attached to a WRT54GL router. Currently the WRT54GL router is set up with its own wireless network (separate username/password/MAX address). I’d like to seamlessly combine the downstairs and upstairs network so devices don’t notice a difference (it’s complicated – I need to set it up this way to make my wireless Logitech Squeezebox system work). Would it be possible to explain if this can be done and how?

  16. Zeton 08 Nov 2010 at 1:37 pm

    To all: it’s not necessary to keep a computer up just for the sake of having DHCP running. DHCP can be setup on any router (like the Time Warner cable, Marius or that wired Linksys router Chuck).

    The point is: to use this router WRT54GL as a plain AP, do not connect / configure the WAN port / use whatever equipment for DHCP provisioning, but make sure to configure the DHCP range (scope) within the same subnet.

    Cheers,
    Z

  17. lissage bresilienon 22 Apr 2014 at 3:21 am

    Découvrez le soin keratine sur le web

    Also visit my homepage; lissage bresilien

  18. aspirateur robot samsungon 25 Apr 2014 at 12:08 am

    What’s up mates, nice article and good urging
    commented at this place, I am actually enjoying by these.

    Also visit my webpage … aspirateur robot samsung

Trackback URI | Comments RSS

Leave a Reply