Topic: Mutliple NICs

[Lucky Dragon]

Under the standard setup, Server/Gateway uses one NIC for the WAN and the other for the LAN. I am building a server to upgrade a small office network with some wired and a few wireless clients. I have installed the necessary cabling for gigabit ethernet and have a gigabit hub and NICs in the client machines to be connected. What I would like to do is have a 3rd network card installed for the wireless access point: that only needs to be 100Mbps, as the wireless clients are all using 802.11b or g. I don't need anything complicated or fancy: it's perfectly fine for both the wired and wireless clients to be on the same subnet and for DHCP to assign IPs from a single pool.

Is there a HOWTO somewhere that will take me through the process? (I'm no Linux expert but I can follow instructions pretty well.)

I did a forum search and found two relevant threads, but neither one had what I am looking for:
http://forums.contribs.org/index.php/topic,10481.msg39525.html#msg39525
This thread mentioned setting up a custom template, but no further details (and it's for an older version of SME.)
http://forums.contribs.org/index.php/topic,8018.msg29845.html#msg29845
This thread included a link for setting up "high availability" but the link is broken.

Thanks in advance for any help or pointers on this.

[janet]

Lucky Dragon

What I would like to do is have a 3rd network card installed for the wireless access point...

Here is a copy of the HA Howto if it's of use
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/High%20Availability%20How-To%20for%20Linux%20Mitel%20SME%20v5.htm

AFAIK you can just connect the WAP device directly to a LAN port on your switch/hub. A dedicated WAP works fine, a modem/router/wireless router will also work but you need to disable all other functions except the wireless part.

Also I seem to recall there was some sort of contrib or howto that did something like you are after, but I never used it and cannot remember it's name, so search, or maybe someone else here knows.

[p-jones]

but I never used it and cannot remember it's name, so search, or maybe someone else here knows.

I believe it may have been Chilli Coova (or something very similiar)

Not really necessary. Set up a WAP as Mary has described and it will do the business just fine. If u really must use a wireless router, be sure to connect to the LAN port (Not the WAN port). It too will work fine but it does get way more messy to configuure than a simple WAP.

 

[janet]

Lucky Dragon & p-jones

I believe it may have been Chilli Coova

Yes that was it, thanks
http://wiki.contribs.org/CoovaChilli

[Lucky Dragon]

AFAIK you can just connect the WAP device directly to a LAN port on your switch/hub.

Well, I could if I had any spare ports left I'm making do mostly with what I have on hand or could scrounge up on this one. A quick glance at the HOWTO you linked looks like it will give me the information I need to configure that extra NIC. Thanks!

A dedicated WAP works fine, a modem/router/wireless router will also work but you need to disable all other functions except the wireless part.

Using a Linksys wireless router with the router functions and DHCP disabled. I assigned it a static IP and it's working fine as a hub iwth their old server, so it should be fine to just plug and go once I get the new server in place and configured.

[Lucky Dragon]

Well, after reading through the section on that high-availability HOWTO, I tried out the instructions in section "A" for configuring an additional card, substituting eth2 for eth1, since I have 2 cards configured already. My success with this procedure was limited: i suspect the instructions may not be entirely correct for v8. Kudzu gave me the following information on my 3rd NIC:

Code: [Select]

class: NETWORK
bus: PCI
detached: 0
device: eth2
driver: forcedeth
desc: "NVIDIA Corporation nForce2 Ethernet Controller"
network.hwaddr: 00:11:2f:d7:6a:ed
vendorId: 10de
deviceId: 0066
subVendorId: 1043
subDeviceId: 80a7
pciType: 1
pcidom:    0
pcibus:  0
pcidev:  4
pcifn:  0
What I need now is to know what steps I need to take to configure this NIC to show up as a 2nd infterface on the LAN. 192.168.10.x, with netmask of 255.255.255.0 and then I would need to assign it an IP of 192.168.10.5.

If anyone can give me some pointers on how to accomplish that under SME v8, that'd be awesome.

In the meantime I will take a closer look at the Chili Coova contrib suggested above and see if there is a way to configure it so that the wireless clients have full access to the LAN. At first glance it seems primarily intended for creating a wireless hotspot in a public location with web-only access.

[janet]

Lucky Dragon

Already the effective cost of your and our combined efforts have exceeded the cost of a small add on switch or hub.
You could connect a small 4 port hub to a port on your existing switch and you have 3 more available ports then, too easy & simple.
Why not spend $50 and take the easy/simple way out ?

You still have a few hours work/time/cost to sort this out, all for the sake of an extra port ???!!!

Sometimes simple is best.

[Stefano]

Sometimes simple is best.

KISS philosophy -> Keep It Simple Stupid

[Lucky Dragon]

This is what I get for agreeing to donate my time for a charitable cause... They'd rather have me take the extra time than spend more for a new hub. I guess I will have to see if I can talk them around to springing for another hub instead of having me take additional time to figure out how to get the extra NIC working.

[p-jones]

This is what I get for agreeing to donate my time for a charitable cause... They'd rather have me take the extra time than spend more for a new hub.

Donate them a new 4 port hub and with the time you have saved,  do some paid work to recover your cost plus some !!!

(I do understand where you are coming from but sometimes you just have to bite the bullet and people have to be prepared to help themselves just a little bit too)

If you start getting clever and "hacking" the out-of-box setup to much, you are just making a rod for your own back further down the track.

You are also right, Chilli Coova is intended to be a Hotspot, isolating wireless clients from the LAN which I dont think will help you at all.

[CharlieBrady]

Already the effective cost of your and our combined efforts have exceeded the cost of a small add on switch or hub.

... or router. IMO the best solution here would be to use a wireless router, with NAT disabled, and configure an "additional local network" to provide access permissions and routing for the wireless subnet.

[Knyte]

... or router. IMO the best solution here would be to use a wireless router

Yep, that's what I'd do, and have done.  This is a perfect job for a Linksys WRT 54GL, or anything else that will run Tomato (very stable).  If you really want to get fancy, you can offer multiple (virtual) SSID's with DD-WRT (much more featured, but installation/future upgrades aren't nearly as stable or seamless).  This means you can have a 'guest' SSID (perhaps encrypted, perhaps open, whichever you choose), and another SSID for 'employees' or 'private' (again, encrypted or not) or both, or more, each with different passphrases (or the same), all from one device.

Both of these third-party (and completely free) firmwares are much, much more featured than most stock firmware.  You mentioned you are using a Linksys device, I hope it's a model/rev that is supported.  If you're not sure, get back to me and I can help you sort it out.

With either Tomato or DD-WRT, you can just disable DHCP and WAN (you can config the WAN port as a switch port, so effectively it becomes a WAP & 5 port switch).  If your SME is in server/gateway, just plug the (in this example) Linksys WRT into the LAN port (or anywhere on the LAN, for either SME mode), and tada!  Wifi for all (or few!).

Another advantage is that you can mount the WRT wherever you like...typically, the higher the better.  So it's not really a big deal (in fact, advised) to mount it on a wall somewhere (preferably main floor/second floor), even 5' - 6' is great (about the length of the power cord), and really helps with range - much more so than if you had a wifi NIC installed in the physical box (which is usually on the floor or in a basement), not to mention the headaches that go with it - extra SME customizing with drivers, routing and such.  Bleh.

These become very powerful gadgets when modified, and would suit your scenario very well IMHO.  $50 is a steal; the last two or three I ordered were closer to $80.

EDIT:  I looked at CoovaChilli and it, too, could easily be integrated to the above config.

[chris burnat]

This very interesting topic would be best in General Discussion, moving.

[Lucky Dragon]

Thanks everyone for the feedback and pointers. I found a cheap 8 port gigabit switch for $29 and they'll just use that. (I pointed out that this would leave them with a couple open ports in case they wanted to add extra workstations in the future.)   

Yep, that's what I'd do, and have done.  This is a perfect job for a Linksys WRT 54GL, or anything else that will run Tomato (very stable).  If you really want to get fancy, you can offer multiple (virtual) SSID's with DD-WRT (much more featured, but installation/future upgrades aren't nearly as stable or seamless).  This means you can have a 'guest' SSID (perhaps encrypted, perhaps open, whichever you choose), and another SSID for 'employees' or 'private' (again, encrypted or not) or both, or more, each with different passphrases (or the same), all from one device.

Both of these third-party (and completely free) firmwares are much, much more featured than most stock firmware.  You mentioned you are using a Linksys device, I hope it's a model/rev that is supported.  If you're not sure, get back to me and I can help you sort it out.

Unfortunately, what they have is a WRT54G version 6, which is not supported by Tomato. IIRC the v5/v6 routers have less NVRAM or something, as Linksys was going through a phase at that time where they didn't want people flashing 3rd party firmware on their products.

With either Tomato or DD-WRT, you can just disable DHCP and WAN (you can config the WAN port as a switch port, so effectively it becomes a WAP & 5 port switch).  If your SME is in server/gateway, just plug the (in this example) Linksys WRT into the LAN port (or anywhere on the LAN, for either SME mode), and tada!  Wifi for all (or few!).

Using the stock firmware, I have disabled DHCP and assigned a static IP to the wireless router, and just put it on a long CAT5 extension so it is more centrally located in the office. Signal is good and there don't appear to be any dead spots. I did notice when I was reconfiguring in the wireless security setup screen there is an option for RADIUS authentication. I know that SME has a RADIUS server and was wondering if this could be set up to allow wireless users to authenticate through the server with their SME user IDs. If so, would this provide better security, or is it more trouble than it's worth?

EDIT:  I looked at CoovaChilli and it, too, could easily be integrated to the above config.

From what I read on the CoovaChilli contrib page here, I got the impression that it was purpose-built to provide a WiFi hotspot that is isolated from the LAN. It seems to me that it would require quite a bit of extra configuration to get LAN access for the wireless clients using this contrib. Then again, maybe I missed something?

[Knyte]

Unfortunately, what they have is a WRT54G version 6, which is not supported by Tomato.

Too bad!  However, with a bit of work, it is supported by DD-WRT.  In your scenario, the returns (and cons) probably aren't worth the effort.

Using the stock firmware, I have disabled DHCP and assigned a static IP to the wireless router, and just put it on a long CAT5 extension so it is more centrally located in the office. Signal is good and there don't appear to be any dead spots. I did notice when I was reconfiguring in the wireless security setup screen there is an option for RADIUS authentication.

Sweet!  You did well with what you had, nice work!

Here is a thread that discusses SME with RADIUS.

Strictly speaking, RADIUS is the most secure means of authentication, but as long as you use WPA or (better yet) WPA2 and with AES (just avoid WEP at all costs, and TKIP) and a strong passphrase, you should be fine without RADIUS.

From what I read on the CoovaChilli contrib page here, I got the impression that it was purpose-built to provide a WiFi hotspot that is isolated from the LAN. It seems to me that it would require quite a bit of extra configuration to get LAN access for the wireless clients using this contrib. Then again, maybe I missed something?

You're right, it's more about guest access (as p-jones mentioned) rather than a wireless extension of the LAN (which is what you've already done).