Mar 27 2009
Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point
Today wireless is everywhere. In any point of your city you’ll find a dozen wireless access points with your laptop/PDA, more or less secured. In office buildings, on the streets, in the parc, in your neighborhood (no matter if you live in a residence or an apartment building).
Adding wireless to your home is cool since you can connect devices to your home LAN without drilling holes in your walls and fill them with wires to enable internet access from your bedroom or connect your HTPC to your wireless NAS.
Choosing an access point is easy since the technology itself is already matured enough and usually you cannot go wrong with products from Asus, Acer, MSI, Netgear, D-link, Zyxel and others. My pick however is Linksys. Mostly because is a Cisco Systems OEM (I feel a bit nostalgic for my network administration period). Secondly is price (more expensive in his class, but still very affordable). The third reason is signal strength: 2 layers of concrete walls are not a problem for a Linksys (I can pick up my network from across the street actually, or browse the internet from my toilet – well, I’m not actually doing this, but the potential is there and ready to be leveraged… 
).
But why should you get a wireless access point when you can get a wireless router for the same money, while having increased functionality of the equipment? A wireless router can be setup as a plain a wireless access point as well as directly connect your home network to your ADSL modem, PPPoE ISP, just plain WAN ethernet interface. Wireless router can also be used to connect 2 or more wireless networks. In need of a DMZ? Can be done.
Majority of wireless broadband routers as the case with my Linksys WRT54GL, besides the standard WAN Ethernet interface and Wireless LAN, offers the possibility to connect to the LAN via additional wired RJ-45 Ethernet interfaces. Those additional wired RJ-45 interfaces for the LAN network will allow the configuration of the wireless router as a plain access point. Here is how:
Linksys WRT54GL connected and configured in Wireless Access Point mode
- Completely ignore the wireless router’ WAN port (do not connect any cables to it). If anything is configured or attached there, the router will try to perform his best job: route, but we don’t want that.
- Connect the router to your LAN switch via one of the 4 available RJ-45 LAN ports.
- Access the management interface of the router via HTTP. For the Linksys WRT54GL default management address assigned is 192. 168.1.1 (check in the manual which is yours). If your network is not in 192.168.1.1/24 subnet or already one of your important network infrastructure is using the same 192.168.1.1 IP, have one of your computers or laptop directly connected to the router (no cross-over needed) by setting a random IP from the same class.
- Setup the desired management IP address (I’ve put 192.168.0.127 on mine).
- Re-enter the management interface with the new address.
- Double-check that wireless router’ WAN interface is in default DHCP mode.
- Setup the wireless network type.
- You’re done.
About the IP address assignment for the wireless clients there are 2 options. The most simple is to assign a DHCP scope on the router that is in the same subnet as your the rest of your LAN. The drawback here is that your wireless clients cannot connect to the internet because the default gateway as assigned via DHCP lease will be the IP address of your router. Therefore, your clients can access without problems resources from your LAN, but not the internet, since no route is configured between your internet default gateway (192.168.0.1 in my case – see above picture) and Linksys WRT54GL.
The second and smartest option is to disable DHCP server of the Linksys and build a DHCP scope on one of your servers from your LAN. You do not need here a full blown DHCP server authorized in the Active Directory. Any Open Source DHCP server will do (even installed on your Windows or Linux workstation). The scope must include address range, subnet mask, DNS server (if you do not rely on “hosts” file anymore) and default gateway. This way, after physical link has been established on 802.11b/g the client will broadcast a DHCP request package to 255.255.255.255; the request will be passed to all devices on your LAN and your DHCP server will respond with a valid IP address. Your wireless clients can now access both your LAN internal and external resources (as the correct default gateway has been correctly configures in the DHCP scope).
A few more words about securing your wireless network, since you do not want to provide internet services to your whole neighborhood.
- Setup a strong administrative password for Wireless Router Management interface (disable HTTP and enable HTTPS only access). By default, the administrative password for Linksys WRT54GL is “admin”, as I remember.
- Enable Media Access Code (MAC) address filtering. This way only the MAC addresses from the access list are allowed to communicate with the wireless router. “getmac” command will help you determine the mac address of your laptops’ wireless NIC. If this does not help, usually the MAC address is written on the back of each wireless enabled device (PDAs, HTPCs, MediaBox, Wireless SAN, etc). So, make a list of all of them, and write them down in the MAC filtering table of your router.
- Enable only WPA2 (Wi-Fi Protected Access) authentication and 128-bit AES encryption. Disable plain WPA + TKIP & WEP (Wired Equivalent Privacy) as both plain WPA & WEP are legacy authentication algorithms with serious security flaws. If you are forced to choose between WEP and WPA/TKIP due to legacy wireless client’ comptibility, go for the least of the worse: WPA/TKIP.
- And finally, from “Security through obscurity” series disable SSiD broadcast. What this is doing is very simple: the wireless network name will not be shown to someone who is searching for a wireless network. The whole network will either not be shown at all or it will show as “Unknown Network”. This requires for someone trying to connect to your network to know by hand your SSiD (Service Set Identifier) name. This is not a security measure that should substitute the other 3 above as a determined hacker can easily find out your SSiD by sniffing your wireless network traffic (SSiDs are send via clear text during 802.11 handshake).
If you want an additional layer of security in your network, on your DHCP machine, make a scope allowing only a number of DHCP leases that equals with your number of wireless devices (which preliminary have been MAC filtered on your wireless router). Assign for the scope IP address reservations which links the MAC addresses of your wireless clients to unique IP addresses from your subnet. That is: if I have 3 wireless devices, I filter the MACs on the wireless router and I create a DHCP scope with only 3 addresses for lease; in the same scope I create then 3 IP reservations assigned to the same MACs.
This is how you can setup a Linksys WRT54GL (and not only) Wireless Broadband router as a plain Wireless access point and secure your newly created wireless network.
BTW: If confused about the differences between WRT54GL & WRT54G, the GL model is newer and the L stands for Linux, as the WRT54GL firmware comes packed with a mini Linux kernel.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Related Websites -
![Rachmaninov: Piano Concertos Nos. 2&3 - Acoustic Reality Experience [7.1 DTS-HD Master Audio Disc] with DTS-HD Music Downloads Access [Audiophile Edition] [Blu-ray]](http://www.acousticmusicalinstruments.com/images/B0028J07MW/51R6-ruBwrL._SL160_.jpg "Rachmaninov: Piano Concertos Nos. 2&3 - Acoustic Reality Experience [7.1 DTS-HD Master Audio Disc] with DTS-HD Music Downloads Access [Audiophile Edition] [Blu-ray]")
Rachmaninov: Piano Concertos Nos. 2&3 - Acoustic Reality Experience [7.1 DTS-HD Master Audio Disc] with DTS-HD Music Downloads Access [Audiophile Edition] [Blu-ray] User Reviews Send this to a friend Rachmaninov: Piano Concertos Nos. 2&3 - Acoustic Reality Experience [7.1 DTS-HD Master Audio Disc] with DTS-HD Music Downloads Access [Audiophile Edition] [Blu-ray] Manufacturer: Surround Records Customer Rating: List Price: $45.99 Sale Price: View Sale Price Availibility: View Product Availability Buy Now Product...... -
Top Best 100 Incredibly Useful & Free iPhone Apps [/caption] by Joshua Johnson The best part of the iTunes App Store is that you don’t need to spend a single cent to fill your iPhone with amazing applications. There are tons of developers dishing out quality free applications daily. So in honor of cheapskates everywhere, this article features 100...... -
How to Connect Computer to Internet [/caption]Connecting your computer to the internet is an easy task if you have the components ready at hand. You will need components such as a LAN card if you are connecting through cable internet or a Wi-Fi hub if you are connecting to a wireless network. Depending on the type...... -
LG 3D LED TV. Free Bundle LG 3D Glasses And 3D Blu-ray Player LG 3D Bundle Includes Free 3D Bly-ray Player and Free 3D Glasses! To experience LG 3D technology you need a 2010 LG 3D ready TV and LG 3D Active Shutter Glasses. LG offers interesting bundles in order to make its 3D lineup a lot more interesting as LG company plans...... -
Gaining Easy Blog Traffic Do you want to spend every day smashing the previous day's traffic record? There is no reason why you cannot achieve this, but it is going to take some work. Write and publish a new post every day. New content is vitally important. It makes search engines come to your......
Loading ...
[...] Originally posted here: Configuring Linksys WRT54G/GL Wireless G Broadband Router as a solid Wireless LAN Access Point [...]
ce header frumos!
Care din ele?
Hiding the SSID may be a good measure, but if you have WPA2/AES you may leave it unhidden. If you have a good key, you’re safe. It’s less typing if you’re connecting with a mobile phone or other device without a comfortable keyboard.
Another good security measure is good to disallow administrative access
from the WLAN.
I also have the WRT54GL model. I set the SSID to D-Link. No reason.
@h:
You type only once. The settings are saved.
As for the SSID name, why not “Vodafone_Public”?
There’s a fine line between ergonomic and lazy. However, I manage not to cross it… and remain in the lazy zone.
It’s D-Link for the fun of letting hacker-wannabe-dumb-ass-neighbors trying to get free internet.
[...] Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point Configuring Linksys WRT54GL/G Wireless G Broadband Router as a plain Wireless LAN Access Point;nLinksys WRT54GL access point mode… Related Websites [...]
Sorry for a dumb question but what do you mean “Wireless router can also be used to connect 2 or more wireless networks”
Can I use my Linksys WRT54GL to connect to a wireless network and forward the signal further, acting like a wireless amplifier?
Hi Cris,
First of all, no questions are dumb.
Secondly, if you only want to extend the range of your wireless, opt for a Wireless Extender. Cheaper and easier to setup. No need for a second router.
In theory, you can connect another wireless network to your Linksys WRT54G router (via wireless) by installing 3rd party firmwares such as DD-WRT which enables the “Wireless Distribution System” or WDS within your Linksys WRT54GL. Make sure you do understand the performance and security limitations before going this path.
If you want your 2 networks (meaning different subnets) to be connected, the easiest way is to connect each WAN interface of the WRT54GL to a 3rd wired router (also a Linux server with multiple NICs will do) and setup the routing accordingly.
Am de 2 ani acest router, am pus dd-wrt si merge super in configuratia de AP. Singura problema a aparut recent cind am vrut sa il accesez remote din afara LANului. Router este disabled evident (ai uitat sa mentionezi pentru cei mai incepatori), valoarea portului ptr webgui a fost schimbata de la 8080, noua valoare a fost introdusa in server la iptables ptr port forwarding si totusi nu reusesc sa-l accesez.
Teoretic ar trebui sa fie asa cum spune si la help, http://adresa.ip.server:port, unde adresa.ip.server e IPul dat de provider iar port este valoarea schimbata de mine. In LAN il pot accesa fara probleme (cu adresa lui interna) dar din internet nu merge. Si ma roade pentru ca stiu ca am facut totul bine in server si in WRT54, e posibil doar sa fi uitat sa pun sau sa scot niste bife pe undeva.
Sfaturile pentru securitate sint foarte bune doar ca eu il folosesc pentru clientii terasei si securitatea e 0 (decit sa stau sa explic la blonde cum se face conectarea cu pass mai bine las secu jos).
Ce-a zis Cris voi incerca si eu sa fac si exact asta m-am gindit ca face, un extender la reteaua mea.
I have a WRT54GL router in my one ethernet-socket-student apartment. The internet connection is provided by the student union, and I have no access to the main router, it’s just like a black box, and all I have is a single ethernet socket in my apartment.
To try to make things a little better for me and my roommate I wanted to setup my Linksys router so that it works as both ethernet switch (because we have an ethernet connected IP-phone) and as a wireless access point for our two laptops. So now you know what I want to be able to do (get both wired and wireless to the internet through my WRT54GL).
The wired network works fine, I can connect both laptops and the IP-phone to that one, by turning off the WRT54GL’s DHCP server, but I don’t want the only wired network.
According to your article (and, now, my bitter experience) it doesn’t work to let the WRT54GL’s DHCP server manage the wireless since it broadcasts it’s own IP address as the default gateway (which is not the student union router’s default gateway, so that doesn’t get me to the internet), and I don’t have the option of having a server in my tiny apartment, running a dedicated DHCP server, so my most important question is:
Isn’t there a third way of getting DHCP assignments to the wireless network with broadcasting an arbitrary default gateway??
I have looked at third-party firmwares for the WRT54GL, looking for clues to whether these firmwares can do what I need, but by my (admittedly rather short) inspection it seems that either it’s too trivial to mention in the “Capabilities”-section or they just can’t.
Can you verify or debunk my theory that this is in fact possible with DD-WRT or Tomato or some other third-party firmware??
@Ari,
The quickest think to try is to set your IP/mask/DNS/Gateway manually for your wireless connection. See if that does it.