Wireless Access Points for WiFi Hotspot use

Wireless Access Points for WiFi Hotspot use

Ever wonder why there are so many different types of wireless access points on the market today???

We have and we thought we would share the information as to what we found…

Wireless Access Points (AP) all share one common function – to allow wireless devices to connect to a network, be it a wireless network only or a wireless/wired network.  Beyond this common functionality wireless access points diverge into different functional paths.

Some wireless access points have very basic functionality – basically they are nothing more than a wireless bridge which allows a client’s wireless device to have direct connectivity to a wired network and nothing more.  Most of these simplistic access points usually offer WEP (Wired Equivalency Protection) security but don’t be fooled into thinking any sensitive information is protected very well.  WEP encryption is flawed and there are all sorts of freely available programs that can “crack” this encryption system using the flaws inherent in WEP.

If you have requirements to protect the wireless links between the client’s device and the access point you want to use at least the WPA or the newer WPA-2 encryption methods with long encryption keys that are not subject to Dictionary Attacks.  For more information about protecting the information between the client’s device and the AP see the article on Wireless Protection Methodology here on this site.

While some access points offer basic connectivity the more expensive access points offer more diverse capabilities:

  • Radius Authentication for access through the access point using an encrypted data link.
  • Virtual Private Network (VPN) connectivity across the wireless link between the client’s device and the access point
  • VPN connectivity capabilities from the client’s device to a VPN connection past the access point.
  • Basic login capabilities utilizing either a local table of users or an authentication server.
  • DHCP (Dynamic Host Configuration Protocol) to assign the client’s computer an IP address, setup the DNS and Gateway IP information and several other features DHCP is capable of providing.
  • Creation of VLAN connections between the client’s device and a VLAN end-point past the access point.
  • Control of transmission power levels
  • MAC (Media Access Control) Address pass-thru capabilities
Most access points today have some combination of the above listed capabilities with the higher cost units containing all of the capabilities and additional capabilities as well…

Of course such additional capability does come at a higher cost for the access point but the costs of such access point hardware has been dropping as more and more manufacturers attempt to beat out their competition for your funds!  Definitely a winning situation for the buyer of such equipment!

Wireless Access Points for use in Public WiFi Hotspot locations will use just the basic functionality and leave the rest to either the person using the hotspot location (VPN, VLAN and remote login to resources) but will require at least the MAC address pass-through capability if a hotspot controller is used to control access and bandwidth usage.Fortunately the costs for wireless access points that can be used for hotspot areas have come down to the point where it is cost effective to use more than one unit to cover an area.  The advantage is the number of wireless clients that can use an area increases by about twice the number that can use an area only serviced by one access point.  For an explanation see the article on WiFi Hotspot configurations for a detailed description of use and limitations of different wireless hotspot configurations.


A second option that is very nice to have is the ability to control the transmission signal output of the wireless access point.  This capability, along with proper antenna selection can mean the difference in a viable hotspot coverage area or wireless signal collisions with surrounding wireless access points which cause a significant reduction in the overall throughput of the wireless system’s  Being able to control the signal output level give you the advantage of customizing the coverage area and a second benefit is the client’s device does not have to be as sensitive to the received signal (and they are usually not that sensitive given the marginal antennas most devices have) so the effective area the client’s device can operate is extended from the access point whereas not being able to adjust the power level would reduce the useful area of coverage.

A third option is the ability to perform WDS (Wireless Distribution System) operation.  Basically WDS allows setting up wireless “repeaters” to extend the coverage area of the wireless signal.  While WDS is a good method to extend the range of the wireless signal there are trade-offs involved – each “repeater” will reduce the available bandwidth by one-half due to the way WDS operates.  Most wireless access points / routers only have one radio in them and the radio can only transmit or receive but not both at the same time.  This means the “repeater” must first receive the wireless signal, store the information, then re-transmit the signal.  This reduces the total bandwidth to one-half (in a perfect world – in reality the reduction of bandwidth is affected by many different variables but usually is reduced by at least 55 percent).  If you only need to extend the wireless signal one or two repeater “hops” then WDS is not a bad way to go – very inexpensive compared to other mehods and the only thing needed by the wireless repeater is power.
Definitions (from Webopedia):
  • APShort for Access Point, a hardware device or a computer’s software that acts as a communication hub for users of a wireless device to connect to a wired LAN. APs are important for providing heightened wirelesssecurity and for extending the physical range of service a wireless user has access to

  • DHCP - Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device’s IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. 

  • MAC Address - Short for Media Access Control address, a hardware address that uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC) layer of the OSI Reference Model is divided into two sublayers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. The MAC layer interfaces directly with the network medium. Consequently, each different type of network medium requires a different MAC layer. 

  • Radius - Short for Remote Authentication Dial-In User Service, an authentication and accounting system used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system

  • VLAN – Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration. 

  • VPN - (pronounced as separate letters) Short for virtual private network, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted 

  • WEP - Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by the physicalities of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security. 

  • WPA -

    Short for Wi-Fi Protected Access, a Wi-Fi standard that was designed to improve upon the security features of WEP. The technology is designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP:

     

    • Improved data encryption through the Temporal Key Integrity Protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with.
    • User authentication, which is generally missing in WEP, through the Extensible Authentication Protocol (EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.

    It should be noted that WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion.

Definitions (from Webopedia):

I hope you found this article useful!

Leave a Reply

You must be logged in to post a comment.