Wireless Residential Gateways

Access Points: Broad Power, Limited Agenda

Access points have never been especially large, in physical terms, and it surprises many to learn that an access point is first of all a computer, and a relatively powerful one. What keeps access points small is that their computing power is extremely focused. They do only one thing, and do it well, and do it without a lot of extra equipment. Figure 6.1 shows a very common access point, the Linksys WAP-11. It's about the size of a fat paperback book, and smaller than many dialup modems from Ye Olden Tymes.

Figure 6.1: The Linksys WAP-11: Access Point. (Photo courtesy of Linksys.)

Access points don't store a great deal of data, so they don't need hard drives, floppy drives, or CD-ROM drives. They don't communicate directly with their users very often, so they don't need keyboards, monitors, or mice. (They communicate with their users when necessary through other computers' peripherals.) They need a network interface port (or two, in the case of wireless residential gateways) and a Wi-Fi radio system. That's it.

Not having to deal with fast disk drives and (especially) video graphics allows an access point's computer to get a lot more done without having to run at 2 GHz with 512 MB of RAM in the box. Slower computers need less power and generate less heat, and can fit in smaller enclosures without fans. If you get rid of drives, video, fans, and power supplies capable of sourcing a spot welder, you can get a lot of networking done in a very small package.

That access points are general-purpose computers is borne out by the fact that the OpenAP group has written a version of the Linux operating system that runs on certain brands of access point. The OpenAP software replaces the access point's own software (called firmware, more on which shortly) and allows a lot more control over what the access point can be made to do. To learn more about this, visit the following Web site:

http://opensource.instant802.com/

OpenAP is definitely a project for serious Linux network experts, but it shows how much computing power is actually available inside a $90 access point.

Firmware

Access points are not alone in being computers beneath the covers. A covert revolution in consumer electronics has occurred in the last ten years or so (with roots going back to the 1970s) that has placed complete and fairly powerful computers inside virtually all sophisticated consumer devices. New high-definition TVs and stereo tuners are all computers at their core, as are disk-based video recorders like TiVo. What makes this a revolution is the simple fact that most of what all these gadgets do is now driven by software, and not hardware. Increasingly, the hardware is simple and cheap. The value-added in consumer electronics is mostly in the software.

In smaller devices like Wi-Fi gear, this software resides not on a hard drive but on special non-volatile memory chips, so called because they retain their contents even when power to the device is turned off. These memory chips are unlike the RAM found in your Dell or Compaq desktop or laptop computer. You'll often hear nonvolatile memory called 'flash RAM' or 'flash memory.'

Software residing in non-volatile memory isn't quite as 'soft' as software residing in ordinary RAM. This is why engineers coined the term firmware to describe software written into non-volatile memory such as flash RAM or older ROM (read-only memory) chips, and used to control the operation of 'embedded processors' hidden inside devices that are not used as general-purpose computers.

The really great thing about firmware residing in flash memory is that it can be updated. In a technology advancing as quickly as wireless networking, this is a tremendous bonus. In the old days, computer gear was obsolete almost as soon as you took it out of the box, and there was no way to add new features or fix design defects. Today, you can download a new firmware file for an access point or client adapter, and 'flash' the update into its place inside the device. Some of my Wi-Fi gear is almost as old as the 802.11b standard itself, but because I've kept its firmware upto-date, it now holds its own against brand-new gear. The Orinoco Gold PCMCIA card in my laptop now offers features that didn't even exist when it was manufactured, including crucial things like weak IV filtering (see Chapter 13). By performing firmware updates with files provided by the manufacturer without charge on their Web site, I've gotten almost three years of use out of my Wi-Fi gear, with no necessary 'end of life' in sight.

I'll explain how to perform firmware updates on your own gear a little later in this chapter.

Computer-Controlled Data Radios

An access point can be thought of as a computer-controlled data radio. I've sketched out a block diagram of a typical access point in Figure 6.2. How the functional blocks translate to chips inside actual products depends on the manufacturer, but it's been cooking down to fewer and fewer chips as competition drives manufacturers to seek lower unit costs. Dedicated Wi-Fi chipsets now dominate the industry, in which large, complex chips combine several necessary functions onto a single silicon die. The Atmel AT76C510 processor chip, used in popular products like the Linksys WAP11 access point, actually contains two independent RISC CPU units, one to handle overall device control, and another to perform continuous translation of 802.11b frames to Ethernet packets. The two work in parallel, accomplishing much more than either could do alone.

Figure 6.2: Access Point Functional Blocks.

An access point has two medium access controllers. If you recall from Chapter 2, Ethernet networking can transfer data over several different 'mediums': wire, fiber optics cable, infrared light, or microwave radio signals. A medium access controller is a type of translator that sits between a network port and the physical medium over which data is transferred, governing the passage of data between the medium and the network. It controls access to the medium, hence its name.

The really interesting (and difficult) part of an access point is the radio subsystem. The rest of the subsystems (the computer and medium access controller logic) are 'old stuff ' and well-understood. The real brilliance in Wi-Fi hardware lies in the silicon that controls the reception and generation of microwave radio energy.

Right now, a relative handful of chip manufacturers are slugging it out for dominance in the 802.11b Wi-Fi radio chipset realm. Intersil leads with its PRISM product line, with Agere and Texas Instruments having most of the rest of the market. This is significant, since much of the 'character' of a given access point proceeds from the quirks and feature set of its radio chipset. You'll hear people say things like, 'Oh, that AP uses PRISM 2,' which speaks volumes to Wi-Fi industry geeks. Power output, power consumption, noise figures, and many other radio-related things mark the difference between a so-so access point and a killer access point.

Competition is intense, and startups look for niche advantage rather than attempts to take on the market leaders with commodity products. A recent example: Marvell Semiconductor announced an all-CMOS 802.11b chipset early in 2002. CMOS uses very little power compared to competing technologies, and the Marvell chipset may make it possible to integrate Wi-Fi with hand-held devices while keeping acceptable battery life. Chip maker Atheros has chosen to compete primarily in the 5 GHz 802.11a chipset market, which is only now reaching consumers in volume.

Breakthroughs and surprises can't be predicted but can be expected. We live in very interesting times.

Command and Control

Even though access points don't have their own dedicated keyboards, displays, or mice, you still have to communicate with them. Access points come out of their boxes with reasonable default values for all their configurable options, and the good news is that in most cases you can simply plug them in, connect the cables, and be up and running.

That's also the bad news: It's so easy to make Wi-Fi gear function that many people never bother to learn how to configure their access points. 70% to 75% of access points queried by wardrivers (see Chapter 18) do not have any security enabled, and about 40% are put 'on the air' with their default SSID values intact and unchanged which is what makes it so easy for people to get access to your network. It's important to learn how to configure your Wi-Fi gear, starting with your access point or gateway.

Communication with access points is done in one of the following ways:

• A serial port or USB port in the AP connects to a mating port in a physically adjacent computer. The administrator of the AP opens a 'terminal window' or dedicated serial port utility of some kind on the adjacent computer to configure the AP. This method has a security advantage, since the person doing the configuring must have physical access to both the AP and the computer to which it is connected. However, few recent access points have this feature.

• An administrator communicates with the AP through its network port, and uses a protocol called SNMP (Simple Network Management Protocol) to query and set configuration options. The label says 'simple,' but SNMP has a serious learning curve and is really intended for use by large organizations with a multitude of networked devices to manage in some sort of coordinated fashion. Unless you already know SNMP from your work experience, there's little point in learning it to manage one or perhaps two APs.

• An administrator communicates with the AP through its network port, and connects to an internal Web server using an ordinary Web browser. This is how virtually all modern APs and gateways are configured, and the only method I'll discuss in detail here.

It surprises some people to learn than most access points contain their own Web servers. That's not difficult-a Web server is not a complex thing, and is really just a sub-program in the AP firmware.

The key issue is that any Web server must have an IP address. (See Chapter 3 for more on IP addresses.) An access point can obtain an IP address in one of two ways:

• An IP address may be preset into the access point by its manufacturer. The Linksys BEFW11S4 residential gateway comes with a default address of http://192.168.1.1. Once your AP is connected to your router (or once your gateway is connected to your primary computer and Internet connection) you can type that address into a Web browser and the unit's configuration screen will pop up in your browser, ready to work.

• The AP may request an IP address from the local network router or some other device that is running a Dynamic Host Configuration Protocol (DHCP) server. The Cisco Aironet 340 access point works this way: When it powers up, it requests an IP from the local DHCP server. (Again, see Chapter 3 for more on DHCP.) You have to inspect the local DHCP client table to find out what the IP address is, before you can enter it into a browser to begin configuration.

Many APs support both methods, but virtually all come 'out of the box' with a preset IP address. In both methods, the IP address will be a 'local' or non-routable IP address. This kind of address is local to the network, and cannot be accessed from outside of your local network. There's no reason for your AP's configuration screen to be reachable from the Internet at large (and plenty of reasons it shouldn't!) so its address is pulled from a block of IP addresses reserved for local network use. (I describe this in more detail in Chapter 3.) Most non-routable addresses you'll see used by access points and gateways are in the block 192.168.X.X.

Talking to Your Access Point

Once your network has been physically assembled, your access point or gateway will be connected via Ethernet cable to at least one computer. This is required, because configuring an access point affects its ability to operate 'over the air' and a solid connection is required to change its configuration parameters. Theoretically, you can configure an access point through its wireless link, but if you change a parameter that affects the wireless connection, you can be cut off from the access point before the job is complete.

Typically, the wired connection is through a router/switch appliance, or to the switch built into a wireless residential gateway. More on this later.

To communicate with your access point's configuration screens, do the following:

1. Bring up a Web browser on the computer with a wired connection to the access point.

2. In the browser's URL entry field, type 'http://' followed by the access point's IP address, and press Enter. The complete URL will look something like this: http://192.168.1.1. The precise URL will depend on the particular IP address.

3. Assuming you used the correct IP address, a user name/password dialog will appear. If it's the first time you've brought up the configuration screen, the dialog will respond to a default user name and password. These should be given in the product documentation. Enter the user name and password and click Enter.

4. The configuration screen will appear in the Web browser. Most such screens have tabbed interfaces with several separate subscreens containing configuration information and data fields in which configuration parameters may be entered. A typical screen is shown in Figure 6.3.

   
   Figure 6.3: A D-Link DWL-900AP+ Configuration Screen.

Alas, the documentation I've seen for low-end Wi-Fi gear is pretty sparse, and usually written so poorly it's a wonder it can still be considered English. A little later in this chapter I'll describe many of the common configuration parameters you'll have to deal with in setting up simple Wi-Fi networks. Some of the precise details may be specific to a particular make or model of access point, and for this you'll have to read carefully and perhaps experiment a little to fully understand what a parameter means.

Fortunately, the majority of configuration parameters can be left with their default values in place and don't need to be changed. For those that must be changed, I'll provide ample guidance in Chapter 9 and later chapters.