Why fiddle with subscription serial speed wireless services when you can pack your own 11Mbps broadband connection?

Photo of Lucent Wavelan card.

Lucent's Wavelan Wireless LAN Card.

The Lucent Wavelan (more recently renamed, Orinoco) card can give you a fast, secure, wireless connection that acts just like a conventional Ethernet link. If you have gone to a trade show in the last year, you've probably seen one of these funny looking cards sticking out of the side of many an excited geek's laptop.

What would make them run around and rant as if they'd just been Slashdotted? Probably the impressive technical specs:

These uber-cool devices operate in the deregulated 2.4-GHz band (just like high-end cordless phones). They work best with direct line of sight, but will operate through walls, windows, ceilings, and just about anything not made of metal. And they not only work as advertised, they work well.

Of course, you've got to get them installed first, which is unnecessarily quirky (and in some cases, outright frustrating). But fear not, we'll brave the dark forces of product re-branding and misguided Microsoft plug-and-pray together!

First, I'll tell you what equipment you need: a gateway and a wireless LAN card. Next, I'll explain how to install the drivers for the card. Then I'll focus in on installation on different platforms: Windows, Mac, and Linux. Finally, I'll talk a bit about security and encryption.

What do I need?

Obviously, if you're going to go wireless, you'll need at least two radios (just like walkie-talkies, kids). In most cases, these two radios will be

You can actually get started quickly using only two wireless LAN cards, setting them up in peer-to-peer mode. This will let you get two machines talking to each other, but unless one is also hardwired to another network (for example, the Internet), it gets dull pretty fast.

You can also ask around at work to see if someone has already set up a wireless network. If not, direct your friendly sysadmin to this article. =)

Wireless gateway. If you have an existing network and want to add wireless services to it, you have a couple of options: buy an appliance, or roll your own.

If you're interested in rolling your own, our own Schuyler Erle has written a good piece on building a wireless gateway with standard parts, titled Recipe for a Linux 802.11b Home Network.

Another way to go is with Apple Computer's AirPort system. If you have an AirPort-equipped Mac wired into your network, you can put it into "software base station" mode to serve all 802.11 cards, regardless of platform. To find out how to do this, read Derrick Story's article, Connecting PCs to Apple's Wireless Airport.

Other manufacturers are also rushing to provide cheap "residential gateways." You can buy one from Cisco, Apple or Lucent (actually, its 802.11 subsidiary, Agere) for anywhere from $200 to $1,000.

Wireless LAN card. As you've probably guessed from the title of this article, we're working with Lucent wireless cards. Lucent originally launched it as the WaveLan Turbo 11Mb PC Card. I have also seen it listed as the WaveLan 11 Mbps Turbo IEEE 802.11. Evidently, neither of these names were sexy enough, so they've changed it to the Orinoco PC card. Ah, that's so much clearer.

To cloud the issue further, you'll see references to the Silver and Gold varieties. What's the difference? Encryption method. The Silver cards support the 802.11b standard 40-bit WEP method, while the Gold cards offer a 104-bit (hashed up to 128-bit) RC4. As using the latter breaks compatibility with anything but another Lucent Gold card, and some doubts have been cast on the actual security provided by WEP, the cheaper Silver card seems to make the most sense.

As if all that weren't enough, the 802.11b division of Lucent is now calling itself 'Agere', and has started shipping the Gold and Silver cards with a Blue label. I suppose a bit of consistency is too much to ask. Yes, these are the same exact hardware, with a brand new sticker. I suppose it gave their Marketing department something to do...

Despite all of the repositioning and rebranding, I still like this gear because it's one of the few remaining cards that still sport an external antenna connector. In the following examples, I'll assume that we already have a gateway setup and that we'll be installing a WaveLan card in a laptop.

Installing the drivers

Warning: This process was obviously designed by engineers.

The driver for these cards is in two parts:

  • the actual client software that you install on your PC, and
  • the firmware that resides on the card itself.

Every card I have encountered is out of date, as shipped from the factory. As of early April 2001, the current firmware revision is 7.28, and you'll need that to get it working with the current drivers (and to support encryption). You'll also need to flash the cards before installing them in an access point.

Fortunately, you can re-flash the card with new firmware as many times as you like. Unfortunately, you'll need a Windows machine to do it (no, VMWare doesn't cut it, and you should preferably be running Win9x.) They don't support flashing the firmware from Linux, and trying it in Win2k is a nightmare. Trust me.

Here's one way to update the firmware:

First, install the software driver on your client machine, before you insert the wireless LAN card. What if you already inserted the card before reading this? Don't panic: it just installed the wrong driver. Leave the card in, and follow the directions below, with one change: when I tell you to insert the card, instead

  • go to Start -> Settings -> Control Panel -> System -> Device Manager,
  • find the WaveLan card (it's probably a yellow question mark device),
  • click Properties,
  • select the Driver tab, and
  • click "Update Driver."
  • Now, you'll follow directions next time, won't you? =)

With that behind us, here's the recipe for installing the software:

  • Download the current drivers for Win9x from Lucent (see references below).
  • Run the installer, and it will unpack a bunch of stuff into the directory of your choice. (Get rid of that ridiculous c:\windows\temp entry and type in c:\wavelan.)
  • Click Unzip.
  • Once that's finished, open up the c:\wavelan directory and you should see a couple of folders under it: Cl_Mgr and Firmware.
  • Go into Cl_Mgr and run Setup. It will complain that a driver isn't installed; just ignore it.
  • Now, insert the card. When it asks for an updated driver, point it at c:\wavelan. It should install just fine, and then bring up the Wireless Profile screen. Just click close. It usually then asks you to reboot. Do so, leaving the card inserted.

Now, when the system comes up, you should have a little signal strength indicator in the lower right. It will look broken (as we haven't flashed the card yet).

Flashing the card

Go into c:\wavelan\firmware and run wsu10606.exe. It will display a nice little window, with the current firmware revision that it detects on your card. Click Update to flash it to the current rev. Be warned that, should you lose power in the next five seconds, you've probably just turned your nifty little radio card into a coaster. Just make sure you're on AC power (or have a decent charge left on your laptop) before you attempt this.

That's it! You should probably reboot for good measure, and then your card is ready to use. And the added bonus is that now your PC can flash as many cards as you like, without going through all of the above again!

Using the flashed card

Once you've flashed the card to the current firmware, you can use it in any machine with current Wavelan drivers. If your primary box is Win9x, you're ready! Feel free to skip ahead to the Security section. If you're on another platform, read on for details on installing in Windows 2000, Macintosh or Linux operating systems.

Windows 2000

Download and unpack the current drivers from Lucent as above. Go into c:\wavelan\cl_mgr and run the setup. Insert the properly re-flashed card. What's this? Windows automatically finds a driver and installs it for you without asking (or, indeed, allowing any user intervention)? Absolutely astounding.

Unfortunately, as with most magic, what goes on behind the scenes is tremendously complex. The fact that it's hidden from you makes it magic. And, as with any complex system, things can go spectacularly wrong if you're not careful.

It just so happens that the drivers it installed are the Microsoft WaveLan drivers, which do not support encryption. Sigh.

Go to Start -> Settings -> Control Panel -> System. Click the Device Manager tab, and find the WaveLan card (it will look like an Ethernet adapter.) Click Properties, then the Driver tab. Click Update Driver. Point it at c:\wavelan. It will probably make you reboot (I thought this was plug-and-play?). Do it. You should then have a happy signal strength meter on your taskbar when the system comes back.

See Lucent's .pdf documentation for the Windows NT installation; it actually works as advertised. And don't forget to flash that card!

Mac installation

Get an AirPort card from Apple and insert it. Make sure you plug the antenna wire into the card. (Macs have the antenna embedded in the computer's casing so that it's hidden from view.) Now all you have to do is run the AirPort Setup Assistant and launch the software. There, that wasn't so bad, now was it? =) If you have any problems, visit Apple's Airport Tech Support area.

Linux installation

The driver you'll want to use depends on the kernel you're running. For kernels up to and including 2.4.2, use the wvlan_cs driver that is bundled with pcmcia-cs. For 2.4.3, you can (and should) use the new orinoco_cs driver. A backport to pcmcia-cs is in the works for orinico_cs, but isn't out at the time that I'm writing this.

Note that Lucent (er, Agere) also puts out its own driver, called wavelan2_cs. This driver is freely available from the ORiNOCO website, but doesn't come with the full source code. Use this driver at your own risk. I've been using the above Open Source drivers for quite a while now with no trouble whatsoever.

Here's how to install the wvlan_cs driver, with works with the Linux kernel up to and including 2.4.2.

  • If you're running a 2.4 kernel, disable pcmcia drivers in it and install the new kernel. We'll be using the external pcmcia-cs package instead.
  • While we're on the topic of kernels, make sure 'Wireless LAN (non-hamradio)' is enabled in your kernel, or you won't get statistics from /proc/net/wireless.
  • Download pcmcia-cs 3.1.25.
  • Unpack it.
  • Run make config, and answer the questions (I usually build it with trusting drivers off, CardBus enabled, and PnP off.
  • Run make all; make install.
  • Either /etc/rc.d/init.d/pcmcia restart, or simply reboot.

If you want to use Lucent's orinico_cs driver (for Linux 2.4.3 or better), here's how you do it:

  • Download the 2.4.3 kernel.
  • Download the Wirelesss v11 patch and hermes.conf
  • Copy 'hermes.conf' into /etc/pcmcia
  • Unpack the kernel source, and cd into it.
  • Copy the wireless patch into the unpacked kernel tree
  • Apply the patch:
    # patch -p1 < wireless.v11.diff

    You should see something like the following:

        patching file include/linux/wireless.h
        patching file drivers/net/wavelan.c
        patching file drivers/net/pcmcia/wavelan_cs.c
        patching file drivers/net/pcmcia/netwave_cs.c
        patching file drivers/net/pcmcia/ray_cs.c
        patching file drivers/net/pcmcia/hermes.h
        patching file drivers/net/pcmcia/orinoco_cs.c

    You might also see a couple of lines like:

    Hunk #1 succeeded at 2239 (offset 6 lines).

    This is normal, especially if you're not patching against a clean 2.4.3 source tree. It means that patch noticed some minor differences but was able to continue without any serious trouble.

    If you see anything like this,

    Hunk #1 FAILED at 2028

    stop and check your work. You are probably in the wrong directory (usually /usr/src/linux), or maybe you forgot the -p1 switch above. Or you might be using the wrong kernel rev (you are in the 2.4.3 source tree, right?), or else you've got a heavily patched kernel (and probably don't need to be reading this!)

  • If you've built your existing kernel from sources, copy its .config file into the 2.4.3 source tree, and run make oldconfig. Answer the outstanding configuration questions.
  • Now run make menuconfig (or make xconfig, if you prefer, and have tcl/tk installed) and make sure the following are checked:
    • Under "General setup", make sure "PCMCIA/CardBus support" (and your bridge chipset, probably i82365) are enabled.
    • Under "Network device support", enable "Wireless LAN (non-hamradio)", PCMCIA Network device support -> Pcmcia Wireless LAN -> "Hermes support (Orinoco/WavelanIEEE/PrismII/Symbol 802.11b cards)", and any other network devices you'd like support for.
  • Build your kernel and modules:
        # make dep; make clean; make bzImage; make modules; make modules_install

    ...and install the new kernel (usually, editing /etc/lilo.conf and running lilo is in order here.) Reboot and try out your new kernel.

Finally, install the new wireless tools v21. A simple make; make install should suffice. You should also install the man pages (a cp *.8 /usr/local/man/man8 is quick and usually effective.)

Now that your driver and tools are installed, it's on to configuration.

All configuration of the driver is done in /etc/pcmcia/wireless.opts. Be sure to comment out any default *,*,*,*) entry, and add one like this:

    INFO="Wavelan at home"

This tells the driver to call your network MyHomeNet, and put it into Ad-hoc (a/k/a IBSS, or peer-to-peer) mode, with a secret key of QuIeT. It also gives it a scheme name of home, so you could presumably setup another one for work with completely different settings, and switch between them by issuing the cardctl scheme work or cardctl scheme home command as root.

What is all this about secret keys? Read on.


Hooray! You're now ready for non-encrypted communications. Anyone in range can now effortlessly log everything you do online (in many cases, from a couple of miles away!).

Wanna encrypt? Read on.


The Lucent Silver and Gold cards support link-level encryption. Why encrypt? Anything that is sent via radio without encryption is "in the clear." This means that anybody with similar equipment can eavesdrop on your conversation, log data, potentially disrupt your communications, and even hijack your connection.

The 802.11b specification allows for encryption and MAC-based access control. Together, these are referred to as WEP, or Wired Equivalent Privacy. The encryption it employs is a 40-bit shared-key RC4 PRNG algorithm from RSA Data Security. Most cards that talk 802.11b (the WaveLan cards, Mac Airport, Cisco Aironet, to name a few) will support this encryption standard.

There are a couple of big points to worth mentioning here.

  • The encryption provided happens at the link layer, not at the application layer. This means that your communications are protected up to the access point, but no further. Once it hits the wire, your packets are in the clear, and the regular warnings about sending passwords and sensitive information over untrustworthy networks still apply. Always use application layer encryption (such as SSH, SSL, a virtual private network, anything) rather than send sensitive data over the network!
  • There have been a couple of reports (see references below) that WEP may be easily crackable with a moderate amount of hardware and effort. While a full discussion of these implications is well beyond the scope of this introduction, only allowing SSH or VPN traffic on your gateway and firewalling it off will go a long way toward preventing unwanted access. Of course, too much paranoia results in a network that is so secure it's impossible to use (and therefore, no one uses it). Let's just leave it there for now; you've been warned.

When not to use encryption


Recipe for an 802.11b Home Network

Connecting PCs to Apple's Wireless Airport

Personal Area Network: A Bluetooth Primer

Affordable Wireless LAN Using Airport

Wireless News - from Meerkat

Previous Features

More from the Wireless DevCenter

At large gatherings (like a Conference or other meeting) where open Net access is permitted, it's unfeasible to distribute an encryption key to every attendant. And it wouldn't help much anyway, as everyone would know the key!

In these settings, it makes sense to allow traffic with no encryption. This has an added benefit of allowing many more types of wireless cards to participate. It is safest to assume that any network you use is hostile and being monitored. Always use secure protocols (like SSH or SSL) to protect yourself, with or without a wire.

Enabling encryption under Windows

Double-click the strength meter on the taskbar and select Actions -> Add/Edit Configuration Profile. Alternatively, go to Start -> Settings -> Control Panel -> Wireless Network. These are profiles you can set up to quickly choose between available network settings. I usually set up at least two, one for conferences (unencrypted, grab any network) and another for work (encrypted, and on a specific network).

Name the first profile Conferences and click Edit Profile. Under Network Name, type ANY. Click OK.

Now select the next radio button down, and name this one Work. Edit the profile, and under Network Name, either type ANY (to enable roaming to any available network) or type in the name of your wireless network, as provided by your friendly local sysadmin. Click the Encryption tab. Check the Enable Data Security box, and type in the proper password in the Key 1 box. Again, contact your local sysadmin for details. Click OK.

Now you can always come back to this window and select one radio box or the other to enable or disable encryption. Note that the password must be exactly 5 characters long (for 40-bit WEP). It will complain if your password is the wrong length.

Enabling encryption under Linux

Remember that KEY= line in /etc/pcmcia/wireless.opts? That's where the WEP keys get set. Just prepend your key with an s: (short for String, as opposed to Hexcode) and away you go. Again, remember that it must be exactly 5 characters long (cAsE sEnSiTiVe) for 40-bit WEP encryption.

You can also manipulate the encryption key, power settings, and virtually any other aspect of wireless communications with the iwconfig command. Be sure to at least check out the man pages for iwconfig and iwspy; they're worth a read.

Enabling encryption on the Mac

The driver will automatically determine if encryption is enabled on your local access point. If it is, it will prompt you for the password. Enter it, and have fun. Keep in mind that the Mac Airport cards support 40-bit WEP only.

Parting shots

Don't waste your time fiddling with modem-quality pay services to get online. Set up your own private, encrypted, inexpensive wireless network and get yourself (your friends, your neighborhood, your universe) connected.

Additional Info and References


Recipe for an 802.11b Home Network

Connecting PCs to Apple's Wireless Airport

Personal Area Network: A Bluetooth Primer

Affordable Wireless LAN Using Airport

Wireless News - from Meerkat

Return to the Wireless DevCenter.