One feature that is in high demand (among users trying to go for distance) is the ability to bridge over the air to another access point. Allegedly, the Intel 2011 can do AP-to-AP bridging (as can the Linksys WAP11 after a firmware upgrade). But reports from the field seem to indicate shaky performance at best, as of this writing. Normally, APs don't talk to each other over the air; they're designed to talk to client cards. So on a long distance point-topoint link, you'll need to either use a client PC router to talk to an AP or use two routers in IBSS mode (with no AP). See the information in Section 7.1 in Chapter 7 if you're interested in long-distance point-to-point links. By the time this book makes it to press, the manufacturers should have their firmware in better shape (we hope).
You should also seriously consider how to fit APs into your existing wired network. Even with WEP encryption and other access control methods in effect, AP security is far from perfect. Because an access point is, by definition, within range of all wireless users, every user associated with your access point can see the traffic of every other user. Unless otherwise protected with application layer encryption, all email, web traffic, and other data is easily readable by anyone running protocol analysis tools such as tcpdump or ethereal. As we saw in Chapter 3, relying on WEP alone to keep people out of your network may not be enough protection against a determined black hat.
In terms of establishing a community network, access points do provide one absolutely critical service: they are an easy, standard, and inexpensive tool for getting wireless devices connected to a wired network. Once the wireless traffic hits the wire, it can be routed and manipulated just like any other network traffic, but it has to get there first.
Wireless access points that are on the consumer market today were designed to connect a small group of trusted people to a wired network and lock out everyone else. The access control methods implemented in the APs reflect this philosophy, and if that is how you intend to use the gear, it should work very well for you. For example, suppose you want to share wireless network access with your neighbor but not with the rest of the block. You could decide on a mutual private WEP key and private ESSID and keep them a secret between you. Because you presumably trust your neighbor, this arrangement could work for both of you. You could even make a list of all of the radios that you intend to use on the network and limit the access point to only allow them to associate. This would require more administrative overhead, as one of you would have to make changes to the AP each time you wanted to add another device, but it would further limit who could access your wireless network.
While a shared secret WEP key and static table of hardware MAC addresses may be practical for a home or small office, these access control methods don't make sense in a public access setting. If you intend to offer network services to your local area, this "all or nothing" access control method is unusable. As we'll see in Chapter 7, it may be more practical to let everyone associate with your access point and use other methods for identifying users and granting further access. These services take place beyond the AP itself, namely, at a router that the AP is directly connected to (see the captive portal discussion in Chapter 7). Such an arrangement requires a bit more equipment and effort to get started, but it can support hundreds of people across any number of cooperative wireless nodes with very little administrative overhead.
Before we get too fancy, we have to understand how to configure an access point. Let's take a look at how to set up a very popular access point, the Apple AirPort.