The nice part is, all this can be done for under $300, and its all open-source! This is a great, cheap, fast, and easy way to handle guests that may be coming into your network. Below are the step-by-step guidelines for getting the initial setup going:
* Step 1 - Unbox and flash the routers. For the WRT54GL, you must use the web interface to put the initial OpenWrt image on them. (Question, why does Linksys not enable boot_wait by default?). Also, do not use the PoE adapters when flashing!
* Step 2 - Change the IP address of the routers, enable boot_wait, and set the hostname:
nvram set lan_ipaddr="10.10.10.5"
* Step 3 - Create a separate VLAN or physical network, preferably with a separate Internet connection. Put that APs on that subnet.
* Step 4 - Harden and perfomance tune OpenWrt - Remove the packages that are not required:
Disable services not required:
mv S50httpd disabled_S50httpd
mv S50telnet disabled_S50telnet
* Step 5 - Enable DHCP on each of the access points:
cat > /etc/init.d/S60dnsmasq
Now, remove the DHCP configuration from the /etc/dnsmasq.conf, and replace it with:
# enable dhcp (start,end,netmask,leasetime)
# DNS Servers
6 - Reboot the WRT54GL, make sure all is well. Now, connect the POE adapaters and place the APs where you want them.
* Step 7 - Configure Wireless - Place the access points on their respecitve channels using the command "nvram set wl0_channel=1". Ideally, you could have 3 APs, one on channel 1, 6, and 11. Now, set all of the SSIDs to the same value using the command "nvram set wl0_ssid="guestwireless".
In Part II, we will show you how to implement a captive portal for guest authentication, and maybe even how to add some further layers of security such as intrusion detection and IP filtering.