EW-7206APg Wireless LAN Access Point - Routers

This is a discussion on EW-7206APg Wireless LAN Access Point - Routers ; Hi I recently bought this product and my query is regarding Fast Roaming Threshold option in advanced settings. I wanted to disable Broadcast ESSID and IAPP options, but when I clicked on apply it gave an error message about Fast ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: EW-7206APg Wireless LAN Access Point

  1. EW-7206APg Wireless LAN Access Point

    Hi

    I recently bought this product and my query is regarding Fast Roaming
    Threshold option in advanced settings.

    I wanted to disable Broadcast ESSID and IAPP options, but when I
    clicked on apply it gave an error message about Fast Roaming Threshold
    option. By default, this option is set to zero, but it has to be set
    between 10 to 90. I looked up in the online manual but couldn't find
    an entry about Fast Roaming Threshold.

    Could anyone please explain what Fast Roaming Threshold is and what is
    the recommended value for this option? I have a small home network
    with no more than three computers. Only one laptop is moved once or
    twice a day from one room to another.

    Thanks


  2. Re: EW-7206APg Wireless LAN Access Point

    On 1 May 2007 03:14:49 -0700, yousaf.hassan@gmail.com wrote in
    <1178014489.816253.63180@y5g2000hsa.googlegroups.co m>:

    >I recently bought this product and my query is regarding Fast Roaming
    >Threshold option in advanced settings.
    >
    >I wanted to disable Broadcast ESSID and IAPP options, but when I
    >clicked on apply it gave an error message about Fast Roaming Threshold
    >option. By default, this option is set to zero, but it has to be set
    >between 10 to 90. I looked up in the online manual but couldn't find
    >an entry about Fast Roaming Threshold.
    >
    >Could anyone please explain what Fast Roaming Threshold is and what is
    >the recommended value for this option? I have a small home network
    >with no more than three computers. Only one laptop is moved once or
    >twice a day from one room to another.


    Why would you want to disable Broadcast ESSID and IAPP options? That
    would add nothing to your security, and worse, just make problems more
    likely. The only thing that will really make you secure is WPA with a
    strong passphrase.

    --
    Best regards, FAQ for Wireless Internet:
    John Navas FAQ for Wi-Fi:
    Wi-Fi How To:
    Fixes to Wi-Fi Problems:

  3. Re: EW-7206APg Wireless LAN Access Point

    Thanks for your reply.

    Could you please explain why disabling ESSID broadcast would add
    nothing to security? The manual says:

    "If you enable "Broadcast ESSID", every wireless station located
    within the coverage of this access point can discover this access
    point easily. If you are building a public wireless network, enabling
    this feature is recommended. Disabling "Broadcast ESSID" can provide
    better security."

    My network is a private home network, so I want to disable it.

    As for IAPP, this is what the manual says:

    "If you enable "IAPP", the access point will automatically broadcast
    information of associated wireless stations to its neighbors. This
    will help wireless station roaming smoothly between access points. If
    you have more than one access points in your wireless LAN and wireless
    stations have roaming requirements, enabling this feature is
    recommended. Disabling "IAPP" can provide better security."

    I have only one access point, and my wireless stations do not have any
    roaming requirements. That's why I turned it off.

    As for encryption and security, both WPA (with a strong passphrase)
    and MAC access control are enabled.

    Could you also explain what Fast Roaming Threshold is? What value is
    recommended for this option? There is no mention in the manual for
    this!

    Regards
    Yousaf







  4. Re: EW-7206APg Wireless LAN Access Point

    On 1 May 2007 07:45:41 -0700, yousaf.hassan@gmail.com wrote in
    <1178030741.228389.72340@q75g2000hsh.googlegroups.c om>:

    >Could you please explain why disabling ESSID broadcast would add
    >nothing to security? The manual says:
    >
    >"If you enable "Broadcast ESSID", every wireless station located
    >within the coverage of this access point can discover this access
    >point easily. If you are building a public wireless network, enabling
    >this feature is recommended. Disabling "Broadcast ESSID" can provide
    >better security."


    That's just plain wrong, written by someone with no real knowledge of
    security. See

    * "The six dumbest ways to secure a wireless LAN
    (Wireless LAN security hall of shame)"


    * "Debunking the Myth of SSID Hiding" at

    .

    >My network is a private home network, so I want to disable it.


    All SSID hiding really accomplishes is making it harder for your
    legitimate neighbors to see your network, and thus more likely to jump
    on the same channel you're using, degrading your network with
    interference. It can also cause problems with some wireless adapters.

    >As for IAPP, this is what the manual says:
    >
    >"If you enable "IAPP", the access point will automatically broadcast
    >information of associated wireless stations to its neighbors. This
    >will help wireless station roaming smoothly between access points. If
    >you have more than one access points in your wireless LAN and wireless
    >stations have roaming requirements, enabling this feature is
    >recommended. Disabling "IAPP" can provide better security."


    Again, that's just plain wrong.

    >I have only one access point, and my wireless stations do not have any
    >roaming requirements. That's why I turned it off.
    >
    >As for encryption and security, both WPA (with a strong passphrase)
    >and MAC access control are enabled.


    MAC access control is likewise a bad idea. See first citation above.

    The _only_ thing that really works, and thus the _only_ thing you really
    need, is WPA with a strong passphrase.

    >Could you also explain what Fast Roaming Threshold is? What value is
    >recommended for this option? There is no mention in the manual for
    >this!


    Don't mess with defaults of advanced settings -- you'll only make things
    worse.

    --
    Best regards, FAQ for Wireless Internet:
    John Navas FAQ for Wi-Fi:
    Wi-Fi How To:
    Fixes to Wi-Fi Problems:

  5. Re: EW-7206APg Wireless LAN Access Point

    OK, I'll have a look at these articles.

    > >Could you also explain what Fast Roaming Threshold is? What value is
    > >recommended for this option? There is no mention in the manual for
    > >this!

    >
    > Don't mess with defaults of advanced settings -- you'll only make things
    > worse.


    So, you don't know what Fast Roaming Threshold is?

    Anyway, thanks again for your response.

    Regards
    Yousaf


  6. Re: EW-7206APg Wireless LAN Access Point

    On 1 May 2007 08:06:51 -0700, yousaf.hassan@gmail.com wrote in
    <1178032011.560243.157390@u30g2000hsc.googlegroups. com>:

    >OK, I'll have a look at these articles.


    How about before making any more posts? Likewise the wikis below.

    >> >Could you also explain what Fast Roaming Threshold is? What value is
    >> >recommended for this option? There is no mention in the manual for
    >> >this!

    >>
    >> Don't mess with defaults of advanced settings -- you'll only make things
    >> worse.

    >
    >So, you don't know what Fast Roaming Threshold is?


    Actually I do, your childish insinuation notwithstanding, and I know it
    has no relevance to your situation, which is why I didn't waste time
    going into it. You could know too if you spent your time checking (my
    citations, the wikis below, and searching with Google) instead of trying
    to insult those trying to help you. (I only put up with insults from
    people paying for the privilege, and even then not so much.)

    >Anyway, thanks again for your response.


    You have a curious way of expressing thanks.

    --
    Best regards, FAQ for Wireless Internet:
    John Navas FAQ for Wi-Fi:
    Wi-Fi How To:
    Fixes to Wi-Fi Problems:

  7. Re: EW-7206APg Wireless LAN Access Point

    > Actually I do, your childish insinuation notwithstanding, and I know it
    > has no relevance to your situation, which is why I didn't waste time
    > going into it. You could know too if you spent your time checking (my
    > citations, the wikis below, and searching with Google) instead of trying
    > to insult those trying to help you. (I only put up with insults from
    > people paying for the privilege, and even then not so much.)


    O dear! What a sensitive person you are! It was not my intention to
    insult you in anyway. It was a straightforward question. Before this
    post, I only found one article on this subject through Google:

    http://forums.wi-fiplanet.com/printt...p?t=6928&pp=15

    As you can see, people avoided this question throughout the thread. I
    just wanted to know if someone really knows what Fast Roaming Access
    means. Anyway, I'll find out.

    Thanks (without insinuations or undertones)

    Yousaf




  8. Re: EW-7206APg Wireless LAN Access Point

    yousaf.hassan@gmail.com hath wroth:

    >Thanks for your reply.
    >
    >Could you please explain why disabling ESSID broadcast would add
    >nothing to security? The manual says:
    >
    >"If you enable "Broadcast ESSID", every wireless station located
    >within the coverage of this access point can discover this access
    >point easily. If you are building a public wireless network, enabling
    >this feature is recommended. Disabling "Broadcast ESSID" can provide
    >better security."
    >
    >My network is a private home network, so I want to disable it.


    Security by obscurity is not a good idea. Anyone with a decent
    wireless sniffer (Kismet on Linux) can find your SSID. If someone
    were interested in breaking into your network, or sniffing the
    traffic, it is trivial to extract the SSID from a capture file.

    However, what hiding the SSID does is prevent neighbors and other
    users from easily detecting your system. If someone moves in next
    door, and sets up a network on your channel, both will get
    interference, but your system will not show up on their "site survey".

    Whether you decide to broadcast your SSID or not is entirely your
    decision. To a knowledgeable hacker, it is not a problem and will not
    slow them down in the slightest. To the neighboring systems, it's a
    common source of confusion.

    >As for IAPP, this is what the manual says:
    >
    >"If you enable "IAPP", the access point will automatically broadcast
    >information of associated wireless stations to its neighbors. This
    >will help wireless station roaming smoothly between access points. If
    >you have more than one access points in your wireless LAN and wireless
    >stations have roaming requirements, enabling this feature is
    >recommended. Disabling "IAPP" can provide better security."
    >
    >I have only one access point, and my wireless stations do not have any
    >roaming requirements. That's why I turned it off.


    It doesn't matter as IAPP requires that the neighboring access points
    MAC address be inscribed in the configuration files so that the
    roaming client can keep the same IP address and successfully
    re-authenticate with 802.1x from any access point in the system.
    Without multiple access points, IAPP is useless. On or off doesn't
    matter as it's not going to generate any traffic with only one access
    point in the system.

    >As for encryption and security, both WPA (with a strong passphrase)
    >and MAC access control are enabled.


    WPA is your primary security method. Avoid dictionary words in the
    passphrase.

    MAC address filtering has been somewhat of a problem for my customers.
    The problem is that someone shows up with a new computer or game
    machine and wants to connect. So, the owner has to dig into the AP or
    wireless router configuration in order to add the new device. After
    doing this about 5 times, I'm usually asked by the customer how to
    defeat this non-feature. It's also not a very useful security feature
    as MAC addresses are sent un-encrypted in 802.11 packets. They're
    there for everyone to see, no matter how much encryption you have
    configured. MAC addresses are also very easy to spoof.

    I wouldn't bother with MAC address filtering.

    >Could you also explain what Fast Roaming Threshold is? What value is
    >recommended for this option? There is no mention in the manual for
    >this!


    That's a bit complicated as there are multiple proposed
    implementations of fast roaming available.

    If I knew which one the Edimax EW-7206APg supported, I could possibly
    give a sane answer, but I'm late for lunch. Basically, it determines
    how aggressively the access point holds onto a connection. Usually,
    this is the responsibility of the client software, but 802.11r
    transfers the responsibility to the access point. What happens is
    that the access point try's to determine if the client is moving out
    of range and should roam to a different access point in the system.
    The threshold is probably related to some signal quality metric that
    determines if the access point should give up trying to stay connected
    and issue a disconnect message, which will cause the client to scan
    for a better connection. Again, it's only applicable if you have
    multiple access points in your WLAN system and should probably be left
    at the default value.

    Suggestion: Use WPA-2 to secure your network. Change the router
    config and guest passwords. Get a RADIUS server if you don't like
    shared WPA keys (probably overkill for a home system). Learn how to
    read the log files to check for anything funny. Never mind the other
    dumb ideas on securing your WLAN.

    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558

  9. Re: EW-7206APg Wireless LAN Access Point

    On Tue, 01 May 2007 10:25:21 -0700, Jeff Liebermann
    wrote in
    :

    >WPA is your primary security method.


    Good advice.

    >Avoid dictionary words in the passphrase.


    Not such good advice (IMnsHO at least).

    There's no need to avoid dictionary words given enough passphrase length
    -- it just means the passphrase needs to be longer (20+ characters) than
    with random characters (14+ characters).

    Like the downside of SSID hiding (the likelihood of increased
    interference from neighbors), not using words makes passphrases much
    harder to use, a disincentive and source of grief.

    Diceware words are a good
    way to build a strong but easy to use passphrase, and the Diceware
    Passphrase FAQ gives good advice on how many words are needed:

    I personally consider 6 words (20+ characters) sufficient for home users
    and even for most business users.

    >Suggestion: Use WPA-2 to secure your network.


    Overkill.

    >Change the router
    >config and guest passwords.


    Yes.

    >Get a RADIUS server if you don't like
    >shared WPA keys (probably overkill for a home system).


    Or more practically:
    * Get a ZyXEL G-2000 Plus, which has its own authentication server.

    * Use an external RADIUS service; e.g., Radiuz
    (free)

    >Learn how to
    >read the log files to check for anything funny.


    Beyond most users.

    >Never mind the other
    >dumb ideas on securing your WLAN.


    Yes.

    --
    Best regards, FAQ for Wireless Internet:
    John Navas FAQ for Wi-Fi:
    Wi-Fi How To:
    Fixes to Wi-Fi Problems:

  10. Re: EW-7206APg Wireless LAN Access Point

    Thanks, Jeff. I was just discussing the same issues with a friend of
    mine.

    Disabling the broadcast of SSID makes sense to me. Not that I am
    totally relying on this feature for my overall network security, I
    have WPA2 enabled for that. I feel that if my neighbour, a complete
    novice, turns on his laptop and sees my network, although he is unable
    to do any harm but he can let other people know that a network xyz
    exists. And by word of mouth it can reach a knowledgable hacker. For
    example, in my area everyone can see the network of the local council.
    This means that everyone knows there is a network there to hack into.
    I don't want anyone to know the existence of my wireless lan apart
    from a couple of machines that I use at home. Even if I have to
    sacrifice a bit of performance as a result.

    Totally understand your point on IAPP.

    Regarding MAC address filtering, my point of view is that even though
    it is easy to hack into but at least it is bit of an effort. Again,
    performance is not an issue here and I don't get too many people
    visiting me with their laptops every day.

    Thanks ever so much for explaining fast roaming.

    Regards
    Yousaf


  11. Re: EW-7206APg Wireless LAN Access Point

    On 1 May 2007 12:06:34 -0700, yousaf.hassan@gmail.com wrote in
    <1178046394.443935.103190@n76g2000hsh.googlegroups. com>:

    >Thanks, Jeff. I was just discussing the same issues with a friend of
    >mine.
    >
    >Disabling the broadcast of SSID makes sense to me.


    What makes you think your assessment is better than those of security
    experts?

    >Not that I am
    >totally relying on this feature for my overall network security, I
    >have WPA2 enabled for that. I feel that if my neighbour, a complete
    >novice, turns on his laptop and sees my network, although he is unable
    >to do any harm but he can let other people know that a network xyz
    >exists. And by word of mouth it can reach a knowledgable hacker.


    That's not something to actually worry about for at least two reasons:
    1. WPA2 with a strong passphrase will stop even a knowledgable hacker.
    2. Knowledgable hackers don't find networks that way -- they use tools
    able to find networks even with SSID broadcast turned off.

    >For
    >example, in my area everyone can see the network of the local council.
    >This means that everyone knows there is a network there to hack into.


    Irrelevant. Everyone knows where your house is. What stops them is
    whatever real security you have (locks, alarms), your neighbors, and the
    local police. Throwing a huge tarp over your house wouldn't help.

    >I don't want anyone to know the existence of my wireless lan apart
    >from a couple of machines that I use at home. Even if I have to
    >sacrifice a bit of performance as a result.


    The point is that the people who matter _will_ still know you have a
    wireless LAN. What the people who don't matter know is irrelevant, and
    it's likewise irrelevant what the people who matter know _if_ you have
    strong WPA security.

    >Regarding MAC address filtering, my point of view is that even though
    >it is easy to hack into but at least it is bit of an effort.


    It's actually no effort at all to those who matter.

    >Again,
    >performance is not an issue here and I don't get too many people
    >visiting me with their laptops every day.


    What may be an issue is forgetting what you've done, and somewhere down
    the road wasting hours or even days troubleshooting it. Before you say
    that won't happen to you, I'll tell you I've heard that claim lots of
    times from people that did then forget and had to get my help fixing
    their own problem.

    You're making bad judgements. The reasons are that you don't really
    understand the issues, and aren't willing to take the advice of experts
    that do. Unless you're going to take the time to learn and really
    understand the issues, you should rely on expert advice. Going against
    such advice is just sooner or later going to get you into trouble.

    --
    Best regards, FAQ for Wireless Internet:
    John Navas FAQ for Wi-Fi:
    Wi-Fi How To:
    Fixes to Wi-Fi Problems:

+ Reply to Thread