Archived from groups: (
More info?)
"coconut" <nospambaby@despaminize.com> wrote in message
news:10l6qi4ri397u00@corp.supernews.com...
> Noticing the lights was my first clue to the situation. Thanks for all
> your help. I've gathered enough info that I think I can take care of it.
> We are a small charter school in Idaho and the only people that will have
> access to the encryption key are the teachers. There are about 20 of us
> in all. Does the key need to be entered in each and every day, or just
> altered if I alter it on the AP? We're running Win XP on all the laptops.
> The only machines that the students are using are the lab computers that
> are hardwired to the DSL line. We have a few students that live in the
> area that are tech geeks and I wouldn't be surprised if they're doing the
> damage. As far as I can tell, with our situation it seems that a WEP key
> would be the way to go. Now it's just a matter of figuring out how to set
> it up on each of the AP's. Thanks for all your help!
> Chris
>
>
> Jeff Liebermann wrote:
>
>> On Wed, 22 Sep 2004 15:22:42 -0600, Blah <blah@blah.com> wrote:
>>
>>
>>>We have no encryption set up, and have two Cisco Aironet 1200 series
>>>AP's.
>>
>>
>> Various people have suggested enabling encryption (WEP/WPA). This is
>> a good idea but largely useless on a skool wireless system that is
>> accessed by students. The problem is that the WEP key or WPA pass
>> phrase has to be known by every user of the system. Pass that out to
>> all the students and fairly soon the whole world will know the
>> password. In short, encryption is useless for public access WLAN's.
>>
>> What you need is some kind of authorization and authentication system
>> for the network. Kerberos is one example. Such systems are resident
>> on a network server and control access to the network, not the
>> wireless access points. Random wireless users can associate with the
>> access points, but can't see anything on the network until they login
>> and authenticate.
>>
>> I'm not terribly familiar with such systems as I don't often get into
>> this part of the puzzle. I suggest you speak with other skools that
>> have similar systems and ask them what they are using to control
>> access. Methinks you'll need to look at your network security as a
>> whole, and not just the wireless part. Perhaps some readers here have
>> experience and suggestions. Now, back to the original problem. The light
>> show on the wireless
>> side may be due to a worm or virus on your network or on a wireless
>> device (laptop). These tend to spray large quantities of broadcasts
>> looking for other machines to infect. Lots of ways to identify and
>> isolate the culprit, but the quickest is to uplug the ethernet cables
>> from each port on the central switch the light show magically stops.
>> It also might be one of the neighbors using the school system for
>> their personal broadband ISP. (Why subscribe to ADSL or cable modem
>> when you can just use the schools system for free?)
>>
>> Incidentally, since you volunteered for this, get used to looking at
>> the lights so that you know how "normal" should appear. The lights
>> offer quite a bit of diagnostic information that is easily visible
>> without diagnostic software. For example, if ALL the lights on a
>> switch flash in unison, that's a broadcast packet doing that. If one
>> light is continuously flashing, there's quite a bit of traffic going
>> to/from that port. Two lights flashing somewhat in unison means that
>> there's quite a bit of traffic going between those two ports. An
>> abnormal light pattern will be your first indication of a problem.
>>
You just have to set the WEP key once - on the AP and on each laptop. Be
sure your AP supports WEP and not WAP - they are different. WEP is older
and less secure. But not all equipment supports WAP. If you find your APs
support WAP - make sure all your laptops do also before you try to use it.
Also, in setting WEP keys, often you can enter a phrase, which is then
translated into WEP hex keys. However, not all hardware setup software does
the translation the same way. I have found it safer to enter the WEP key as
hex characters directly into all devices.
It may have been said before, but be sure to reset the administrative
password on the APs so that only you and no one else can alter the AP
settings.
Also, given you have two APs and one repeater, suggest you turn off the
repeater initially and deal with the APs. Unless the APs are far apart from
each other, they need to be set to transmit on different channels 1-11.
Only channels 1,6 & 11 are non overlapping channels. And channel 6 is the
default. So to avoid colliding with a local home AP, I suggest you use
channels 1 and 11.
Make sure the laptop will connect to the AP 1) at a close proximity to the
AP and 2) without any security - first - each access point - before you turn
on WEP. Then test each laptop with WEP on - again close to the AP. You
want to ensure that the configuration and equipment is all working before
you start to deal with issues of distance from the AP and loss of signal.
Good luck!
Bob
--
Bob Alston
bobalston9 AT aol DOT com
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 9/21/2004