6.1 Hardware

As we mentioned, building an access point can be a useful way to resurrect old PC hardware you may have sitting around. Depending on where you want to install it, you can leave it in that old bulky case or dress it up with a spiffy waterproof case and install it outside.

One of the wireless routing nodes we built for the NoCat network (http://nocat.net) in Sonoma County, California, is a beige Macintosh G3/266 desktop machine. It runs Yellow Dog Linux and has two PCI-PCMCIA converters and two Agere Orinoco Silver 802.11b radio cards. An odd choice, you might think ”but we had the hardware and it has already functioned as a wireless router for over a year as of this writing.

There are a few things you'll want to keep in mind when deciding whether any given hardware is right for building an access point:

Processor speed

While it might seem nostalgic to consider using a 386 or a non-PowerPC Mac for your access point project, these machines are so slow and old that it can be painful running Linux on them. Once you do, they don't have the horsepower to do many neat Linux tricks such as firewalling. Anything faster than a 486/33 is able to act as an access point with little trouble.

Support

Older PCs can certainly be made into access points. Bear in mind, though, that you must dig up such ancient artifacts as ISA network cards and SIMM memory. If you need to build on the cheap, this can be the way to go, but all hardware ages and fails sooner or later. If you want reliability, you might want to think about newer hardware. There's also the issue of relying on a PC with a spinning hard disk inside ”they will fail, often when you really need them.

Standardization

You might be expanding a larger network rather than just installing an access point in your closet. If you build more than one access point for whatever reason, you've just crossed over into the zone of network administration. In this world, standard hardware is the norm, because you can keep single types of replacement hardware on hand, and if you're in a multisite network, it means that everyone who's responsible is familiar with the same hardware.

Power

Depending on where you want to locate your access point, you must consider power requirements. Do you really want a noisy old 486-power supply fan blowing in your closet? One alternative is to consider DC- powered devices, which range from a dedicated embedded PC to an off-the-shelf access point.

Ports

In a nutshell , does the hardware you're considering have all the right ports? Does it have onboard Ethernet, or do you need to add a network card? If you add that network card, do you have room for a radio card? Are there enough memory slots? Does it have a serial interface for a console? Do you need a console?

6.1.1 Recycled Hardware

The first thing you should consider is whether you have any old PC hardware sitting around that can be dusted off, turned on, and made into a Linux-powered access point. If you're on a budget, this may be one of the cheapest solutions, but this depends on what hardware you have, and what you want to use it for.

At a minimum, your hardware should be able to accommodate a Wi-Fi card and an Ethernet card. As we've discussed already, you should not consider using anything slower than a 486/33 processor. Additionally, if you have old Macintosh hardware available, you can easily run Linux on systems such as a PowerMac 8500/120. It's also possible to run Linux on the first generation of PowerMacs, but their motherboard are expandable only with NuBus interface cards, so you're not going to find a radio for these models.

How much memory you need depends on what distribution you decide to run. If you choose to boot your system in read-only mode from a CD or Compact Flash (CF) RAM, and use one of the custom distributions designed specifically to be small, 16-32 MB of RAM will suffice. More RAM is always better, of course, and if you plan on doing anything memory- intensive , such as web caching or intrusion detection, you'll want at least 128 MB.

The beauty of using your own or buying used hardware is that you need very few components to build a working system:

• Motherboard

• Memory

• Processor

• Power supply

• Bootable media drive: hard disk, CD, CF

• Ethernet card

• Radio card

All the other components you'd usually find on a regular PC are optional. A case is nice to keep dust off, but a box or a large Rubbermaid container works just as well. You need a video card, keyboard, monitor, and ( optionally ) a mouse for installation, but once the access point is operational, you can boot without them. If your hardware is really old, it may not support booting without a keyboard. Check the options in your BIOS to see if it will ignore a missing keyboard on boot.

All of the extraneous items that are in any old PCs can probably be removed: floppy drives , sound cards, modems, and anything else not on the list above should all be taken out. You don't need them.

Another option that you should consider is an old laptop PC. The key concern here is PCMCIA slots. You want at least two of them, unless the laptop has a built-in Ethernet port, which you probably won't find in older laptops. The beauty of a used laptop is that they are inexpensive, especially if the LCD screen is dead (which you don't need!). As long as it has an external video adapter or even a serial port that can be used as a console, you should be set.

6.1.2 Small Board and Embedded PCs

So you don't have any used hardware sitting around that is suitable for building an access point, or you want to build a small unit that might be placed in a location where using a full- size PC is impractical , such as mounting it in a waterproof enclosure or installing it on your roof with a directional antenna.

However, an outdoor enclosure is only one reason you might want to think small. Power consumption, noise levels, and available space are all good reasons to consider a small board or embedded computer system for building your access point. Be warned , however: building one of these systems from the ground up may cost you at least $400.

Your options in this arena range from custom-designed embedded PCs specifically built for communications and networking to tiny PC motherboards that use the Mini-ITX form factor and measure only 17 x 17 centimeters. Some of the more popular options include:

Soekris (http://www.soekris.com)

Packaged in a green metal case that is improbably the color of a refrigerator from the early 1970s, the Soekris motherboards are a popular choice with do-it-yourself networkers . Soren Kristensen has designed and built several custom motherboards based on the x86 architecture, and as of this writing, he has four different models available for single purchase or bulk quantities . All of the Soekris units are DC-powered and wired to support Power Over Ethernet. In addition, all units have a serial console port.

The net4801 is the newest addition to the Soekris line. It is powered by a 266 MHz GEODE Pentium-class processor. It sports three 10/100 Ethernet ports, a CF slot, both MiniPCI and PCI slots, and up to 256 MB of RAM soldered on board. See Figure 6-1 for a detailed picture. As of this writing, in single quantities a board and case will cost you $265.

If you need PCMCIA support, you'll want to look at the net4521. It's a different form factor, because the PCMCIA slots are positioned side-by-side rather than over-under as in most laptops. The net4521 has a 133 MHz AMD ELAN processor, which is equivalent inside to a 486. It has two 10/100 Ethernet ports, a CF slot, a MiniPCI slot, and up to 64 MB of RAM soldered on board. See Figure 6-2. A board and case will cost you $235.

Figure 6-1. The Soekris net4801 embedded PC

Figure 6-2. The Soekris net4521 embedded PC

BARWN outdoor routers

BARWN is the Bay Area Research Wireless Network. Tim Pozar and Matt Peterson have created BARWN, which has some interesting research projects, including an easy-to-build outdoor wireless router.

At the time this idea was conceived, few commercial products were available that fit the needs of an outdoor weatherproof design. To this date, not many products are available that also allow you to run a Linux or BSD operating system on the wireless router, and have it mounted outside.

The BARWN guys put together a white paper based on Matt Peterson's initial prototype of an outdoor router, and that white paper is available at http://www.barwn.org.

One fine, sunny day in May 2003, several interested groups of people converged at Tim Pozar's house in San Francisco to assemble 30 or so of these outdoor routers. It was a messy job, because three holes had to be drilled in each box, and those holes then had to be filed and sanded so that barrel connectors and RJ-45 twist-lock connectors could be inserted.

Figure 6-3 shows a completed installation with the Soekris net4521 mounted inside a weatherproof box.

Figure 6-4 shows one of these boxes in action on San Bruno Mountain south of San Francisco, as part of the BARWN network.

Figure 6-3. Completed BARWN Outdoor Router

Figure 6-4. A BARWN Outdoor Router in action

OpenBrick (http://www.openbrick.org)

The OpenBrick is a hybrid, a cross between a custom-designed embedded PC and one of the Mini-ITX motherboards. It's designed to be a very small server or act as a workstation, so it has onboard video, keyboard and mouse connectors, serial ports, USB ports, onboard sound, and a Small Form Factor (SFF) IDE connector for a 2.5-inch laptop hard drive.

However, it does run on DC power, and it features a single PCMCIA slot, onboard 10/100 Ethernet and a CF slot. It comes standard with 128 MB of RAM and is powered by a 300 MHz fanless Geode processor. Figure 6-5 shows the back of an OpenBrick. As of this writing, an OpenBrick will set you back a cool $360.

A newer model, the OpenBrick/E, is powered by a Via C3 533 MHz processor and features three Ethernet ports, but has no PCMCIA or PCI bus slots, which makes it less useful for building an access point.

Figure 6-5. The OpenBrick

Via Mini-ITX PCs (http://www.viavpsd.com)

Via developed the Mini-ITX format, which defines a motherboard of 17 x 17 centimeters. It offers a range of motherboards in the EPIA line, with processor speeds from 500 MHz to 1 GHz. They are intended to be general-purpose PC workstations, so they come with a wide array of features: onboard Ethernet, video, sound, USB, FireWire, IDE interface, and a single PCI slot.

The Via motherboards can all be powered by an external DC adapter if you wish, but their power requirements are such that adapting them for use with Power Over Ethernet is not advised. You can simply boot from a standard IDE hard disk, or if you are using a CF-to-IDE adapter, boot a Via (or any PC) from a CF card. (See Section 6.1.3 later in this chapter.)

If you want a silent unit, make sure that the EPIA motherboard you buy is powered by the Eden ESP processor. This is a low-power processor that requires cooling only from a heatsink instead of a processor fan. The Via C3 processors are available at higher clock speeds, but they require a fan.

Older models of the EPIA M motherboards are widely available, and you can find them with 500 MHz Eden processors. If you buy them on eBay, these motherboards can be purchased for as little as $50. If you buy them new, they are pretty easy to find for $100.

Via's newest EPIA motherboard is the EPIA MII, which seems to be designed specifically for our purposes. Not only does it have a fanless Eden processor, it features a PCI slot, a CardBus slot, and a CF slot. All you need to build an access point with this motherboard is a power supply, memory, radio card, and CF card. As of this writing, the MII can be purchased at http://www.mini-itx.com for $218. Figure 6-6 shows the MII motherboard in detail.

Figure 6-6. The Via EPIA MII motherboard

There are many other embedded PC designs on the market. One example is the PC-104 motherboard standard, which is commonly used for industrial applications. However, obtaining PC-104 boards in small quantities is very expensive. The motherboards offer low performance compared to the other options we've already discussed, and the cost alone is prohibitive.

6.1.3 Bootable Media

Your new custom access point will run a general-purpose operating system rather than a custom operating system designed for embedded processors, so you will need a bootable media device.

There's nothing wrong with using a hard disk. After all, they are inexpensive and reliable, and if you're using recycled hardware, you probably already have one. Hard disks have their own set of problems, however. They are mechanical devices, with limits to the temperature and humidity that they can withstand. They generate noise, draw a fair amount of power, and are fragile. Mechanical devices, no matter how well-designed, are going to fail eventually. If your access point needs to be small and quiet, or needs to run on Power Over Ethernet or be installed outside, you should consider other bootable media options.

A CD drive shares some of the same caveats as a hard disk. It's a mechanical device, it isn't suited to run at high temperatures , and it is fragile. The cost for generic CD drives is very low; they can be purchased new for less than $30. Again, if you have recycled hardware, you may already have a spare unit.

Using a CD as bootable media is advantageous because the device is read-only. This makes it rather resistant to malicious hackers, because system files cannot be changed without physical access to the machine. This is also a disadvantage , because making configuration changes is rather difficult, and any configuration you do change won't be saved if you need to reboot. There are several Linux distributions specifically built to boot from a CD, and we discuss them in Section 6.2.

A third option is to skip using bootable media altogether and boot your device from the network. Several of the small board PCs support Preboot eXecution Environment (PXE), which is a technology developed by Intel. You can find out more on PXE at the following link: http://www.intel.com/labs/manage/wfm/wfmspecs.htm. Most PCs sold since 1999 support PXE booting in their BIOS.

PXE allows you to tell a device that it will obtain booting information from another device attached to a network. In practice, this works only on a wired network, because PXE is designed for Ethernet cards. A PXE boot over a wireless network would require wireless drivers to be built into a device BIOS. You would then have to set up a PXE boot server, which answers requests from PXE boot clients and feeds them the code necessary to start up. This is a pretty advanced setup. You can get tutorials on how to set up PXE here: http://www.kegel.com/linux/pxe.html.

Your last option, and one that we recommend, is to use flash RAM as the boot device. While PCMCIA flash cards are available, they tend to be expensive and are not as widely available as the CF cards. CF cards are now available in sizes up to 1 GB of storage. Several of the motherboards that we discussed earlier have CF slots included. 128 MB cards can be found for less than $40, and 256 MB cards can be found for under $50.

Compact Flash cards have many advantages. While they aren't nearly as cost-effective as a hard disk, they are tiny, lightweight, consume almost no power, can operate in high-temperature conditions, and can be dropped with no consequence. They can be rewritten many thousands of times. However, CF cards can eventually be written too many times, but you can avoid this by using a Linux distribution that mounts the CF as read-only. We cover how to do this later in the chapter.

It's even possible to use CF cards on any system that has IDE connectors on the motherboard by utilizing a CF-IDE adapter card. These devices have a slot for the CF card, an IDE connector, and a power connector. You attach the adapter to the IDE bus on your PC with a standard IDE cable. The CF card should appear to your PCs BIOS as a standard IDE device.

A great source for CF-IDE adapters is Mesa Electronics. You can find a whole range of adapters on its web page, including adapters for Smart Media cards and Memory Sticks, and other small flash cards that are widely available. Check out http://www.mesanet.com/diskcardinfo.html for more details on the cards it offers. Figure 6-7 shows the model CFADPT1, which has both IDE and SFF-IDE connectors.

Figure 6-7. CF-IDE adapter

The CF-IDE adapters from Mesa are something to consider if you want to build an access point from an old laptop. Suppose you have a Pentium-based laptop with two PCMCIA slots. You will need one slot for a radio card and the other for an Ethernet card. Mesa's adapters have an SFF-IDE connector for the small-form IDE cable that laptops use, so you can boot your laptop from CF. Mesa also sells the SFF IDE cables, which can be hard to find in retail outlets.

6.1.4 Radio Cards

In Chapter 2, we covered all the steps you would need to get a number of different wireless cards working with various Linux distributions. We showed you how to use the Wireless Tools to change operating modes of your radio card.

Most 802.11 Linux card drivers support at least two modes: client (Infrastructure) Mode, also called managed mode by the Wireless Tools, and ad-hoc mode. Some cards and their drivers support a third monitor mode, which we discussed in Chapter 3. There is a fourth mode, master mode, that is of prime importance when building your own access point.

6.1.4.1 Master mode

A commercial access point has multiple functions. Not only does it have an 802.11 radio of some kind, but it also functions as the Master of any client radio that connects to it in Infrastructure mode. The access point broadcasts beacon frames , which advertise the SSID of the access point to clients. Once a client associates with an access point, the access point manages all radio communication. When multiple clients associate with an access point, the access point follows a set of algorithms to control radio traffic.

These access points usually have a separate onboard chipset that provides the additional functionality besides the 802.11 radio, or the radio card inside the access point is loaded with tertiary firmware, which gives the card access point capability.

In our case, we can't rely on custom chipsets to provide access point functionality to our radio cards. Depending on your particular radio card, the tertiary firmware may be an option. We discuss the ins and outs of flashing tertiary firmware to your radio card in Section 6.2.

So where does that leave us? There are at least two types of chipsets and associated drivers that allow the use of master mode in the driver:

• Prism 2/2.5/3-based radio cards with the HostAP driver

• Atheros-based radio cards with the Madwifi driver

When set to master mode, these cards do not actually provide a full 802.11 access point. They only broadcast the beacon frames that advertise an access point to clients. The HostAP and Madwifi drivers actually take care of the 802.11 management functionality that would otherwise require a separate chipset or tertiary firmware.

In addition, if you have a Lucent WaveLAN IEEE/Orinoco/Agere 802.11b radio card, there are a couple of options you can use to have your card act as an access point. The HermesAP project is a modified version of the orinoco_cs driver that allows use of the tertiary firmware for Orinoco cards. While the driver does not include the tertiary firmware, it does provide instructions on where to obtain the firmware.

The second option is an updated driver from Agere. This driver is not available from any of the other Orinoco manufacturers, including Proxim. This driver is an updated version of the wavelan2_cs driver and has been renamed wlags49_cs. The driver includes support for master mode. We set up these drivers in Section 6.2 of the chapter.