Changes

From Security Weekly Wiki
Jump to navigationJump to search
307 bytes added ,  15:34, 3 July 2007
no edit summary
The nice part is, all this can be done for under $300, and its all open-source! This is a great, cheap, fast, and easy way to handle guests that may be coming into your network. Below are the step-by-step guidelines for getting the initial setup going:
* '''Step 1 ''' - Unbox and flash the routers. For the WRT54GL, you must use the web interface to put the initial OpenWrt image on them. (Question, why does Linksys not enable boot_wait by default?). Also, do not use the PoE adapters when flashing!
* '''Step 2 ''' - Change the IP address of the routers, enable boot_wait, and set the hostname:
'''<pre>
nvram set lan_ipaddr="10.10.10.5"
* Step 3 - Create a separate VLAN or physical network, preferably with a separate Internet connection. Put that APs on that subnet.
* '''Step 4 ''' - Harden and perfomance tune OpenWrt - Remove the packages that are not required:
'''<pre>
Disable services not required:
'''<pre>
cd /etc/init.d
mv S50httpd disabled_S50httpd
mv S50telnet disabled_S50telnet
</pre>'''
* '''Step 5 ''' - Enable DHCP on each of the access points:
'''<pre>
cat > /etc/init.d/S60dnsmasq
#! /bin/ash
<CRTL-D>
</pre>'''
Now, remove the DHCP configuration from the /etc/dnsmasq.conf, and replace it with:
'''<pre>
# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
# DNS Servers
dhcp-option=6,192.168.10.6,192.168.10.7
</pre>'''
* '''Step 6''' - Reboot the WRT54GL, make sure all is well. Now, connect the POE adapaters and place the APs where you want them.
* '''Step 6 7''' - Configure Wireless - Reboot Place the WRT54GLaccess points on their respecitve channels using the command "'''nvram set wl0_channel=1'''". Ideally, make sure all is wellyou could have 3 APs, one on channel 1, 6, and 11. Now, connect set all of the POE adapaters and place SSIDs to the same value using the APs where you want themcommand "'''nvram set wl0_ssid="guestwireless'''".
* Step 7 - Configure Wireless - Place You should now be able to associate to the given SSID. Which access points point you associate with will depend heavily on their respecitve channels using the command "nvram set wl0_channel=1". Ideally, wireless driver that you could have 3 APs, one on channel 1, 6are using, and 11. Now, set all of the SSIDs to the same value using the command "nvram set wl0_ssid="guestwireless"other factors that require too much math.
In Part II, we will show you how to implement a captive portal for guest authentication, and maybe even how to add some further layers of security such as intrusion detection and IP filtering.
2,337

edits

Navigation menu