Putting your device on our network

From Artisan's Asylum

(Difference between revisions)
Jump to: navigation, search
(How to configure?: Fixed broken link)
(How to configure?)
Line 171: Line 171:
channel 11, depending on where you are or which gives you the best signal
channel 11, depending on where you are or which gives you the best signal
(see [[#What AP should you use? | above]]).  The SSID is ArtisansAsylum,
(see [[#What AP should you use? | above]]).  The SSID is ArtisansAsylum,
in exactly that capitalization.
in exactly that capitalization. If that SSID doesn't work, try Artisan's Asylum.
Note:  DD-WRT is not necessarily smart enough to know what crypto your hardware supports!
Note:  DD-WRT is not necessarily smart enough to know what crypto your hardware supports!

Revision as of 11:30, 16 January 2012


Types of connections

If you're trying to put a laptop on our network, or anything else with built-in wifi, just read Acceptable use of our public network and you're done---once you have a desk staffer tell you our wireless passphrase.

If, on the other hand, you're trying to add something that does not already have wireless to our network, read Acceptable use of our public network anyway. Then read the below. If you have questions, ask for help.

If your device is some major piece of Asylum equipment that we own (or lease long-term), and that is too big to ever move, it may be possible to give it a hardwired connection. This applies for things like large milling machines and so forth. It's almost always easier to give it a wireless connection instead, however, unless it needs high bandwidth or happens to already be near a hardwired drop.

If it's none of these, then what to do primarily comes down to whether your device acts more like

  • a general-purpose computer, which can take USB or PCI (or PCIe) hardware, or
  • something else, which can only use hardwired Ethernet and thus requires the use of a wireless access point operating in client-bridge mode.

The sections below give further guidance in how to set up either of these options.

General network characteristics

Our wireless APs are Apple Airport Extremes, which speak A/B/G/N at 2.4 and 5 GHz. They are configured to allow roaming, and use WPA2 Personal in AES-CCMP mode. We do not use WPA Personal in TKIP mode. This means that if your device can only speak WPA and not WPA2, it will not work. If you are setting up an AP in client-bridge mode, also see below for more details about the setup.

USB, PCI, PCIe, etc

If you have something like a desktop computer, there are several ways to easily get it on the net. This section will accumulate suggestions for devices you might use. Many others are possible. One good strategy is to go to Newegg, look for the category "Wireless Adapters", and read the reviews, many of which will talk about whether your device is supported in (for example) non-Windows operating systems, or might require particular OS versions, or downloading a kernel module from the manufacturer, or blacklisting Linux kernel modules. Since Windows is generally the OS that vendors are sure to cater to, the descriptions below only talk about other OS's, and only those that people here have tried the devices with.


Edimax EW-7811Un USB 2.0 Wireless nano Adapter Works out of the box in Ubuntu 11.10. Earlier Ubuntus require downloading and compiling a kernel module. Speaks B/G/N. Tiny! Barely sticks out from the USB port, so unlikely to get snapped off.


Edimax wireless PCI adapter Apparently works in any Ubuntu from the last few years at least. This is a tiny PCI card with an antenna jack; it plugs into a small external antenna with a 2-meter-ish cord. Speaks B/G.

Wireless access points

If your device needs to think it's on a hardwired Ethernet, you'll have to configure a wireless AP operating in client-bridge mode. This is not the default ("infrastructure") mode. Not all APs can do this out of the box; however, many can have new firmware flashed into them to enable it.

You must talk to IT before configuring a client-bridge AP. In particular, you'll need an IP address statically assigned to the AP itself in our host tables. Please send mail to get this set up.

If your device can't do DHCP and also needs an IP address statically assigned to it, please also send mail to get this set up.

If you need a stable name for your device, but it can do DHCP, please don't ask for a static address. Instead, tell your device its own name, and when it acquires a lease from us, you'll be able to talk to your device by using yourdevicename.tyler as its name. Yes, we're using tyler as a toplevel domain; this toplevel domain is only valid inside the building, but you can't reach your device from outside anyway (see Acceptable use of our public network).

APs in client-bridge mode also generally need their infrastructure AP channel to be configured in advance. In building 10, you have a choice of two APs. Pick whichever one gives you the best signal or seems to be closest to you:

  • Huey. Sits above the intersection just outside of the woodshop. 2.4 Ghz channel 11; 5 Ghz channel 157.
  • Dewey. Sits above the social area. 2.4 Ghz channel 1; 5 Ghz channel 149.

Sharing connections

If you'd like to share a single client-bridge AP across several machines or several users, that's perfectly fine with us, and in fact we encourage it: not only does it save money and setup effort, it also saves on static IP addresses. If you and your neighbors would like to amortize the cost and effort of getting non-natively-wireless devices on our net by sharing an access point, please do. Just keep in mind these common-sense provisos:

  • If something breaks, you should talk to the owner of the AP first, and IT second, since IT may not even have the password to the AP (although we encourage you to give it to us so we can help debug).
  • Don't run any cables across any part of the floor, ever; they're a tripping hazard. It is absolutely forbidden to cross a firelane with any cable unless it's in the ceiling.
  • Don't run cables on permanent (cinderblock) walls, metal beams, or into the ceiling without finding out first what our code requirements are with the city of Somerville about how wires get run.

The upshot is that neighbors in the same block of rental spaces can easily share a single AP by running cabling on top of the red and white partition walls, or otherwise attached to them, but they can't span firelanes to other neighborhoods. On the other hand, you probably wouldn't want more than a few people sharing one AP anyway, for bandwidth and reliability reasons.

What AP should you use?

We've had excellent results using Linksys WRT54GL APs. There are at least 3 currently in place at the Asylum. These require new firmware to be flashed into them to operate in client-bridge mode. They're relatively cheap either new or from eBay, and speak B/G. Note that the GL at the end is important, the G routers are different. You want version 1.1 of the router; this is the kind with only 8 LEDs (not 20) and will have a sticker on the bottom saying it's version 1.1. (Version 1.0 is quite old and only likely found used.)

There are no doubt many other APs that will work just fine, many of which can probably use client-bridge mode out of the box. Feel free to recommend some to be listed here.

Using a Linksys WRT54GL

If you decide to use a Linksys WRT54GL, here are specific instructions for setting it up.

What firmware?

Use DD-WRT. Specifically, do not use Tomato. Tomato is a fine piece of firmware, and is easier to set up than DD-WRT, but unfortunately even its most-recent version as of this writing (version 1.28) can only do client-bridge mode in WPA, and we speak WPA2, so Tomato won't work. (Tomato can do infrastructure mode in WPA2 just fine, but that won't help here, because you need client-bridge mode.) There are anecdotal reports that OpenWRT doesn't work either, but this hasn't been confirmed; if you have a success story, please let us know.

If you're using a Linksys WRT54GL and DD-WRT, do not use build 13064! This build does seem to work, and is unfortunately the build that's actually recommended by the the router hardware database, but that database is apparently years out of date, has not been maintained since sometime after it was set up, and consequently recommends bad builds. As discussed in the so-called Peacock thread, build 13064 has bugs that make it not recommended (even though we do have at least one AP using that build and haven't (yet) noticed any problems).

The recommended build is currently 14929. You can find that build for a variety of hardware here. For the Linksys WRT54GL, we used the dd-wrt.v24_std_generic.bin build, after first preflashing with dd-wrt.v24_mini_generic.bin [that latter from the 13064 build because we didn't know any better at the time, but the 14929 build should also work just fine].

How to flash?

Unfortunately, the DD-WRT ecosystem is a terrible mess---there is lots of years-old advice mixed in with more-recent advice, and it tends to contradict itself and yet claim that following any other advice will brick your router. However, starting with the Peacock thread is a reasonable way to go, if somewhat lengthy and alarmist.

Pay careful attention to the instructions in the Peacock thread re 30-30-30 resets before and after each firmware upload, and (if you're starting from stock Linksys firmware) about loading a mini build first, and then a std build. [The issue here is that old-enough stock firmware for the WRT54GL can't load firmware more than 3MB in size, so you need to load the under-3MB mini build, and then load the over-3MB standard build. Wikipedia claims that firmware revision 4.30.11 in the v1.1 unit enables uploading 4MB firmware images directly, and in fact I had several pre-4.30.11's that I upgraded to 4.30.15 and then directly loaded Tomato onto them. However, just in case DD-WRT does something peculiar with its flashing, I followed their instructions and loaded mini builds on each WRT54GL I reflashed, then loaded the standard builds; this is easier than recovering a bricked router.]

If you've never done this before and want help, ask for help. If you're willing to take the (relatively small) chance that we'll brick your router and want us to do it for you, that's possible with suitable (small) bribes.

How to configure?

Once you've flashed the generic build 14929 into the router and done all the necessary resets along the way, you can configure it using the steps here.

The security type is WPA2 Personal (AES-CCMP). The key is the passphrase for our wireless network; talk to the desk staff to get it. Pick either channel 1 or channel 11, depending on where you are or which gives you the best signal (see above). The SSID is ArtisansAsylum, in exactly that capitalization. If that SSID doesn't work, try Artisan's Asylum.

Note: DD-WRT is not necessarily smart enough to know what crypto your hardware supports! In particular, we had a report of a non-54GL AP with the latest build for that hardware (which was not as recent as 14929) that allowed choosing WPA2, but in fact the hardware didn't support WPA or WPA2 at all---only WEP. That's just not going to work. Check the specs on your router's crypto support carefully.

You'll need to have already sent mail to get a static IP address; this is the "local IP address" referred to in the documentation. (Their example uses, but that won't be your address; it's not even on the right network for us.)

Your gateway will be (Not 1.1, but 10.1.)

Host settings

Assuming you've properly set up your router, plug your device's hardwired Ethernet into one of the router ports. (Use one of the 4 ordinary ones unless you've set "Assign WAN port to switch", in which case you can use that one, too.) Your host should acquire a DHCP lease, which will be something in net 192.168.10.x. You're done.

Getting help

If you need help or advice on getting yourself set up, or if you need a static IP address allocated for your fixed wired device or your client-bridge AP, the best approach is to send mail to networkfoo@artisansasylum.com. [Note that this address has been obsfuscated as an antispam measure; type in what you see. If you copy & paste, you'll notice that there are extra characters in there that aren't really part of the address.]

Personal tools
Wiki Maintenance