AT-TQ2403 Management Software User's Guide

133

 

 

Figure 50: Bridge Distant Wired LAN by WDS Diagram

Using WDS to Extend the Network Beyond the Wired Coverage Area

An ESS can extend the reach of the network into areas where cabling would be difficult, costly, or inefficient.

For example, suppose you have an access point which is connected to the network by Ethernet and serving multiple client stations in one area ("East Wing" in our example) but cannot reach others which are out of range. Suppose also that it is too difficult or too costly to wire the distant area with Ethernet cabling. You can solve this problem by placing a second access point closer to the second group of stations ("Poolside" in our example) and bridge the two APs with a WDS link. This extends your network wirelessly by providing an extra hop to get to distant stations.

Security Considerations Related to WDS Links

It is important to set some type of security on WDS links. You can set any type of security on the WDS link, regardless of the security setting applied to the APs on the link. For example, you may have the security on AP1 set to None and the security on AP2 set to WEP. Even though both settings are different, you can choose to set the security on the WDS link as either None or WEP. The only exception to this rule is in the case of WPA (PSK). The WPA (PSK) security setting can only be set on the WDS link if you have set security on both AP1 and AP2 to either WPA Personal or WPA Enterprise.

Understanding Static (WEP) Data Encryption

Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. Both access points in a given WDS link must be configured with the same security settings. For static WEP, either a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24- bit IV) Shared Key is specified for data encryption.

You can enable Static WEP on the WDS link (bridge). When WEP is enabled, all data exchanged between the two access points in a WDS link is encrypted using a fixed WEP key that you provide.

Static WEP does not provide effective data protection to the level of other security modes available for service to client stations. If you use Static WEP on a LAN intended for secure wireless traffic you are putting your network at risk. Therefore, we recommend using WPA (PSK) encryption on any WDS links on an Internal network. Do not use Static WEP based WDS to bridge access points on the Internal network unless you have no concerns about the security risk for data traffic on that network. For more information on WPA (PSK), see “Understanding WPA (PSK) Data Encryption”.