Life After AirPort -- New Wireless Base Stations
Pages: 1, 2
WEP has proven to be a relatively insecure protocol with many exploits; it also imposes a speed penalty to your wireless connection. Since I always use protocol-level security (such as SSH and SSL) for all of my network traffic that needs to be encrypted, relying upon this functionality to control client access is questionable. I would much rather ask a guest for his MAC address than give him a security key that he might assume provided adequate security for their usage.
Another problem that I found with this gateway was in its DHCP implementation. The DHCP server faithfully managed the internal IP address space of my network, but I found that it wasn't configurable enough for my needs. DHCP servers typically have the ability to give out specific IP addresses based on the Ethernet MAC address of a client. This allows my laptops to always get the same IP addresses when I am in the house, making it easier to ssh into my Mac OS X machine or to test services running on my Linux laptop. This DHCP server didn't allow me to assign specific IP addresses.
The HomeConnect gateway advertises that it logs attempts by hackers to penetrate the firewall. I was interested in this feature as I am always curious to see who may be attempting to jiggle the locks on my network. Unfortunately, when I tested this feature, I found that the logs were almost useless. The interface only presents activity that occurred during the previous few minutes, and has no capability for saving the information. Evidently it was designed under the assumption that you only need to know about hacker attempts while you are using the management tool.
The last problem that I had with the gateway was that I could only rest it flat on a horizontal surface. There were no mounting holes on the bottom of it to allow for mounting it on the wall underneath my desk. And, even if resting it flat on a horizontal surface was acceptable, the unit is designed with a hump on the top of it. This makes it impossible to stack anything else on top of the gateway.
Since I wasn't satisfied with the 3Com gateway, I decided to give the SMC Barricade a spin.
SMC Barricade
Like the 3Com product, the SMC Barricade was easy to connect up to my computers and to start up. However, the process to get the Barricade up and running with my ISP was a little less intuitive than the 3Com setup.
Instead of an initial setup process, the Barricade starts up with a default configuration that needs to be customized if your Internet connection doesn't fit its assumptions. In my case, I had to change the router so that it would not get an IP address from my ISP automatically, but would let me specify my WAN IP address settings. This is not a problem if you are pretty good with networking, but the 3Com product has an edge here.
Like the 3Com gateway, you manage the Barricade through a Web-based interface. Simply point your browser at http://192.168.123.254/ for the unit's system status. The presentation of the page is not as polished as the 3Com unit, but it is functional and informative.
|
|
As shipped from the factory, my test unit did not allow me to configure DHCP or wireless client control to the degree that I wanted to using MAC addresses. But a quick check of the SMC Website showed that a firmware update was available and added exactly the features that I wanted. After a very painless firmware update process, I was able to access screens giving me the ability to assign specific IP addresses to MAC addresses and to allow or disallow them from joining my wireless network. The only minor problem is that the HTML for the MAC Access Control pages would not work in OmniWeb (my preferred browser for Mac OS X).
|
|
In addition to the features that I required for my network setup, the SMC Barricade ships with a few other features that are interesting. The first is that it has an integrated print server. The print server serves both as a Unix lpr server (offline printing to server) and as a Windows print server.
In addition, you can have the router dial out on an external modem if the primary WAN link goes down for any reason. I have not yet configured this, but will be investigating this soon.
Just like the 3Com, it has a bulge at the top of the case which impedes the ability to stack items on top of the router, but there are screw-mounting points on the back of the case that allow the unit to be attached to a wall. It mounted like a charm to the wall underneath my desk.
Conclusion
The 3Com product is better suited for people who want easy configuration and don't have any specific requirements. My requirements are admittedly nit-picky. If you don't need this level of control, go for the ease of setup of the 3Com.
The SMC product is better suited to more advanced users who know how networks go together and are not put off by an interface that is not as polished. But when you need this level of control, go with the SMC. For my network, I kept the SMC Barricade. Needless to say, I am back in the happy zone where I can compute where I want, free of Ethernet cables.
James Duncan Davidson is a freelance author, software developer, and consultant focusing on Mac OS X, Java, XML, and open source technologies. He currently resides in San Francisco, California.
Return to the Wireless DevCenter.
Showing messages 1 through 16 of 16.
-
Base Station Repair
2003-11-06 19:19:24 anonymous2 [View]
Just let you know that the Apple AirPort recall has long since expired, but you can get your Graphite and Snow stations repaired at http://www.basestationrepair.com
-
RG-1100
2002-08-23 07:10:22 okdoky1974 [View]
I have been using this product for a few months now in various applications. I find the unit to be good in a lot of ways. With an external antenna with some gain, I can get some good distance with it. Any suggestions on how to attach a external antenna. I also use the ap500, and it works well also, allowing up to 50 users at the same time, dhcp.
Mark
-
Apple starts informal recall
2001-12-02 08:21:01 constantin [View]
I just enjoyed reading your article on your experiences with Airport, etc. I'm also happy to see that you found my instructions on how to repair internal power supply failures. Anyway, have a look back at the site... much has been added.
The recall at Apple is covered by an internal knowledge base article which is NOT accessible to non-Apple employees. Mention article #111785 when calling Apple so the folks there get up to speed on out-of-warranty ABS replacements. Apple is currently replacing the serial number range of PW940... to PW952... because this is supposed to be an isolated problem (yeah right).
Currently, only the folks in the USA, Canada, UK, Australia, and Japan are covered. Everyone else (even with the right serial number range) is SOL.
-
YAWR (yet another wireless router
2001-08-23 12:23:58 bill.weaver [View]
I tried the SMC, and experienced much the same results. However, I had one additional major requirement that the SMC would not fulfill, and that was to provide the wireless attached stations to initiate a IPSEC based VPN connection through the systems and out to the Internet. (Needed to get out to corporate network as well) As a result, I returned the SMC and investigated all of the other choices available on the retail counter of Micro Center, and Frys. The only one that would support the IPSEC was Linksys, and in fact it did support it, however, you have to download the latest software version to accomplish it. Their box claims the device will work out of the box, but when I called customer service (because it wouldn't work), they said I had to download the latest version (which they supplied) and then everything worked correctly. All of the features and capabilities similar to the SMC worked as advertised, and the capability exists to selectively permit which port and mac address you would like to enable to access the outbound feature.
More power then the average user will require, but if you need it, I highly recommend the Linksys Wireless Router/Hub combo.
bill
-
More details please!
2001-08-20 19:58:57 iyad [View]
A good article. However, I wish the author had provided more details on some of the other features and how they worked (or not) with his cross-platform environment.
In particular, I would be interested in learning whether any of the units worked with H.323 applications (eg. NetMeeting).
Also of interest is how the NAT and firewall functionality compare to Airport B.S. Currently on my base station I can forward specific ports only, while some software require a whole range of IPs to be opened or forwarded.
Finally, I'm curious as to whether the range of these base stations is identical or it varies from one vendor to another. I heard that it is possible to attach antennas to some to increase the range. This appears to require some hacking though and not as a feature of the unit.
-
SMC bridges appletalk
2001-08-18 01:58:14 kmickey [View]
I was pleasantly surprised to find out that the SMC bridges appletalk, allowing all the wireless clients to see the wired clients (and printer) and all the wired clients to see the wireless ones.
My only previous with 802.11b experience has been at my parents where my brother and I use my father's iMac as a basestation when we visit. In that case the appletalk is either wireless or wired.... it's impossible to print to his (localtalk/ethernet bridge) laserwriter from a wireless connection if the iMac is the basestation.
I love my SMC - only complaint is the range seems weak, but I suspect it's a function of the antennas in my TiBook more than the basestation. I did some very rudimentary range comparisons with my old ibook and the ibook always had a higher signal strength.
KM
-
MAC addr access control is not security
2001-08-15 12:15:40 James Duncan Davidson |
[View]
I got the following comment from a reader on the article:
"Something you might find interesting: security based on the MAC address of a PCMCIA card is not secure."
The response I sent on to them, and which I wanted to share here, is:
Yep. I was aware that it's not a bulletproof answer. Even on my Macintosh, I can set the MAC addr that my aiport card should use. However, in order to exploit this, you have to have the software to snoop the network without having joined it, determine a MAC addr in use, spoof it. The hard part is finding out the MAC addr to use. In order to do this, you aren't just trying to join the network in a normal fashion. And then as soon as you do, one of the machines with a MAC addr in use gets knocked off -- and its pretty clear to the user on the network what is happening.
The only way this is really useful is if you determine the MAC addr to use and then only use it when I'm not home. If you are doing that, then I've got much more to fear from you then you getting on my network. Stalker Alert! :)
All I'm after with using this scheme is really a way to keep my neighbors from jumping on my network segment and using my bandwidth. My neighbors aren't anywhere close to this good. :) However in case they are, even behind my NAT, I don't run anything in the clear that I care about (heavy use of SSH).
After all, this really isn't about security, but access control -- at least a decent attempt of it.
I submit that if you want real security, don't use wireless. If they are good (or evil depending on your view) enough to work around your MAC addr control and wait till you aren't home, then they probably have already found a way to break into your house (remember the range of wireless devices isn't high) and could snoop your ethernet cables as well. Or just take off with your computers and peruse you hard drive at their leisure.
-
Should Expand on Apple's Base Station Recall
2001-08-14 17:28:03 Derrick Story |
[View]
Editor's Note: Here's an e-mail that I received today about our incomplete coverage concerning the recall of Apple AirPort Base Stations.
"I read this report with interest and was disappointed to note that there was no mention that the issue with the Apple Airport Base
stations is known, and that Apple has issued a recall on base stations within the affected serial number range. As an Apple
customer who has gone through having the base station die and getting another with no hassle from them, I feel that there has been a
needless tilt to this article. It would be great if O'Reilly could get some of the facts from Apple and share them with the readers instead of leaving them hanging helplessly."
Christine Kiltz
CTO
Idea Cafe Inc.
-
Should Expand on Apple's Base Station Recall
2001-08-15 12:32:36 James Duncan Davidson |
[View]
If I had more concrete official information to pass along, I would. But like Derrick I haven't been able to find it. All I can find is posts on the web in various places that talk about a recall. In fact, the place on the web that seems to give the most complete information is linked from the article.
http://www.vonwentzel.net/ABS/Repair.html
The page behind this link even gives a serial number range of units covered by the recall.
In any case, when my base station went down and I started writing this article, there wasn't even that. And it was out of warranty, and definitely so once I popped it open and tried to fix it.
The intent of this article wasn't to continue to bemoan the loss of my trusty airport base station so much as to talk about some options in the wireless world that I researched when replacing my base station with a more feature rich solution for about the same amount of money.
-
Should Expand on Apple's Base Station Recall
2001-08-15 12:34:23 James Duncan Davidson |
[View]
In any case, when my base station went down and I started writing this article, there wasn't even that. And it was out of warranty, and definitely so once I popped it open and tried to fix it.
Erm, I meant to say "when my base station went down and I wrote the weblog before this article..."
Now if there were just an "edit your comment" button. :) -
Should Expand on Apple's Base Station Recall
2001-08-14 17:36:41 Derrick Story |
[View]
I went to the Apple support site and couldn't find any information about a Base Station recall. There was no mention of it on the AirPort Support page. Does anyone have more information on this that we can pass along?
-
airport card
2001-08-11 21:01:44 ted! [View]
I've been using an SMC Barricade since Life After Airport Part I. (I posted a comment to that article, in fact) Since then, I've returned my internal airport card to Fry's, since its range with my TiBook was so pathetic. I'm now using an Orinoco WaveLan Gold card under OS X with the open source drivers presently being developed by Rob McKeever and others (yay!). It's not feature complete yet, and it's less convenient to have to us a PC Card, but for me, the performance increase makes it worthwhile. (Btw, the standard airport drivers under OS 9 support the WaveLan card)
-ted -
airport card
2001-08-12 11:51:01 James Duncan Davidson |
[View]
I have also noticed that there are places where the TiBook doesn't perform as well with respect to wireless range as my older PowerBook G3. Usually changing the orientation of the machine helps, but there are a few places where not even that has helped me.
Interestingly enough, there are places in my house where the TiBook performs better than external cards or my PBG3. I have no reasonable explanation for this. The only thing that I can note is that the Barricade is mounted in a vertical orientation upstairs from the rest of my home and that may be setting up a favoriable environment for the TiBook's built in antenna.
Thanks for the comments!
-
Good article
2001-08-11 20:20:54 stmpjmpr [View]
I was about to go invest in an AirPort network when I read this article. My network is very similar to that of the author's, and I'll be using a Ti PowerBook, too. I was happy to see these products tested with that machine. I decided to go with the Barricade since I'd like the MAC address feature. I just ordered the stuff -- I'm looking forward to casting off my tether to the router in the back room! -
Good article
2002-08-23 07:07:47 okdoky1974 [View]
I have found the smc barricade to work very good for a lot of different features. -
Good article
2001-08-12 11:38:57 James Duncan Davidson |
[View]
Excellent! I'm glad that the article came along at the right time the help you. I
