RealTime IT News

Ask the Wi-Fi Guru About Controlling Network Access and Wireless Bridges

Our monthly Q&A series offers advice to those seeking help with home or small business WLANs. This month our guru explains how to control a device's access to a network without banning it outright, and helps two readers bridge routers to extend their wireless networks to hard-to-reach places in their homes.

Would you like to ask the guru a question? Write the editor.

Recently there's been some Internet buzz around this wireless router hack, wherein the guts of a Belkin router have been stuffed into the case of a Nintendo game cartridge. It is a cool hack, especially if you want to hide a wireless router in stealth dressing, but ultimately is more about form than function.

You can find intrepid hackers doing all sorts of fun things with wireless networking, especially when it comes to antennas built out of a wok, a strainer, a Pringles can, or a retired satellite dish. In a pinch, you might even be able to extend your wireless router's signal using a tinfoil sail.

It takes a special kind of hacker, though, to adorn a humble wireless router with the body of a Victorian-style wooden box. Just imagine if Charles Dickens had been surfing the net all day instead of writing bleak novels.

How do I kick a device off my network without banning it altogether?

Q: I have a WRT54G and I'd like to disconnect a device (Xbox) without banning the MAC . Is there a way to expire the lease to kick the device off? I think I have v8 of the firmware, no mods or patches. - Anonymous

A: Sometimes you want to temporarily prevent a device from accessing the Internet--although the writer didn't say so, imagine that you're a parent who wants to mediate when the kids can play Xbox Live.

Most routers provide a "MAC filter" feature that you can use to either allow (whitelist) or deny (blacklist) specific clients. But you would need to repeatedly add and remove the Xbox's MAC address every time you want to control access, which is very inconvenient.

Assuming that the Xbox, like most devices, is configured by DHCP , it receives its IP address automatically from the router. Again, most routers will let you view a list of existing DHCP clients. Often, you can manually close the connection to a DHCP-connected client, known as expiring its lease. But if you do this, the device will immediately try to renew its lease, and therefore be right back online.

A preferable solution is to use some kind of access policy, if your router supports it. The current WRT54G actually does provide access policies in the "Access Restriction" menu of the firmware administration. Consult the Linksys manual for detailed instructions, but in short you would enter the MAC address for the Xbox (or any device) into the "Internet Access Policy" page. You can click "allow" or "deny" and then choose a schedule such as "everyday" or a period of time.

You can use this policy to enforce a specific schedule, or else if you need to arbitrarily control Xbox Internet access, you will need to connect to this page and tick on or off the "deny" button as needed.

How can I bridge two routers?

Q: I have a wireless router in the basement that is directly connected to the telephone jack in the wall. The router I am using is a Belkin F5D9230uk4 v3 (G Plus MIMO). Unfortunately, the signal of the wireless router is not strong enough to connect on the second floor of my house. I want to create a bridge where I put a second Wi-Fi router on the first floor of my apartment. I have these two routers on hand: a Speedport W500V and a Netgear WPN 824 v2. Is it even possible to create a bridge with these two routers? I read that they have to have a bridging or PPPoE function? - Akeef2k6

Q:I have a DLink DIR-655 router and a DAP-1522 bridge/AP..I have a large house with the router at the far end of the house. You can imagine how poorly my wireless works. Can the router be hardwired to the AP to increase the range in my house? - Nick

A: Both Nick and Akeef have similar conundrums: Their primary wireless router doesn't have the range to cover their entire living space. It is a common problem, because there are so many factors that can affect wireless signal range, not only distance but also building materials and obstructions.

Nick already owns a second router which is marketed as a "bridge/AP". This means that it is designed to connect to a primary router, and rebroadcast that signal. The DAP-1522 can connect to the primary router either wirelessly (making it a wireless client), or by Ethernet cable. But you don't really need a device marketed as a bridge to build a bridge. In fact, you could use any wireless router, such as Akeef's Speedport and Netgear models.

Let's forget about the PPPoE functions advertised with those routers--this is related to their design as DSL modems and relates to how they connect to the DSL line. In this case, there is already a primary router connected to the DSL line (the Belkin).

To extend their wireless range, Akeef and Nick first need to figure out a way to get a wired connection to the second router. Your first choice would be an Ethernet cable, although this may mean running through walls and floors. If this will be a major problem, consider a powerline Ethernet solution. Using a "HomePlug" certified adapter, you can use the existing power lines in your home to carry network data using the nearest power outlets.

Whether you run a straight Ethernet cable or use a HomePlug solution, there will be an Ethernet cable run to the secondary router, where it plugs into one of that router's LAN ports.

You will need to configure the second router to have a LAN IP address compatible with your primary router--so, if your primary router is, then configure your secondary router to You will also need to configure the wireless broadcast settings on the secondary router to the same parameters used for the wireless settings on your primary router, including security settings. This way, roaming devices like laptops can transparently switch to whichever router is strongest around your home.

If, like Akeef, you are using a standard router as a bridge in this scenario, you should disable that router's DHCP server and firewall. These services are already being provided by the primary router and could cause network problems if enabled on both. The DAP-1522 is designed to be a bridge, so it probably doesn't need these extra tweaks.