Wirelessly connect local LAN to wireless access point (no access to physical ports)

mpfaff1 · Oct 21, 2016

Hi all - I've been searching a lot, but coming up empty handed. It seems like what I'm trying to do isn't solved by typical bridge or extender solutions, but hopefully someone has some ideas (and it may be something obvious I'm not seeing). So here's the situation...

My parents moved to a retirement community that provides wifi via access points located throughout the property, and it works great. But because they no longer use their own ISP, they no longer have a local router that allows things like printing to a wireless printer. While everything can get on the internet, none of their equipment can see each other anymore.What I need to accomplish is this:

[provided internet access point]---wireless---[local router]---wireless---[their computers, printer, etc.]

So with a bridge configuration, I could wirelessly connect to the access point, but all local connections would have to be hardwired, which is not an option. And I don't have physical access to the nearest access point, so I can't hardwire a router to it and have everything else connect wirelessly.

From what I've read on the variety of range extenders out there, they can pick up and redistribute the wireless signal, but can't provide routing between the local devices (unless this just isn't clearly documented in the manuals).

Any ideas on the best way to resolve this?

Thanks in advance!

gbb0330 · Oct 21, 2016

if there are wifi access points throughout the property there is a router as well.
you don't need to have your own router to setup wireless printing.
just have the printer connect to the same wifi network as your parents' laptops. print a configuration page from the printer and determine its IP address.
on your parents PC go to devices and printers -> add printer -> add a local printer -> create new port -> Standard TCP/IP port -> enter the IP address of the printer -> click next. you may have to download drivers from the manufacturers website at this point.

boosted1g · Oct 21, 2016

The problem is that your parent's community wifi solution is most likely using firewall rules to block device-to-device communication. Since many users share an access point there is a huge security issue if this is not implemented. I do this on any install like this for multiple users.

So your parents needs a wireless bridge and a wireless router.
If your parents devices are newer that have 5ghz radios then you want a router that uses 5ghz band because those multiple access points are going to saturate the 2.4ghz band so all non-interfering channels are going to be used already.

Use one of these as your wireless bridge. This will receive the data from the community's wifi access point: http://www.newegg.com/Product/Product.aspx?Item=0ED-0005-00014
Then connect it to the WAN port of whatever router you want to get (preferably dual band). Then they can connect all of their devices to that router.
$50 router: TP-Link WDR3600 (or 4300 if on sale)
$100 router: TP-Link C7 Archer
$150 router: ASUS AC68_ (U, P, R, W, doesnt matter).
If your parents are not sending much data between their devices, and just using the internet and printing then the more expensive routers are really not going to give them anything extra.

There are "all in one" devices that can do this, but with a single device you have a single radio which means the bandwidth is split in half as the router/bridge plays middle man thus the 2 device setup will perform significantly better.

gbb0330 · Oct 21, 2016

@boosted
if i was a betting man i would bet you $20 that all they have at this retirement community is a consumer grade router and a few access points. places like that usually don't spend a lot on IT.

boosted1g · Oct 21, 2016

gbb0330 :

It doesn't require enterprise routers and switches; I can load alternative firmware on a $50 consumer grade router, create a VLAN and enforce some firewall rules in iptables.
And if you wanted to use proper tools for the job a $100 ubiquiti edgelite router would be a fully capable inexpensive router for 50-100 clients.

No matter what my setup puts all of their devices behind the NAT of the router and gives them a much needed layer of security.

gbb0330 · Oct 22, 2016

@boosted. i have edgelite router at home. its a pretty good router.
is this what you used for your setup:
https://help.ubnt.com/hc/en-us/articles/218889067-EdgeMAX-How-to-Protect-a-Guest-Network-on-EdgeRouter

boosted1g · Oct 22, 2016

Yes that is a router I have used for setups like what the retirement community uses where they need a guest, a office, and a administrative VLAN.
Even better if you have VLAN capable APs and switches.
I believe the PROTECT-IN protects VLAN to VLAN communication, while the PROTECT-LOCAL is what is protecting device-to-device communication in the same VLAN, dropping eveything else but DHCP and DNS. If I remember right there should be another line in there to allow communication from that VLAN to the router's WAN port.

Naturally the edgelite is massive overkill for your parents setup. The ubiquiti AP/bridge plus a simple router will be fine, if you want to load dd-wrt on it even better. For their setup they dont need VLAN or any other fancy features, they just need to treat the community's network as if it was a WAN connection to the internet, and have a private network that their personal devices can join that are not restricted by all of the firewall rules of the community's router.

mpfaff1 · Oct 24, 2016

Hi all - Thanks for your answers. Basically I was wondering if this was something I could just run out to Best Buy and deal with while I was there visiting them over the weekend, or something requiring a bit more elaborate solution. I've done a moderate amount of network configuration, but I know my knowledge has a number of gaps. Probably the most ambitious thing I've done was set up a WDS in a weird rental situation I was in several years ago, but that turned into an opportunity to learn dd-wrt, which has been very handy ever since. But I was pretty sure that an off-the-shelf wireless router with dd-wrt wouldn't do the trick, without two radios, as boosted1g pointed out.

The network in question is as boosted1g described, where for obvious reasons devices can't communicate with each other. And for what it's worth, since gbb brought it up, it's actually a pretty upscale 21-acre facility, and what exposed network gear I've seen is all Cisco. Coverage and performance are great.

For the moment my folks are content with sneaker-net on the occasions they need to print or move files from one computer to another. Before I go visit them the next time, we'll make a decision about whether that's actually working out ok, or if we should invest in the gear recommended above to streamline things a bit more.

Thanks much!

The Paladin · Oct 25, 2016

I would suggest trying this as a simple, cheap solution easy to implement

Get a wireless extender that has a LAN port on it (such as TP LINK RE-210) configuring the 5GHZ band to connect to the wireless of the provided wifi, leaving the 2.4GHZ band for wifi usage in the apartment, then Use the lan port to connect a switch (if devices are wired) or turn off the 2.4ghz band on the RE210 and connect a new router setting it as AP to the lan port and us the new router wifi as their main connectivity, they can then connect anything they want on that and see it all

bill001g · Oct 25, 2016

The reason you can not communicate between devices is likely that the retirement place has turned on wireless isolation. This is actually a really good thing when you have device owned by many different people connection to a common wireless source.

As detailed in boosted post you can likely use a repeater with the problems associated or use third party firmware. The only catch is the retirement wireless devices must have WDS enabled and it is recommended in a public installation you do not.

A solution using purely factory device would be to use a client-bridge plugged into a router. You are in effect building your own repeater. It solves the radio problem because you are using 2 actually separate devices. There are many client-bridge devices but the ones I use most often are from ubiquiti or engenious. These are outdoor direction bridges but they work inside also. You could use any router you like.

This solution will work even if they do not have WDS enabled because you are only connecting with a single MAC address...ie the wan port of the router. The client-bridges generally can run in WDS mode or simple bridge mode.

The main downside to doing it this way is the cost. Still it is not that much the outdoor bridges are less than $75 and you can get a really nice router for $100.

Search

Wirelessly connect local LAN to wireless access point (no access to physical ports)

mpfaff1

Commendable

boosted1g

gbb0330

Reputable

boosted1g

Titan

gbb0330

Reputable

boosted1g

Titan

gbb0330

Reputable

boosted1g

Titan

mpfaff1

Commendable

The Paladin

Polypheme

bill001g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page