As I previously mentioned, one of the main reasons for all this work was that the new sanctuary building does not have a wired network and I needed to move the existing computers and printer to a wireless network. So, since I have an Airport Extreme at home, I was planning to create a Pre-N network. But, since few PC users have N-capable devices (gotta love Apple), I made sure the main network was 801.11g instead.
So, I chose a wireless router that was capable of creating both an N and G network. That is the D-Link DIR-855. It can broadcast the G network on 2.4GHz and the N network on 5GHz. Since our new phone system will also be wireless, I wanted to have some spectrum separation while still looking forward to N devices.
I followed the router setup wizard as instructed by D-Link. When it came time to choose the security, I chose WPA2-PSK. Why? Well, WPA is supposed to me more secure than WEP, and WPA2 moreso than WPA. The reason I went with the PSK (personal key) instead of the more secure commercial key, is that I do not have the resources to setup the necessary RADIUS server, although I would like to do just that. Again, while I may be able to manage the server, I have to think about the folks coming in after me. They may not be familiar with servers and any problems will just lead to another frustration when it does not work. The main problem with a personal key (PSK) is that in order to authenticate someone, you have to save the password on their device. All they have to do is click the box to “view password as text” and presto, they can give it to anyone else.
You just have to trust folks not to do that or change the password on all network devices at regular intervals.
Lesser of two evils? You decide.
Now that I had the first building’s wireless network up, I had to setup the second (and completely wireless) building.
The main reason I was able to set them up with little concern is that we had a contractor pull a cable from my communications closet in the first building to the second. Otherwise, I was going to have to look some form of wireless bridge or WDS, both of which would have further degraded the signal and bandwidth.
In the second building, I connected the pulled cable to an identical 8-port switch (always think about expandibility) and then to the wireless access point. Note, this is an access point and not another router. This is key as it will simply take the DHCP address from the wireless router and provide it to all other clients in the second building. If I had used another router, I might have ended up with a second layer of NAT (network address translation) and devices in one building might not be able to see those in the other building and vice versa.
The easiest thing to do is get an access point.
Since I also wanted to make sure that any device authenticated to the wireless network in one building could move the second without having to enter another password, I also used WPA2-PSK encryption and the identical password. Now, you can connect once and move across the entire campus with no problem.