Building a Wireless Network for an Apartment Complex?

itwerx asks: "I've been asked to design a wireless infrastructure for an apartment complex. Tenants will pay an 'access deposit' and a monthly surcharge to get a PCMCIA/PCI/USB network card along with free installation and, of course, wireless Internet access. The buildings are arranged such that 2 WAP's per building should cover all the tenants (one WAP per side, far enough away to get line-of-sight through the windows). I do have a few concerns, however. All help is appreciated and when we're done we'll put up a HOWTO!"

"My concerns are the following:

• Interference between WAP's (there's several buildings) - there are enough channels if we go 802.11a but cost is a concern.
• Management of 'hitchhikers' - we're planning on manual assignment via DHCP/MAC address for tenants with others having all their HTTP requests get directed to an info page. Anybody done something different?
• Interference from WAP's and other devices that may be owned by tenants! Should we just avoid the default channel and hope for the best?!?

What other things might I need to worry about?"

interference..

[molo]

Interference between the two WAPs is not really what you have to worry about. Put them on different channels on opposite ends of the chunk of 802.11b spectrum and its done.

The real issue is interference from other devices. I hope no one has a 2.4GHz phone.. or a microwave.. or X11.. or one of the other dozens of devices on the (unregulated) 2.4GHz band. It can knock your 11Mbit down to 1.

Re:interference..

I think the poster meant X10's XCam and other wireless video products. These blast the entire 2.4MHz band indiscriminantly and blow away most of what's in its way -- quite a dirty signal frankly since it puts harmonics everywhere. The picture is beautiful until someone turns on an old microwave or a 2.4GHz phone, then you loose all semblance of reception. Cool thing was you could see stable bit patterns on the TV it was hooked up to if it was a phoen. I wouldn't expect those suckers would play nice with WAPs given how they react to other 2.4GHz creatures.

Strangely enough, a coworker with the expensive Siemens home-PBX-cordless bundle reports that those phones drop his 802.11 every time, but I'm surrounded by neighbors on 3 sides using the cheaper Vtech version of the product with nary a dropped bit! Go figure.

OT: These days I use a Recoton 900MHz video sending device that plays nice with my 900MHz phone even. The 2.4GHz video relays are VERY nice featurewise (clear picture, stereo baseband AV outputs on the receiver, and even passes IR remote signals in a single paperback-sized doodad). Unfortunately they don't work well in condos apartments or other high-density residences due to the neighbors' interference sources. You loose everything the first time someone picks up their cheap 2.4GHz phone.

Berkeley wireless LAN

[minesweeper]

U.C. Berkeley has been working on implementing a wireless network around campus. You can read up on the project here. It mentions some of the technical issues they face like 2.4GHz cordless phones and even interference from old microwave ovens.

Hitchhikers

[brunes69]

If you are worried about data sniffing, IPSec / WEP is your answer. If however, as I assume, you are worried about "free rides" on your bandwidth, I'd suggest PPPoE. That way no one gets on the network unless they have an account. Seeing how it is a relatively small number pf tenants I assume (less than 500 or so) it should be simple to keep a list of names / logins so as to provide a tenant with two logins should he get a second PC. This method saves you the hassle of managing a bunch of fixed IPs and MAC addresses with everyone on the network.

Security matters.

[dfeldman]

I have just one word of advise here: don't do it.

Back at my alma mater, one of the students (who thought he was clever) founded an ISP that provided 802.11b wireless access to apartments on campus. Inevitably, the WEP key he used was compromised, and student account passwords were sniffed and abused. Now, common sense would dictate that he shouldn't be responsible for what a criminal does with his network; but common sense does not reign supreme in the ivory tower of academia. What happened next was shocking: the student was disciplined, expelled, and sued for damages by the state college. Although he certainly could have won his case in front of a jury, he settled because he could not afford $15k to hire a good trial lawyer. Right now he has no degree, can't get into a good school, and is pumping gas for a living.

So, if you are considering rolling out a notoriously insecure network architecture (such as 802.11[ab]), consider the fact that you may be personally liable for anything bad that a crook does with your network. Be afraid.

df

On security, ditch WEP, USE A VPN

[kbroom]

WEP is easily broken. There are several tools that make war driver's life really easy.

I would set up the wireless network ouside a firewall, and then probably hook up a couple of machines with FreeSWAN or poptop (linux vpn servers) that will connect to the access points.

See this paper for a good discussion on wireless security.

University of FL authentication

The University of Florida is using some kind of authentication scheme. Basically, everything is automatic. Any attempt to access a valid network address takes me to the login page, where I can login using my UF gatorlink account info.

After that, everything just works. I don't know how secure the authentication stuff is. The configuration is dhcp, so real easy.

Spoofing

[Xenophon+Fenderson,]

Changing your MAC or using unsolicited ARP broadcasts to take over another IP address are exactly what IP spoofing is all about. It's more than just setting a new MAC through ifconfig or Device Manager, too. Usually, you're doing some kind of ARP poison routing to do man-in-the-middle attacks or sniffing.

So it really is spoofing, as such.

Screw wireless try this :

[isotope23]

http://www.linksys.com/products/product.asp?grid=3 2&prid=416

PLEBR10 - ethernet via powerline

Are the apartments all on the same side of the transformer?

Does the aprartment own the power lines in the complex?

Better solution IMO no new wires, 12meg of
data vs like 3-4 for 11.b stuff AND
you can move it from outlet to outlet....

No broadcasting via airwaves so people won't even think about checking the powerline for internet
(for awhile).

If the distance between the buildings is too great, or they are seperated by a transformer,
I would think about doing a cat 5 or fiber run
between the buidings. If not, the put
a couple 11.a points up to interconnect.

Re:Don't bother with WiFi...

[WolfWithoutAClause]

You also need to remember that the 11MB/s provided by WiFi is shared between all users. If you have 50 "dwelling units" and two WiFi access points, you'll be offering a service with less maximum bandwidth than bottom-of-the-range xDSL...

Wrong.

Ever heard of contention ratio? Contention ratio is the ration between the actual bandwidth and the bandwidth available to each user. In this case you are providing 11 Mb/s of backbone for 50 users. Assuming a contention ratio of 50:1, which is fairly normal entry level ADSL, this wireless system can provide for ~3-11 Mb/s each for about 50 users. Or ~1-3 Mb/s per user at a contention ratio of 20:1.

and you'll be charging for $100 WiFi NICs instead of $10 PCI ethernet NICs (which many PCs now have as standard anyway)... and for a service subject to atmospheric outages (ever use a WiFi network during a thunderstorm)

Plenty of people have used it over multi-km distances with no problem.