LITTLEBLACKDOG.COM

Posted: Thu Apr 12, 2007 6:03 am Post subject: 3 wireless APs -> "1"

I have a client that has 3 different locations, and a few employees who float from location to location.

They want to to go wireless for these mobile employees, and for easy of use, I am wondering if it's possible to give all 3 access points the same SSID and WPA key.

I'll find out one way or another for sure tomorrow, but maybe one of you have tried this in the past.

Guide Dog Joined: 08 Nov 2003 Posts: 8419 Location: MN

Olive wrote:
I have a client that has 3 different locations, and a few employees who float from location to location.

They want to to go wireless for these mobile employees, and for easy of use, I am wondering if it's possible to give all 3 access points the same SSID and WPA key.

I'll find out one way or another for sure tomorrow, but maybe one of you have tried this in the past.

Yeap very possible.

did it with my parents house, if you can get on at their place you can get on at mine.

Posted: Thu Apr 12, 2007 8:26 am Post subject:

Yup. No real reason why not. It's no more, and no less secure, either.

Posted: Thu Apr 12, 2007 8:40 am Post subject:

Thanks. I assumed it would work, but could also imagine that there might be an issue where the MAC of the AP doesn't match when moving from location to location, and for security reasons, might not allow a connection when using a single generic/universal profile on the laptops.

Never tired this before, so wasn't sure.

Posted: Thu Apr 12, 2007 11:32 am Post subject:

It's a valid question.

But my understanding of wireless security, such as it is, usually implies that the MAC address of the AP is irrelevant.

Posted: Thu Apr 12, 2007 2:15 pm Post subject:

Mac address is only relevant if your limiteting what mac address can access the ap....... and at that point you can add all the mac addressesof the remote computers to each ap.

The only advantage of doing this is an additional level of security.

Posted: Tue Jul 03, 2007 12:04 am Post subject:

I setup one of my customers with 3 wireless networks at different locations. I did NOT enter in the WPA key but I did enter the SSIDs for all three. I also created a MAC filter allowing only the machines at the locaions to access the WLAN including his laptop. The owner is able to travel from each location with no problems. All should be fine.

Posted: Tue Jul 03, 2007 8:10 am Post subject:

Yep easy to do. I've got one setup similar here for contractors access to the internet (off the network). The building's too big (and dense) for one AP to hit all the places so we've got a couple AP's wired together with Fiber, with all of the same settings. So when the user walks around, one drops off and then it picks up the next one. Only problems I've had is the contractors who have Wireless NICs that don't support WPA, but only WEP. They get a wired connection instead (on that same LAN).

Posted: Tue Jul 03, 2007 12:24 pm Post subject:

yeah i got this running no problem.

Due to security policies and regulations, they're legally obligated to have wireless connections encrypted. All three keyed the same way, and works like a charm.

Posted: Tue Jul 03, 2007 12:41 pm Post subject:

Olive wrote:
yeah i got this running no problem.

Due to security policies and regulations, they're legally obligated to have wireless connections encrypted. All three keyed the same way, and works like a charm.

You should really try to sell your client on moving away from either straight WEP or WPA. You need to add another layer, WEP/orWPA with rotating key plus some kind of back-end authentication. Radius, taccas etc. Or go the cert route.

WEP has been broken for year, and all versions of WPA can be bruteforced Rolling Eyes

fly me up there and I'll show them just how broken WEP is...... Very Happy