Ask the Wi-Fi Guru: July Edition

At the risk of imperiling my credibility here, allow me to make a confession—I am not much of an early adopter. Early adopters are necessary for the technology eco-system. We all benefit from their bold and courageous trendiness. But early adoption is hard on the wallet. And so it wasn’t until recently that I got my hands on an iPhone.

What a useful gadget! But I don’t care about the phone. Or the visual voicemail. Or iTunes. What I like is that the iPhone is a handy Wi-Fi finder! Whether using only Apple’s built-in wireless scanner, or third-party apps like Wi-Finder/Wi-Fi Checker or Wi-FiFoFum, it is entertaining and enlightening to walk down a city block with iPhone in hand taking in the wireless scene. Which networks are unsecure? Which have default SSID’s? And which have funny names like IF****dYourBoyfriend (true story)? You don’t even need to subscribe to phone service to use the iPhone this way, and you can pick up an older first generation model for much less moolah than the early adopters paid. So there.

Q: I’m trying to setup a wireless network for a condo complex. I’ve got equipment coming to broadcast a 2.4GHz signal around the complex with a login/password system.  The plan was to give each condo owner one account, but families with multiple computers will need more than one account.  Would it be possible to configure a wireless router as a wireless bridge so that a condo would still only have one account to the complex network, but could have Internet access on their own personal home networks? – Jason

A: I agree that with a setup like this, you don’t want to overly inconvenience the customers, e.g. condo owners. Not only will some (many) people have multiple computers, but people will have visitors toting their own laptops/netbooks/smartphones. In this day and age, offering your guests a Wi-Fi connection with their cold beverage is just common courtesy.

One question is how this login system is being deployed. Are these customers logging in through a Web-based portal, or is this network-level authentication like PPPoE or DHCP with login or even WPA with a RADIUS server?

The wireless bridge idea poses two problems. One, in wireless bridge mode the router acts as a receiver (client) and routes the connection to attached wired devices. A wireless bridge is not the same thing as a wireless repeater, and so a bridge would not help condo residents who want to get online wirelessly, which presumably will be many of them.

Second, if residents are logging in through a Web-based portal—like you do at fee-based access points and many hotels—there isn’t any easy way for the router to do this. The router would have to behave like a Web client, which is not how they work. (I imagine this is possible with  firmware like DD-WRT or OpenWRT combined with custom shell scripting, but that doesn’t seem like an appropriate solution here).

You could concoct a more complex solution to this problem. For example:

–  Setup a WDS network throughout the complex so that the routers in each unit essentially act like repeaters, allowing anyone to get to the portal where they log in. This might work for a small-ish condo complex—depending on the hardware you’re using it may only support anywhere from eight to several dozen WDS links.

–  Install a router configured as a client bridge in each unit, and add its MAC address to the whitelist filter on the complex’s primary router. Eliminate the login, since you’re now authorizing the routers. Clients can either plug wired devices into the client bridge router, or buy their own wireless router and plug it into the bridge router, just like subscribers to cable or DSL might do to supply their own wireless network.

I would question the point behind the login system. If the goal is to prevent people near but outside the complex to access the network, why not instead use WPA or WPA2 encryption and give condo residents the password? Sure, someone could leak the password to a neighbor in an apartment next door, but they could leak the portal login, too. Residents can give the password to visitors and guests without too much fuss. You’d still prevent drive-by wireless hijacking without incurring the burden of individual logins. Of course, there are a lot of unknown details to this scenario, so perhaps there is more to the story.