When I got an iTouch a little while ago, I decided my small (home/office) LAN needed a WiFi access point. But an access point is (by design) limited, and the 655 has a truly outstanding radio, is a powerful firewall and router with a gigabit switch*, is reasonably priced, and I might not always want to just have an access point.
So I bought the 655 and I understand and accept that I'm sort of using it in a way it wasn't designed to be used. None the less, everything is working wonderfully, and I'm delighted with the 655, so I thought I'd share what I did to get it to work. Note that the 655 was designed to manage your network, so this is only necessary if you don't want the 655 to manage your network. Even though my setup is complicated, the story is the same even if you are adding a 655 to the simplest of existing networks.
My LAN is 100Mb, and is "managed" by a hardware firewall (a SonicWall) which is connected to the internet via a 15Mb aDSL2 modem in bridge mode. The SonicWall handles all the routing, and manages the entire internal LAN. My ISP was kind enough to assign me a tiny static IP address block, and there are multiple external static IPs routed to different machines on the LAN as well as DHCP and NAT management for all machines on the LAN. All LAN machines are assigned an IP in a local non-routable address range (i.e., 10.x.x.x). Everything works as I want it to, the machines can all talk to each other, it's easy to maintain, and it's as bulletproof to the outside world as I know how to make it.
In order to keep all my wireless clients on the same subnet as the whole rest of the lan (and to have them all managed by my SonicWall), I normally would try to turn DHCP and NAT off in the 655, and assign both the WAN and LAN sides of the 655 a (different) IP number in the same subnet. The 1.21 firmware won't let me turn NAT off, or assign an IP in the same subnet to both the WAN and the LAN. The 1.11 firmware will let me turn DHCP and NAT off, and assign the WAN and LAN to the same subnet, but it won't route when setup that way. Is there any way to have the WAN and the LAN on the same subnet?
So I gave up on even using the WAN port, since I don't need to firewall the internet with the 655 because it's already been done upstream with the SonicWall, and I don't need the 655's DHCP or NAT or routing that the SonicWall is also already taking care of.
I just plugged everything into the 655's LAN ports. The LAN itself gets plugged into one of the 655's LAN ports, as do two computers which are physically close to the 655. Everything works. I still get to use all the protections the 655 offers to wireless clients (like MAC address filtering, and WPA2 with AES), and the SonicWall still gets to assign and manage IP addresses like it does for every other client on the LAN.
Note that the 655, when set to MAC address filter, applies the filter to all clients plugged into the LAN ports, not just to clients that are wirelessly connecting. So if you turn MAC address filtering on, you'll have to add the MAC addresses of all machines (AND switches) in your LAN if you want to be able to talk machine to machine. At the very least, you'll have to add the MAC address of the gateway machine on the LAN, or you won't be able to talk to the internet.
Which leads me to my first question:
*Are the LAN ports on the 655 a switch or a hub? Is there an ARP table maintained for each of the four LAN ports so that if I have three computers plugged into the LAN ports, and data is being exchanged between the computers plugged into ports one and two, the data won't be sent to the computer plugged into port three too? (Yes, I realize that computer three will ignore the data if it's not meant for it, I'm trying to figure out if the LAN ports are a switch or a hub. Even though the manual and literature specifically calls it a switch, the flashing LED lights on the front sometimes make me think it's just a hub).
About the only thing that doesn't seem to work with this setup is using a ntp server to set the 655's clock. It seems the ntp server has to be on the WAN port, not the LAN port. Short of setting up an ntp server on one of my LAN machines, Is there some way I can setup a static route in the 655 so that its ntp server calls get routed out a LAN port to my gateway instead of out the not-connected WAN port?
Thanks!
Bill S
Author
Topic: Using the 655 as an Access Point (Read 5766 times)