|
How do I set up a dual-band Airport network?
I have both a new Airport base station that works as 802.11n and I also have an old Airport that works on 802.11g/b. I have Powerbooks and an AppleTV. How do I set up the network so that both frequencies can work simultaneously? I want the AppleTV to go on n at 5ghz so it gets full speed, while the older Airport serves out b/g so that my Powerbooks can connect.
|
friendly bump!
|
Set them both up with separate SSIDs and on separate subnets (10.0.1.xxx and 192.168.1.xxx) Let your G speed devices connect to the G and the N devices connect to the N. All will be well and the N will not drop its speed to accomodate the Gs.
|
The two devices must have separate network names (SSIDs) but don't use separate subnets! If you use separate network addresses, devices on one network won't be able to talk to devices on the other network. You want all of your devices to be on the same network. Turn off the DHCP server on the N base station, like this:
Internet | |-----B/G Base Station (distribute IP addresses) | |-----N Base Station (don't distribute IP addresses) Chris |
I think chabig has the right idea. I'll expand and modify a bit.
Set the new base station to N-only so it cannot operate at a lower speed. Pick one of your stations to be the main one. The main station must have both a WAN and LAN port. Set it up to talk to the DSL or Cable box and also to distribute IP addresses. From the main station's LAN port, run Ethernet to the second station's WAN port. The second station should connect to the first using DHCP and should not distribute IP addresses. My diagram looks a bit different, but I think it's what chabig meant: Internet ---> Airport 1 WAN (distribute IP) Airport 1 LAN --> Airport 2 WAN (do not distribute) It might be superstition, but I would keep a healthy distance between the two Airports, not stack them on top of each other. In case you are wondering, I don't know of a way to do this without a physical Ethernet connection between the two stations. |
mclbruce is exactly right. That's how my base stations are set up (you do need an ethernet cable between them). I recommend letting the B/G station distribute the IP addresses. The WAN port of the N bast station can't operate at full speed if it's distributing IP addresses. See:
http://www.macintouch.com/reviews/airportn/ Here are two relevant quotes: Quote:
Quote:
|
Ah, good point, my subnets are linked by the DSL router with an address table. Which was no fun to set up.
|
Very informative suggestions!
I've got pretty much this configuration. However, I'd really like to go a bit further... I've got an AirPort network using 802.11g only with WPA. However, I've got two devices that won't work with that configuration -- a Sony PSP (802.11b only) and a Nintendo DS (802.11b only, and WEP-encryption only). I neither want to reduce the speed or the security of my AirPort network. So, I was thinking I could set up an old D-Link base station running 802.11b/WEP and connect it to the Ethernet port of my Mac Mini (which is also connected to my AirPort network via wireless). Now, I want devices connecting to the D-Link to be able to connect to the internet, but not have connectivity to other machines on my main wireless network. Any ideas on how I could achieve this? Thanks! |
Hang the D-Link off of your Airport Base Station. It should just work because DLink uses 192.168.X.X by default while Airport uses 10.0.X.X. The devices on your DLink will get to the internet but won't see the Macs.
Chris |
Quote:
My 1st AirPort Express is connected via ethernet to my cable modem. A second Express extends the WLAN. That second Express also has an ethernet link to a switch for non-wireless devices to access my main WLAN. My Airports are using 192.168.0.x addressing. I could easily set the D-Link to 192.168.10.x. So, if I understand you correctly, I could connect a switch or hub to the 1st AirPort's ethernet, and hook both the cable modem and the D-Link to that switch. The AirPort would pick up its WLAN IP and DNS from the cable modem. However, the cable modem will only issue one IP address, so the D-Link would have to pick up an address from the AirPort. But... wouldn't the D-Link's gateway address then be the AirPort's internal 192.168.0.1 address? So 192.168.10.x addresses handed out by the D-Link would in fact be able to route to the AirPort's network? For example, my PSP on 192.168.10.5 would have 192.168.10.1 (the D-Link) as its gateway, and the D-Link would then NAT that on to the AirPort, with the AirPort then allowing access to the main WLAN as well as NAT'ing (again!) connections to the internet? Hmm. I'll give this a try when I get home from work -- see what happens :D |
The IP addresses should not be an issue if you only have one device acting as a DHCP server. Basically make one of your routers the primary, then configure secondary and tertiary routers to use the IP of the main router for their gateway, DNS, and turn off DHCP server. Then they will act as switches and repeaters.
Mimic the wifi security settings and SSID and you have one solid network. |
Thanks -- I'll give this a try. I'd already done something like this -- i.e. let the D-Link pick up its external interface details from the AirPort and let the D-Link route its address range onto the AirPort's range.
However, I seem to remember that this did not prevent devices on the D-Link's network from accessing those on the AirPort's network. I want to restrict the D-Link's network so that it can only talk to the internet via the main AirPort. i.e. Code:
I want to make it so that devices on the Insecure WLAN can only reach the internet. (edit: now, taking your point about DHCP... If the D-Link is set not to distribute IP addresses, then it's simply acting as a wireless client. How in that case would I be able to prevent clients on the insecure WLAN from accessing the secure WLAN?) |
I have to ask this, why not just make the whole thing secure? Are you trying to give out public access or something on part of your network? Also, are you physically running cat5 to each router?
|
Quote:
So a second less-secure WLAN which is logically separate from my secure, 802.11g-only WLAN seems appropriate :) |
okay, well this is how I would go about this
Secured router, hands out DHCP to everything. Wifi router one gives out SSID #1 with WPA, wifi router 2 which is set to mimic Router 1's settings has DHCP turned off but its wifi is on a way different channel, different SSID, and Less or no security. Did nintendo not release an update that supports WPA? |
Displaced, I didn't know you were using Airport Expresses. I thought you'd have an Airport Base Station. I think you've got the idea right. Your cable modem should be able to give out 2 IP addresses (1 to each wireless base station). Then let each base station manage its own network of IP addresses, like this:
Code:
[MODEM - giving out IP addresses] |
Thanks, chabig. Sadly, my ISP configures their cable modems to only issue 1 IP address :( (still, it's a 20Mbit connection, so I can't really complain!).
I'll check around at work -- hopefully I'll be able to dig out an unused router to play with. Failing that, I'll connect the D-Link to my Mac Mini's ethernet port and mess about with natd and ipfw. I'd imagine I can use natd to share the Mac Mini's AirPort link to my main network (and thus the internet), and use ipfw to restrict traffic from the D-Link so that only non-local IP addresses can be routed to. If I figure anything out, I'll post back! |
Well if you completely disable all network settings from your secondary router, and then point them all to your primary it will repeat the network. Then for the wifi all you have to do is set it up on a different channel, give it a different SSID and give it different security settings.
Then it will all be on the same IP range and the same Subnet. Then again, at that point you might as well just lower all your wireless security since you are pretty much giving a backdoor with the lower end security. However, the likely hood of someone trying to crack WEP i think would be extremely rare on a personal network. |
Related Question
My brother has a LinkSys router with WiFi capability connecting to a laptop via WiFi and to his desktop via 100base-T. Both can see his cable modem but he says that his laptop can't see his desktop machine. Is there a fix for that (bearing in mind that I've never seen the new setup - he's 100 km from here). Questions I should ask appreciated if the answer is not obvious.
|
Quote:
|
Alas, one of the machines is a PC.:(
|
Quote:
|
Quote:
I've been messing with natd and ipfw on the Mac Mini. Here's the config so far... 192.168.0.x network - AirPort Express at 192.168.0.1 - gateway to internet - Mac Mini connected using AirPort 192.168.10.x network - Mac Mini using Ethernet at 192.168.10.1 - D-Link connected using Ethernet to Mac Mini at 192.168.10.254 - PSP, Nintendo DS, etc. connecting to D-Link, getting a 192.168.10.x IP via DHCP from the D-Link. The Mac Mini's set up as so: - ip.forwarding sysctl enabled - ipfw rule added to send incoming packets from the ethernet card to the natd service - natd configured to translate 192.168.10.x-sourced packets to appear to come from 192.168.0.x network. This means that devices on the 192.168.10.x network can talk to the 0.x network. If those devices have their gateway set to the AirPort's address (192.168.0.1), then they can talk to the internet. Now, I need to insert some ipfw rules before the natd rule. These need to look at all packets arriving on the ethernet port and check where they're headed to. If they're headed to any 192.168.0.x IP other than the AirPort, it should reject them. Cool! (by the way, I think I'll alert a moderator to this thread -- I think maybe its a candidate for splitting out some posts into another thread!) (edit: no I won't! Just read on the 'alert' page that it's for reporting spam or abuse only. I guess I'm used to the macrumors forums where 'alert' is also used for housekeeping!) (edit again: it's working! My ipfw ruleset on the mini looks like: 00500 divert 8668 ip from any to any via en1 00501 allow ip from 192.168.10.0/24 to 192.168.0.1 00502 deny ip from 192.168.10.0/24 to 192.168.0.0/24 00503 deny ip from 192.168.10.0/24 to me 65535 allow ip from any to any The first rule passes incoming packets through natd. The second checks if the packet's destined for the router and if so, lets it go. -- if it matches that rule, no further matching is done -- The third drops the packet if it's destined for any machines on my secure network The fourth prevents any direct connections from the insecure network to the mini itself The final rule simply catches all other traffic which doesn't match the earlier rules. I've had a few games of Mario Kart DS online and it's working great. I might need to investigate to see if there's any additional rules/options I need to add to guard against spoofed source IPs or such.) |
Quote:
|
Quote:
Tell him to use sharepoints for OS X since it will modify your samba config file for you and allow other drives to be shared. |
Thanks, TL.
|
Quote:
1. Apple's "Designing AirPort Extreme 802.11n Networks" document seems to say the Internet modem should connect via Ethernet to the N Base Station's WAN port, which connects via Ethernet to the G Base Station's (WAN or LAN?) port. You connected your base stations in the opposite order, with the modem connecting directly to the G Base Station, not the N Base Station ... how come? 2. Is "don't distribute IP addresses" in your post equivalent to setting up the base station as a "bridge" base station? Put another way, which of your base stations (if either one) is set up with "Off (Bridge Mode)" as its method of Connection Sharing? 3. I gather that whichever base station does not connect directly to the Internet modem needs to be a bridge base station, while the one that hooks directly to the modem (I'll call it the "main" base station) must "Share a public IP address" using DHCP and NAT, correct? 4. If I use my G Base Station as the bridge base station, which Ethernet port on it should the cable from the main base station go into: the WAN port, or the LAN port? (I gather that the Internet modem connects to the WAN port on the main base station, so a (or the only) LAN port on the main base station is cabled to the bridge base station, right?) Thanks in advance for your help. |
Quote:
Quote:
Quote:
Quote:
|
| All times are GMT -5. The time now is 08:37 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.