As with any network supporting different physical mediums, network bridges must exist that are capable of exchanging data between the various network types. A wireless gateway consists of a radio card and a network card (usually Ethernet). In the case of 802.11b, radios participating in the wireless network must operate in one of two modes: BSS or IBSS .
BSS stands for Basic Service Set. In this operating mode, a piece of hardware called an access point (AP) provides wireless-to-Ethernet bridging. Before gaining access to the wired network, wireless clients must first establish communications with an access point within range. Once the AP has authenticated the wireless client, it allows packets to flow between the client and the attached wired network, effectively acting as a true Layer 2 bridge, as shown in Figure 3-1. A related term, ESS (or Extended Service Set), refers to a physical subnet that contains more than one AP. In this sort of arrangement, the APs can communicate with each other to allow authenticated clients to "roam" between them, handing off IP information as the clients move about. Note that (as of this writing) there are no APs that allow roaming across networks separated by a router.
Figure 3-1. In BSS (or ESS) mode, clients must authenticate to a hardware access point before being able to access the wired network
IBSS stands for Independent Basic Service Set and is frequently referred to as ad-hoc or peerto-peer mode. In this mode, no hardware access point is required. Any network node that is within range of any other can commence communications if they agree on a few basic parameters. If one of those peers also has a wired connection to another network, it can provide access to that network. Figure 3-2 shows a model of an IBSS network.
Figure 3-2. In IBSS mode, nodes can talk to any other node in range. A node with another network connection can provide gateway servicesNote that an 802.11b radio must be set to work in either of these modes but cannot work in both simultaneously. Both modes support shared-key WEP encryption (more on that later).
3.1.1 Access Point Hardware
Access points are widely considered ideal for campus coverage. They provide a single point of entry that can be configured by a central authority. They typically allow for one or two radios per AP, theoretically supporting hundreds of simultaneous wireless users at a time. They must be configured with an ESSID (Extended Service Set ID, also known as the Network Name or WLAN Service Area ID, depending on who you talk to); it's a simple string that identifies the wireless network. Many use a client program for configuration and a simple password to protect their network settings.
Most APs also provide enhanced features, such as the following:• MAC address filtering. A client radio attempting access must have its MAC address listed on an internal table before being permitted to associate with the AP.
• Closed networks. Usually, a client can specify an ESSID of "ANY" to associate with any available network. In a closed network, the client must specify the ESSID explicitly, or it can't associate with the AP.
• External antennas.
• Continual link-quality monitoring.
• Extended logging, statistics, and performance reporting.
Other enhanced modes include dynamic WEP key management, public encryption key exchange, channel bonding, and other fun toys. Unfortunately, these extended modes are entirely manufacturer- (and model-) specific, are not covered by any established standard, and do not interoperate with other manufacturer's equipment. It should also be noted that, once a client has associated itself with an AP, there are no further restrictions imposed by the AP on what services the client can access.
APs are an ideal choice for private networks with many wireless clients that exist in a confined physical space, especially on the same physical subnet (like a business or college campus). They provide a high degree of control over who can access the wire, but they are not cheap (the average AP at this writing costs between $800 and $1000).
Another class of access point is occasionally referred to as a residential gateway. The Apple AirPort, Orinoco RG-1000, and Linksys WAP11 are popular examples of low-end APs. They are typically much less expensive than their commercial counterparts, costing between $200 and $500. Many have built-in modems, allowing for wireless-to-dialup access (which can be very handy, if Ethernet access isn't available wherever you happen to be). Most even provide Network Address Translation (NAT), DHCP, and bridging services for wireless clients. While they may not support as many simultaneous clients as a high-end AP, they can provide cheap, simple access for many applications. By configuring an inexpensive AP for bridged Ethernet mode, you can have a high degree of control over what individual clients can access on the wired network (see Section 7.6 in Chapter 7).
Despite their high cost, APs have their place in building community wireless networks. They are especially well suited to remote repeater locations, due to their ease of configuration, low power consumption (compared to a desktop or laptop PC), and lack of moving parts. We'll go into detail on how to set up an AP in Chapter 4.
3.1.2 Peer-to-Peer NetworkingIf the goal of your wireless project is to provide public access to network services, the functionality high-end APs provide will almost certainly be overkill, particularly in light of their high cost. Luckily, with IBSS mode, AP hardware is entirely optional.
Radios that are operating in IBSS mode can communicate with each other if they have the same ESSID and WEP settings. As stated earlier, a computer with an 802.11b card and another network connection (usually Ethernet or dialup) can serve as a gateway between the two networks. Add in DHCP and NAT services, and you effectively have a full-blown Internet gateway. As various free operating systems can provide these services and will run well on hardware that many people already have lying around in closets (e.g., 486 laptops and low-end Pentium systems), this mode of operation is an increasingly popular alternative to expensive APs. If you have host hardware available already, the low cost of making a gateway is very attractive (the cost of the average client radio card is $120, or about half that of a low-end AP).
What is missing from a do-it-yourself gateway? Instead of the myriad access control methods that actual APs provide, the only out-of-the-box access control you have available is WEP. As we saw earlier, a shared key does little on its own for security, and it isn't appropriate in a public network setting anyway. So how can we provide network access and still discourage abuse by anonymous wireless clients? See Chapter 5 and Chapter 7.
In Chapter 5, we'll build a Linux-based wireless gateway from scratch. In Chapter 7, we'll examine one method of extending the gateway to provide different classes of service, depending on who connects to it.