Airport extreme in bridge mode and security

Question

Airport extreme in bridge mode and security

I updated the firmware on my airport extreme to 7.2.1 at which point wireless system at home stopped working - no internet or mail connection possible. (this by the way is the first time that the firmware update worked - previously the system asked me to update the firmware and it never managed to complete the task until yesterday) I talked to ATT (very friendly) and they suggested running the system under bridge mode. Setting the Westell modem to bridge mode was a bust, but setting the Airport extreme to bridge mode works. Now I am trying to understand what I have done. I am mostly worried that by invoking the bridge mode I have now bypassed any firewall in the Airport Extreme station I had in the past?

Before it seems that the Airport extreme base station connected to Bell South but handed out "internal" IP addresses to all our laptops. Now it seems that Bell South (or ATT) is assigning IP addresses to our laptops. That is based on the change in the IP address, which used to be similar to the one that is assigned to the Airport Extreme. (ending in 10.0.1.1) Now the IP address is based on our Bell South (ATT) IP address and we get one per computer. (I am not sure how this affects our printer, but we can print - so no problem there) The system now is configured to IPv4 and DHCP and the authentication in the wireless uses TTLS and PEAP ( I don't actually know what this means!) The security on Airport Extreme is set to WPA.

I should add that only in Bridge Mode (on the Airport Extreme) can I get this system to work. Is there another - better - way to do this that will work?

What I am looking for is really a step by step way to go through the Airport Utility to set up an Airport Extreme with Westell DSL to achieve a secure wireless system for my house. There are choices to be made as one goes through the set up and I am not sure we clicked on the right ones (or maybe by sheer luck we did). There is also the issue of the DSL password to connect to Bell South (ATT) How does this factor in.

I would appreciate any comments and help with this issue.

macbook, Mac OS X (10.5.1), Airport Extreme 7.2.1

Posted on Feb 17, 2008 10:20 AM

Reply

Answer 1

Henry B.

Level 9

78,731 points

Feb 17, 2008 10:41 AM in response to Hans-Conrad Zur Loye

I suggest you leave everything as it is right now - and here is why:

Previously, the Airport Base Station's router (as a side effect of the way NAT routers work) provided a sort of "firewall". Now, the Westell combo modem/router is doing exactly the same job as your Base Station did previously. Therefore, the net effect on "security" is exactly the same.

Your Westell combo modem/router is now handling the connection to Bell South's service, which includes the login process with the necessary password. Therefore, your Base Station no longer needs to do handle any of this.

Bottom line - your current wireless network and connection to the internet is every bit as "secure" as your previous setup was. All that has happened is that the establishment of a connection, and the router ("firewall") functions are now being looked after by your Westell modem/router and not your Base Station. For basic functions like these, the Westell modem/router is every bit as good as the Base Station.

Reply

Answer 2

Feb 17, 2008 3:30 PM in response to Henry B.

Thanks for your response. Other than upgrade the firmware, the hardware (airport and modem) has not changed. I am puzzled, therefore, why I cannot re-connect to the internet the way we used to (meaning with the same settings - . The Westell modem is not really a router - at least I don't think it is. It was given to us by Bellsouth to enable DSL service. The answer/explanation I am looking for is why ,in the airport utility set up, I now have to click on "bridge mode" rather than "share a single IP address using DHCP and NAT" which we did before and which is the default setting for the airport utility set up.

the next issue is the "I use DSL or cable modem with a static IP address or DHCP"
versus "I use DSL or cable modem using PPP over Ethernet (PPPoE)"

which of these pieces go together? the Airport set up is not really clear on this.

cheers HzL

Reply

Answer 3

Henry B.

Level 9

78,731 points

Feb 17, 2008 5:39 PM in response to Hans-Conrad Zur Loye

What is the model number of the Westell "modem" you were given?

I got the impression your connection is currently working just fine - in which case I'm not sure why you are still concerned with the configuration of your Base Station.

The choice of whether the Base Station needs to connect using DHCP or PPPoE is base on the following:

1. if the Base Station is directly connected to your ISP's DSL service via a basic modem, your ISP is the one who will tell you which connection mode you need to use.

2. if the Base Station is connected to your ISP's DSL service via a combo modem/router or what is sometimes referred to as a "gateway", then the Base Station should be configured to connect using DHCP and use "bridge mode".

Reply

Answer 4

Feb 17, 2008 6:47 PM in response to Henry B.

I checked and it says DSL2 + router. so now things make sense.

I think I just wanted to figure out what I spent 6 hours on yesterday til 1 am this morning.

thanks !

Reply