Hi, I'm currently using a Win XP SP3 PC connected to the internet using a Cisco ADSL modem physically connected via a network cable to the PC's network card (so no wireless). I bought a netbook that has WiFi that I plan to use in my home. So I also bought a Cisco WRT54GL wireless router. My plan is to keep the PC physically connected to the internet and the Netbook accessing ADSL via wireless. So the basic config would be:
- The ADSL signal cable going to the Cisco ADSL modem
- A network cable going from the Cisco ADSL modem to the Cisco Router
- A network cable going from the Cicso router to the PC
- The netbook accessing the internet via wireless using the router.
My question is:
1) When I'm not using the netbook, can I disable (or turn off) the routers wireless transmissions so that it acts only as a physical router? If so, how?
2) Will placing the router between the modem and the PC in the above described manner affect the internet speed (lower)?
3) Will the router (acting in physical mode only, i.e., no wireless) add an extra layer of security for the PC? Will I still need to keep the PC's installed software firewall (I'm using NIS2011)?
4) Does installing the router imply changing many of Windows' settings? Is it easy to revert back to the PC' original state if I ever decide to uninstall the router to the original config?
Thanks.

1) You can do that manually via the router's web interface; the wireless access point can be disabled when you're not using it. If security is your concern, there are multiple mechanisms you can configure to prevent unauthorized access, including MAC address based filtering. The access point also automatically adjusts its transmitting power based on the number and position of connected devices.

2) For the cabled devices no. Wireless devices will be limited to the access rate of the wireless standard used (also by half duplex).

3) Although it can't compare to a full featured stateful firewall solution, the router will keep your network behind a NAT, adding a layer of security.

4) No, you usually don't have to change anything. However, some applications will require the use of the port forwarding mechanism on the router to be able to listen to incoming connections.

quote:

---

Originally posted by mezzanine
1) You can do that manually via the router's web interface; the wireless access point can be disabled when you're not using it. If security is your concern, there are multiple mechanisms you can configure to prevent unauthorized access, including MAC address based filtering. The access point also automatically adjusts its transmitting power based on the number and position of connected devices.

---

If you really want to add as many possible layers as possible consider doing the following:
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

- Obviously even when your SSID isn't broadcasted it can still be detected (IE via NetStumbler)
- All devices these days support 802.11 G
- WPA2 I am not sure if it can be cracked yet but WPA can
- MAC's can be spoofed (they are unique between each device, the first few bits are identical between manufacturers) however guessing the exact MAC of your NIC is next to impossible.

quote:

---

Originally posted by matty
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

---

Straight from Microsoft: http://www.microsoft.com/security/online-privacy/passwords-create.aspx

quote:

---

Originally posted by Menthix

quote:

---

Originally posted by matty
- Do not broadcast your SSID
- Accept only 802.11 G connections
- Use WPA2 (AES+TKIP)
- Setup MAC address filtering on the wireless so that only trusted MAC addresses can connect

---

Of all those WPA2 WPA2 (AES+TKIP) is the only one really adding security. Others don't add much security for the reasons you already pointed out, although they don't hurt if you want to put up with the hassle. What matters most is your passkey. WPA2 can still be bruteforced, same rules apply as with a password:
- Non-dictionary
- Length
- Mixing types of characters

---

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

quote:

---

Originally posted by foaly

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

then again, if they can break WPA2, they will know how to get around all the other measures

---

quote:

---

Originally posted by matty

quote:

---

Originally posted by foaly

quote:

---

Originally posted by matty
The reason I suggested doing the aforementioned is because most people won't know how to get around it.

---

then again, if they can break WPA2, they will know how to get around all the other measures

---

I don't disagree with you, however I don't know if WPA2 has been cracked yet. I know WEP and WPA have been.

---

Does the WRT54GL router support WPA2? If not, will flashing the firmware with either Tomato or DD-WRT provide WPA2 suppport?

quote:

---

Originally posted by alegator
Does the WRT54GL router support WPA2? If not, will flashing the firmware with either Tomato or DD-WRT provide WPA2 suppport?

---

And if I flash the firmware say to any 3rd party (Tomato, etc), can I revert back to Cisco's factory firmware?

Usually. That is something to look for on the DD-WRT forums. I know with my old WRT54G it was possible.

quote:

---

Originally posted by alegator
And if I flash the firmware say to any 3rd party (Tomato, etc), can I revert back to Cisco's factory firmware?

---

quote:

---

Originally posted by alegator
So the basic config would be:
- The ADSL signal cable going to the Cisco ADSL modem
- A network cable going from the Cisco ADSL modem to the Cisco Router
- A network cable going from the Cicso router to the PC
- The netbook accessing the internet via wireless using the router.

---

quote:

---

Originally posted by SonicSam

quote:

---

Originally posted by alegator
And if I flash the firmware say to any 3rd party (Tomato, etc), can I revert back to Cisco's factory firmware?

---

Yes, just get the original firmware file (availalbe on the retail website as an "update" or something, .bin, .trx, whatever.

Tomato(USB) > DD-WRT.

---

quote:

---

Originally posted by Adeptus
One thing that no one so far has mentioned is that you should make sure your ADSL modem isn't already acting as a NAT router.  If it is and you stack another one behind it, you will have two stacked layers of NAT and it may appear to work at first.  However, you will have all sorts of problems with anything more complicated than basic web browsing with such a setup.  Router functionality in ADSL modems is not uncommon.

If you haven't changed anything yet, the easiest way to tell is to check what IP address your computer gets when directly connected to the modem.  If it is any of the following, the modem is doing NAT already:

192.168.*.*
172.16.*.* - 172.31.*.*
10.*.*.*

If you are getting an address in one of those ranges, you will want to either disable the router function in the modem (if you can) when you introduce your wireless router, or configure the wireless router differently. 

We will get to the details of that if needed. 

---

quote:

---

Originally posted by alegator
For the use I'm going to give to the router, is it worth it upgrading the firmware to a 3rd party? I mean, the wireless on/off switch is convenient, but I can also do it from the web browser with the factory installed one.

---

quote:

---

Originally posted by alegator
Thanks, I just checked the IP address but the first numbers do not coincide with any of the numbers that you mention, so should I disregard the modem acting as a NAT router?

---