Well-explained, Leo. Instead of "additional" hardware, for simplicity I would suggest "replacement" hardware.
Apple truly solved this problem in a very simple way. Guest networking in any new Airport Extreme. Two SSIDs, two separate networks, one device. Brilliant. Done right.
Craig Fisher
April 16, 2009 1:46 PM
Why not just use MAC address filtering on your wireless router. Just add the friend's MAC address to the list of allowed addresses. No WEP/WPA needed.
As other have stated, MAC addresses are NOT secure. It's trivial to spoof them. (And you do want your data encrypted, I think.)
- Leo 17-Apr-2009
Rahul
April 16, 2009 4:12 PM
Craig - MAC address can easily be spoofed to connect. And without WPA, all traffic between the PCs and router can be openly read by a listener.
Craig Fisher
April 16, 2009 7:06 PM
Rahul: Yes, but to spoof a MAC address someone first needs to find a valid MAC address to use.
And your traffic between PCs that are connected via ethernet cable isn't encrypted either.
MAC addresses are not encrypted even on encrypted connections, (technically they're used at a layer below encrypted data), so all one needs to do is sniff the network, pick one of the MAC addresses that are obviously allowed to pass through, and choose that to spoof.
And data on your ethernet cable isn't being broadcast to a 300 ft radius of your wireless connection. :-)
- Leo 17-Apr-2009
Craig Fisher
April 18, 2009 3:39 PM
Leo: thanks for clarifying the pitfall of MAC address filtering.
And point taken about WiFI being broadcast, but the discussion was in the context of allowing friends onto your LAN.
My point about WiFi is that you should not remove encryption simply to allow a guest to connect. If you need encryption, you need encryption.
- Leo 19-Apr-2009
hkbs
April 21, 2009 10:42 AM
Thanks for that info, Leo. May I ask what to look for to obtain a hub/switch.
Rich Deem
April 21, 2009 3:13 PM
I have a DSL Router. The original one died and the computer store people (Best Buy) suggested I replace it with another one from Verizon. It still uses WEP and can't, apparently, use WPA. As a DSL user are we stuck with old technology? What about FIOS fiber optic? If its router dies, can you buy a better one?
This has nothing to do with DSL or FIOS or whatever technology you connect to the internet with. This is all about the router itself, nothing more nothing less. I'd check with your ISP for what your options really are, I can't believe they'd force a WEP-only router on you. In many cases they don't give or specify a router - they provide a modem which you then connect to whatever router you like.
- Leo 22-Apr-2009
avoidz
April 21, 2009 9:29 PM
I have a wireless gateway with four ports at the back, so if a friend brings over a notebook or whatever I just hook it up with a length of network cable. Much easier and quicker than configuring the wireless connection.
Andy
June 24, 2010 3:21 AM
In scenario 2, would it be possible to use a G- series router for the guests' usage without it affecting my encrypted N-series router? I remember reading previously that older router versions (ie G-series) can negatively affect the performance of newer ones. What effect can this have on wireless performance?
Comments
Read the article that everyone's commenting on.
April 16, 2009 12:52 PM
Well-explained, Leo. Instead of "additional" hardware, for simplicity I would suggest "replacement" hardware.
Apple truly solved this problem in a very simple way. Guest networking in any new Airport Extreme. Two SSIDs, two separate networks, one device. Brilliant. Done right.
April 16, 2009 1:46 PM
Why not just use MAC address filtering on your wireless router. Just add the friend's MAC address to the list of allowed addresses. No WEP/WPA needed.
17-Apr-2009
April 16, 2009 4:12 PM
Craig - MAC address can easily be spoofed to connect. And without WPA, all traffic between the PCs and router can be openly read by a listener.
April 16, 2009 7:06 PM
Rahul: Yes, but to spoof a MAC address someone first needs to find a valid MAC address to use.
And your traffic between PCs that are connected via ethernet cable isn't encrypted either.
And data on your ethernet cable isn't being broadcast to a 300 ft radius of your wireless connection. :-)
17-Apr-2009
April 18, 2009 3:39 PM
Leo: thanks for clarifying the pitfall of MAC address filtering.
And point taken about WiFI being broadcast, but the discussion was in the context of allowing friends onto your LAN.
19-Apr-2009
April 21, 2009 10:42 AM
Thanks for that info, Leo. May I ask what to look for to obtain a hub/switch.
April 21, 2009 3:13 PM
I have a DSL Router. The original one died and the computer store people (Best Buy) suggested I replace it with another one from Verizon. It still uses WEP and can't, apparently, use WPA. As a DSL user are we stuck with old technology? What about FIOS fiber optic? If its router dies, can you buy a better one?
22-Apr-2009
April 21, 2009 9:29 PM
I have a wireless gateway with four ports at the back, so if a friend brings over a notebook or whatever I just hook it up with a length of network cable. Much easier and quicker than configuring the wireless connection.
June 24, 2010 3:21 AM
In scenario 2, would it be possible to use a G- series router for the guests' usage without it affecting my encrypted N-series router? I remember reading previously that older router versions (ie G-series) can negatively affect the performance of newer ones. What effect can this have on wireless performance?
To post a comment on "How should I share my home network with a visitor?", please return to that article's main page.