Slashdot Mirror
Supercharging Your Linksys Wireless Access Point
kwishot writes "Xam over at www.wi2600.org has documented a relatively simple way to 'turn up the juice' on your Linksys WAP11 Wireless Access Point." Caveats: the outlined method requires a Windows box, recent firmware, and (some) bravery, but no going inside the box or special hardware.
most useful considering AP's are pretty cheap now
but the windoze only part.....:(
vv
Does the FCC have a problem with a person amplifying their wireless network without some sort of license? I'm totally ignorant on the legalities of this, but it seems like a really cool tip for free amplification!
~ now you know
Now that cable services are starting to fall and AOL begins to take over the cable market wireless points will be a huge innovation.
But we are still waiting. Wireless is becoming the new thing, but communities need to respond. But buying these home [and business] wireless products hopefully this will fuel the boom.
Now that my cable service is dropping me when using any P2P service and even newgroups [ahem] I've considered buying a bigger cable/pipe which I can do what I'd like with. Something with more freedom and the abilty to share the access with home I want.
Now, my neighbors on both sides have internet access. One is my granparents whom use a $20 56K service and the others also use broadband [DSL].
I'm completely capable of running mail services, hell even a proxy server. I can do all these things with redhat or debain out of the box. No matter what their needs are I can set up the system.
Hopefully the wireless situation will become one where one could sell access to services. Whether they be a town, city or user group... let's hope wireless plays a big role in delivering a part of the 'last mile' solution.
Although if wireless becomes too much of a 'hobby' then large scale networks may not be seen. Hope we see a balance.
Get your Unix fortune now!
From what i can tell, this doesn't have to be a Windows only hack. The piece of software that Xam states is only built for Win32 seems to be nothing more then an SNMP manager. Now, the Win32 tool might make it a bit easier, but you can hardly call it "requires a Windows box".
I'm against picketing, but I don't know how to show it.
The real trick is to get your neighbor to turn up his power so you don't have to buy your own...
Here's my question - I own a 2.4Ghz Seimens wireless phone and whenever I use that it cancels out my computer's wireless access! Does anyone know if this hack will affect this behavior (worse or better)? I would try it myself, but I use my iBook's Airport card for wireless access and can't run the program they use from my Mac, which would mean getting a PC wireless card to perform the hack.
Sound waves should be free!
I goofed. The maximum radiated power is set at 1W. Not 1mW. Here's the FCC rules that apply, for those interested:
Long, cute, or funny Sigs are just another form of over compensation, used by geeks, nerdz, etc.
The best way to increase the range of the linksys router is to not use a linksys card with it.
Switching from the linksys card to an Orinoco more than tripled my range! It also made me realize that the linksys router signal _was_ hitting the street (I thought it wasn't reaching my couch with the old card), and enlightened me to "War driving". If your having range problems in your house, it is more likely your card.
For those that would like to put an 802.11b antenna on their roof without worrying about weatherproofing their access point, this may be just the thing.
Browse the MIB supplied by Linksys on their web site and do the same with scotty. No real rocket science here. It is as elementary as it can get.
No need of the windows executable
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
...whether hacks like this are just plants by the parent companies sometimes.
"So you tried to up the radio signal of your WAP11 by hacking it to boost the radio signal, and now it won't work? (Hey Bob, we got another one!) What, oh that was nothing sir. Sir, I'm sorry to say your warranty is void. But we do have a sale on the upgraded model right now..."
It hurts when I pee.
Essentially what I'm saying is, you turn up the power on this thing, you don't wanna wear it as a hat. Not that you wanted to do it before, but now you *really* don't want to.
Remember, Linksys is not turning down the power just to spite the geeks out there. I imagine it could easily be a safety issue. Either that, or they had to do it to meet the FCC interference standards. If that's the case, you could have problems with devices that operate in that section of spectrum - I seem to remember something about wireless phone (NOT cellular, *wireless*, as in a base unit, then a detachable handset) working there.
Also, just as a totally useless aside, looking at my handy-dandy (three or so years old) frequency chart I have here, I find it interesting that that portion of spectrum used to be for amateur radio operators. Co-located, perhaps, or did they just take it away from the amateurs altogether?
Pain(n): when you're telnetting into a box doing somethin cool, and some luser calls for help with a 'critical error' ad
The easiest way to overcome coaxial line loss is to trash the RG-58 rubbish you buy at Radio Shack, and get some nice low loss coax designed for UHF. While some of it can be ridiculously expensive, a nice compromise might be something like Belden 9913 which is much lower loss than RG-58 yet relatively cheap (about a buck a foot). The downside of low loss coax is that it tends to be heavy, thick and difficult to work with, but the new generation of 9913 with foam dielectric helps to overcome some of this.
I wonder if there are similar registers for the
pcmcia cards, such at the Wavelan/lucent/orinoco
cards, or the prism II based cards? Open source
drivers would make turning up the heat on these
things easier and might help make some links more
stable.
A higher gain antenna on the access point would help with both transmit and receive, and this is another option, however, I think that this might be illegal in the US.
Also, it is useful to recall that microwave ovens operate on 2400 MHz because this is the most efficient frequency for heating water. One watt is enough to cause some RF heating and potentially be hazardous to you health. Don't look at the business end of that yagi!
there are 3 kinds of people:
* those who can count
* those who can't
For many of the pcmcia cards (probably not the cheap ones), a client utility is usually included that allow you to change the output levels. I actually turn mine down at work as I have an AP at my desk and I'd like to keep my hair. ;0) Really though, I'm only using it for testing so 1mW on both ends works just fine and reduces the chance of an attack (both internal and external, i work at a big company) since the range is reduced.
Jim Harry
Adding WaveLAN Extender - This article discusses adding various antennae to base stations to improve their range.
Extending TheAirPort's Range - This article discusses some more radical procedures, including some neat stuff with Directional Antennae which allow 802.11b to work as far away as a 57 Kilometers. They also discuss various antennae to add to laptops in order to improve their range.
- Vincit qui patitur.
First, I never did upgrade the firmware to 1.4g5 or 1.4g7, I am running 1.4H3. I guess I should upgrade, but that would require me to actually get the AP next to my PC for the USB connection. The upgrade seems to work OK without the latest rev as long as you can connect via snmp. I think I must have the 1.0 hardware since I got this thing Jan 2001.
Second, I think you can also turn off the SSID on your WAP using these utilities. I have not tried this but perhaps it could help if you are paranoid...
Finally, The main reason I worked on trying to fugure this out is because my wireless network was running very slow. I finally figured out the reason was the wpc11 linksys pcmcia card that I have. If you have one of these cards make sure to DISABLE the PowerSaveMode in your network configuration (in Windows). Your network will now run significantly faster (500K/sec instead of 50K/Sec in my case). Also when exploring in windows use mapped drives instead of unc names. This seems to also help.
Hope that helps, BRian
...and as your device is running too muich power throough the finals and it smokes, much like your overclocked AMD, you'll realize that you should have cracked open the case and put a fan on them.
Do not fold, spindle or mutilate.
Why not just use a card? They are much cheaper.
Get an Intersil Prism2 card and use the Prism 2 AP module to turn your Linux box into an AP.
Deleted
I have two d-link DWL650s at home, one on a Win98 laptop and another on a Win2K. With both the laptops sitting side-by-side, about 30 feet from the Linksys WAP, the Win98 laptop had a strong signal (>80%) whereas the Win2k indicated a poor signal ( 0%). And yes, I did interchange the cards between the laptops.
Leads me to believe there is some software setting in the device driver.
Slashdot looks deep within my heart and assigns me a number based on the order in which I join
enterprises.atmel.atmelmib.atmelSys.TestModeSettin gsGRP.TestModeRadioConfiguration.0 = Hex: CA CA CA CA CA CA C9 C9 C9 C9 C9 C9 C9 C9
Although not in the same configuration as the article describes, this may be due to the fact that I've never upgraded the firmware on the access point I snmpwalk'd this from. Perhaps I should get busy on that....
Any of you people out there with an upgraded firmware, you should try snmpset under Linux or your UNIX of choice and see what kind of results you get... extra points for verifying the change with the Windows stuff in the article.
Numerically, snmptranslate says that the correct field is .1.3.6.1.4.1.410.1.1.8.8.0, assuming I'm using it right (I called it with the commandline snmptranslate -m +ATMEL-MIB -IR enterprises.atmel.atmelmib.atmelSys.TestModeSettin gsGRP.TestModeRadioConfiguration.0.)
In the article it states: "this will ammount to 3 to 4 db gain in power, which isn't all that much, but heck, it's free".
3dB will result in a signal that is 2 times as strong. So, yes, it is quite a bit more.
When refering to decibels, every 3dB means 2X the power. Just thought I would point that out.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Does anyone know if the WAP11 is the only Linksys AP this works on? I use the Router/AP combo and don't seem to be able to make it work.
Everyone in wireless knows that the 2.4GHz is already more than a little crowded, having to share the air with cordless phones, garage door openers, etc. etc... Even though this is a very cool hack, if you don't theed the extra range I would ask that after you have had your fun that you turn it back down a bit. When I first got into wireless it was all about how far I could throw a signal - but I realize that as things get more crowded out there, keeping my signal strength to the minimum level that will get my particular need taken care of is the neighborly thing to do. When I finally get my hands on some 802.11g gear that operates over the same 2.4GHz spectrum I want there to be some spectrum left to use! ;-)
--
The Sphere Guerilla Net
There are 2 packages worth looking at.
NetSnmp/UcdSnmp and OpenSnmp.
There are some nice front-ends to these. For those using KDE, there are some KIO at apps.kde.com.
snmpio or iosnmp, respectivly.
With the ROM, you will find the MIB required to use this ROM.
BTW, the reason why these folks used USB is that they killed that radio during the install. Make sure that you do not mix radios and packages. Also, make sure that you load all the intervening series of ROMS as these are diffs.
"3 to 4 db gain in power, which isn't all that much". Go back and check your log tables. A 3db increase is doubling your total RF power out.
I just did this, and with my WAP11 and WPC11 linksys wireless network card, I got about 30% more power, I haven't even tried going outside my house since I get 100% link quality all around, but I'm going to have to try it.
Generally, with a directional antenna at those freq's you could get 10 to 20dB of gain, or more. Now take one watt (or whatever) and multiply it by 10 or 13. That's your ERP or effective radiated power. If your feedline isn't too long and its high quality microwave coax, these calculations should hold up pretty well. It you have to run 50 or 100 feet, you're hosed, as only something like Andrew's Heliax will have the small enough loss/ft at these frequencies.
Steven King has a house in Sarasota, FL
during the winter season he should be found there
Don't try to mount the antenna remotely; the loss in the transmission line would overrid the gain.
Instead, run ethernet and power to the highest point in your house and put your linksys there.
This method is safe, legal, and it WORKS.
the power boost upgrade worked like a *charm* --
many thanks to timothy and slashdot for the posting!!
the linksys upgrade to 1.4h3 also worked like a
charm, and fixed all sorts of problems I was
experiencing trying to config the thing.
(client was my one win2k box)
I too have experienced crappy reception with their
PCMCIA cards... not sure why.
As artist turned engineer, I simultaneously long for and fear the day when it all becomes content again.
Note that not only can you -increase- the power, you can decrease it too! "Why on earth would you want to do that?!?!" you say.
Just think...the AP that was suddenly accessible from the road is barely accessible from the front lawn. Maybe you use your AP within a pretty close range etc...lower power levels would be just fine.
The linksys also allows you very fine-grained control over supported data rates etc; experiment with, say, turning off everything except 11mbps and tweaking the power level down one notch up from where you start to see packet loss etc. Tada, maybe now your network that was visible from the street is only visible from the yard or front door. Granted, some antenna-kiddie(ooo, I coined a new term!) is still going to find the AP when he points a directional your way, but oh well...at least it'll maybe discourage the average moron who recides to go driving with his laptop.
Not to mention, if you're nervous about scrambled brain, having the AP at a lower power level might make you feel better, although the card is what is closest to you...
...and my Pringles can burst into flames.
Of course I'm still wondering why 802.11 didn't fly on AO-40. I'm sure some FCC regs got in the way of that one.. that sure would have been a much-needed leg up for amateur radio.
Intelligent Life on Earth
I guess my point was WHICH registers are set and
how can I tweak the FreeBSD wi driver to have an
ioctl to allow me to set them for orinoco cards.
I have a wireless link that is based on FreeBSD boxes and a few extra db is all I need to overcome
the leaves in the summer, and snow storms in the
winter.
Since I control both ends, I can boost the power
symetrically and still be within the FCC guidelines for radiated power (I'm about 10dBi
under the limit if I read the power meter I have
correctly). Yes, I've taken the gain of my
antennas into account. No, I can't buy larger
antennas because 24dBi is the largest that will
mount on my roof.
So I'm left with getting an amp, or having the
cards put out more power. I'd like to avoid an
amp...
What about those of us that have the BEFW11S4, Linksys' Wireless+Router+4-port Switch device? I don't believe these guys have SNMP capability. There might be something in the firmware that could be tweaked. It would take some poking with a hex editor, I suppose... Anyone hacked on this little Linky?
One of the first replies mentions 1W being the maximum power allowed in the band by the FCC. The way it is worded appears to have led a number of people to believe that this is what the mod allows the access point to do. Having read the link, it looks like the mod allows for up to 100mW of power. Aren't there 100mW cards and access points everywhere? Maybe I'm mistaken but this only looks to be of value if the hardware in question can be found for dirt cheap... Even then you wouldn't be getting extraordinary performance; just typical performance at a good price.
As some posters have reported, it is possible to increase usable range by boosting the output power of the Linksys box. However, you should keep in mind that the wireless link between your client device and the AP is limited by the weaker direction. Say, for instance that you have a 1 watt transmitter in your (industrial-strength) AP, but only a 10 milliwatt transmitter in your client (handheld PDA) device. All other things being equal, your 100X greater AP transmit power will be wasted, because the AP will not be able to hear your puny 10 mW handheld device more than 30 feet away...
The formal term for the analysis of effective range between two stations is LINK BUDGET. This is influenced by the following:
a) Raw transmitter power
b) Receiver sensitivity
c) Feed losses (e.g. long coax runs)
d) Antenna "gain"
All of these must be factored in to determine the effect on range which may be obtained by altering ANY of them.
The key here is that since both the AP *AND* the client device must be "hearable" by each other, boosting transmitter power on one end and changing nothing else has limited (if any) benefit.
In practice, you may be able to get an appreciable improvement in usable range by boosting the AP's transmitter power, simply because if you're using the wireless link for web surfing, you are receiving (on your client device) much more often than you are transmitting. In actuality, your client device may be re-transmitting those HTTP "GET" messages a number of times before it is heard by the AP, but the effect is inconsequential when the bulk of the traffic is being received by the client device.
Turn it around and try making your laptop a web server and see how "symmetrical" the performance turns out to be...
I have a high end panasonic phone that works fine along with my linksys wap11 (and also worked fine with my dlink ap1000)...the seimens should work too. They will interfere if you do not have your systems set to different sets of channels. I have my wap11 set to channel 9, or 11 (11 I found works better than 9 that I used at one time on the ap1000) and the panasonic you just turn on and watch your signal strenghth on a station, when it goes up when phone is on or off and phone is not staticy...you are golden. You see there are 11 channels in the us and 12 elsewhere, and 3 seperate groups of channels whose freq do not overlap.
This only works with 2.5Ghz DSS phones and DSS (802.11b) equipment, you can forget it with a Freq Hopping (FH) phone or networking equipment like proxim sympony/rangelan...they will always conflict.
Could someone with one of these access points please read the FCC ID off the sticker on the back and post it here.
I want to look up what transmit power the device is certified for. From that I can answer everyone's questions about whether the FCC cares about this particular hack.
Correction sorry
>and the panasonic you just turn on and watch >your signal strenghth on a station, when it goes >up when phone is on or off and phone is not >staticy...you are golden
should have said:
and the panasonic you just change channels using the channel button and watch your signal strenghth on a station, when it goes up when phone is on or off and phone is not staticy...you are golden
Man after a whole afternoon of screwing with a WAP11 and a BEFW11s4 (router with 802.11b and 4 port switch) trying to get the WAP to connect in client mode to a BEFW11S4 I never could get it and I don't know when linksys is gonna fix it.
Thankfully Slashdot came to the resuce with something fun for me to try, anybody out there had any luck making a BEFW11S4 more capable? They kinda suck compared to a WAP11 since the WAP11 can be an AP, Client, or Bridge. I've read about using TFTP to download WAP11 firmware onto a BEFW11S4 but I'm a little hesitant... Any advice?
I have a Netgear ME102 Wireless Access Point that has all the same guts as the Linksys AP. I went through this procedure, and everything worked exactly the same.
whowd@truman.edu
Thanks to whoever posted the FCC ID. The ID is O7JGL2411AP (note first character is letter O, which is not what they posted). The post didn't say which of the OEM brands this corresponds to, but I expect all are the same.
This device is certified for only 82 mW of output power. 100 mW is a violation.
So indeed, the FCC will be upset by the hack. In this case it is the license grantee who will get in trouble (global sun technology inc, jung li city, Taiwan) for building a device that users can take out of compliance.
View the FCC license for the device if you are interested.
It'd be neat if the author of "fun_with_the_wap11.txt" could find out just WHAT part of the h/w was being controlled by the power parameter, ie. what amplifiers and/or attenuators.
Since the 802.11b radios are TRANSmitting devices - not just emitting or receiving - we can hope the parameter being mucked with controls the receiver's IF amplifier as well as the emitter amplifier.
In that case, the outbound pulses are stronger, AND the weak-kneed inbound pulses are given a kick in the pants before being passed along to the analog and digital processing stages. This increases the odds for analog signal detection and digital network layer traffic.
Keep in mind that cranking an amp also increases the heat generated inside a cramped pcmcia card, translating into either shorter life or the addition of heat sinks and fans. Those who are serious about longer range go with the two way amps from Hyperlink, et al.
Luke, help me take this mask off
As an aside, rasing the power to 100 Mw only gets us another 3 or 4 db at best
That should be mW, not Mw. Uppercase M is for Mega, and 100 megawatts is a lot more than a 3 or 4 dB gain...
When refering to decibels, every 3dB means 2X the power
Not quite. It's +10dB for a factor ten increase (exactly and by definition). So while your statement that +3db means a doubling of the power, that's a fair approximation for quick estimates, but not more than an approximation.
How would one go about calculating the signal
antenuation caused by an rf signal of a given
wavelength or frequency passing though a solid
body of a given density ?
2.4 GHz to 900 MHz transverter
Based around the WAP11 to help overcome obstructions.
The maximum output of a Linksys WAP11 is 19.18 dBm (83 mW), by the way. There is an integrated TX AGC to control the linearity of the output RF power amplifier, this is what this power hack is controlling. You may have a higher output power, but your signal will be distorted.
One interesting point: in the article, the author notes the default values of the channels as being in the range B5-C0.
In my case, those settings were mostly FE.
So, setting them all to 80 was a big win, I think.
This is a great set of antenna kits for the WAP11
i nksys
http://www.techsplanet.com/antenna_by_brand.htm#l
Does anyone know if this hack would work on a d-link WAP? As far as I know, it uses Atmel...
How many of these will I need to replace my microwave?
Remember, there were no nuclear weapons before women were allowed to vote.
Wow, wish I had mod points, this guy is really insightful! *snork* :)
As an aside, raising the power to 100 mw only gets us another 3 or 4 db at best, peak envelope power.
He speaks as if this is low. A 3dB increase in power is double the power.
Nothing to sneeze at.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
More WAP11 snmp information:
http://pasadena.net/aprf/
http://wireless.pasadena.net