Wireless WDS link protocol
 

Does anyone know what form of encryption if any (!) goes to form a wireless WDS link (ie bridging wireless access points together).

I'm baffled at this one as I'm not sure as to how secure it is :erm:

Re: Wireless WDS link protocol
 

A bridge isnt an access point, my understanding is that they just forward packets from one port on to another

Re: Wireless WDS link protocol
 

Yes exactly ... but don't confuse this bridge with an ethernet bridge...

A WDS bridge is in itself a wireless connection separate to Access Point functions.

What I have done is bridged two access points together with WDS and turned off wireless access point capabilities on both APs so that all I have left is the wireless bridge.

SOOOOOOOO how is this wireless bridge encrypted if it is at all ?

:confused:

Re: Wireless WDS link protocol
 

My point is that once your on the network your on it and no further encryption is required. As your WDS is not providing any client association services then surely you dont need any further access protection then WEP or WPA

Re: Wireless WDS link protocol
 

Are you sure ?

LAN A ---- ACCESS POINT1/no wifi ----- WDS wireless link ---- ACCESS POINT2/no wifi ---- LAN B

So whats to stop someone hacking between Access point 1 and 2 ?

Re: Wireless WDS link protocol
 

Im confused, you have two LANs, both with wifi? With WEP or WPA?

Two access points which are disable on the WDS. But a wireless link between the two disabled access points?

If thats the case whats the difference (in principle) between the wireless link between the two access points and a wireless link between a laptop and a router?

Re: Wireless WDS link protocol
 

Not quite - I'm connected 2 wired networks via a single wireless link and want to try to do this as securely as possible.

A lot !

WDS is invisible it just connects the routers - no wireless device can connect to either of the access points nor know of their existence(maybe ? - I will have to test this out with stumbler).

With my l33t hax0r experience my query is that it must be possible to trick the identity of access point A or B and jump in - hence the reason as to my lack of understanding as to what protocol that WDS link uses.

Re: Wireless WDS link protocol
 

I guess it depends how the access points are turned off. If they are not providing a client association service or the access points are just not active at all.

Re: Wireless WDS link protocol
 

Completely turned off via DD-WRT

---------- Post added at 23:29 ---------- Previous post was at 23:27 ----------

Here's the link : http://www.dd-wrt.com/wiki/index.php...Point_Function

---------- Post added at 23:44 ---------- Previous post was at 23:29 ----------

Come on mate don't bail on me now :/

Reps for your effort :)

---------- Post added at 23:58 ---------- Previous post was at 23:44 ----------

Looks like I'm fearing this :

--- snip
I was considering getting an AirPort Basestation Extreme and Express together to extend the wireless network. But then I came across this note in the review:

One note: when using the AirPort Express as a WDS, you are limited to either using 128-bit WEP or turning off security altogether. This was not mentioned on the AirPort Express pages on apple.com, although it is addressed in the manual. WPA is generally not supported over bridged connections on WiFi products due to the fact that WPA encrypts the MAC addresses which WDS relies on for communication. Keep this limitation in mind when using the Express as a bridge.

Re: Wireless WDS link protocol
 

From http://en.wikipedia.org/wiki/Wireles...ibution_System

Re: Wireless WDS link protocol
 

I've read that *several* times :/ and really the article is vague over the subject :

Points too

and

Re: Wireless WDS link protocol
 

The way I read it was that there was no standard way for them to talk using WDS to negotiate dynamic keys, that is until 802.11s arrives. I think the usually comment refers to variations in different manufacturers proprietary implementations.

So to answer your original question, it's as secure as the kit lets you make it but as a minimum you can use encryption with static keys if there is no custom extensions. I wasn't aware there was any 3rd party firmware for the WRT54G, but personally I'd rather stick with standard firmware and a static (but complex) key as WPA-PSK with TKIP is pretty secure. That Airport comment is a bit of a problem though.

Re: Wireless WDS link protocol
 

Thanks Geoff that is exactly how I read it.

I think I am going to sack the idea of the WDS altogether and do a client bridge with WPA2 (might even do enterprise) and get a cron job running on one of the routers to update each others keys every 24 hours, does that sound secure or what ?

Re: Wireless WDS link protocol
 

That sounds like a man with way too much time on his hands ;)

Re: Wireless WDS link protocol
 

Should be easy.

DD-WRT is essentially a linux distro for Linksys wireless routers.

So all I need to do is create a simple script to

* Create new key
* ssh-rsync the key to the routers
* rexec reboot

Job done - or simpler still

* Create new key and dump it to the network share that both routers read the key from.
* rexec reboot

- I'm not wasting any more time on this - spent 6 hours on Friday when I could have been doing something better.