You might recall that some time ago, I wrote about the possibility of using alternative firmware in your wireless access points (APs). (See the article at the URL below.) I asked whether you'd like to have more information about such firmware. The positive response was tremendous, so this week, I begin a series covering alternative AP firmware.
http://www.windowsitpro.com/Article/ArticleID/47817/47817.html
You might want to use alternative firmware for many reasons, the most popular of which is to gain functionality not present in your particular APs. Using alternative firmware shouldn't be difficult for an experienced administrator, but some words of caution are in order.
Make absolutely certain that the firmware you choose works on your particular hardware. In some cases, you must examine the serial number on an AP to know this. Follow the installation instructions precisely, because any simple mistake could render your AP unrecoverable. Read any related forums regarding your AP firmware of choice before loading the firmware to learn about incompatibility problems with specific APs or other possible gotchas. And finally, keep in mind that using alternative firmware might void your manufacturer's warranty.
Any alternative firmware's support of a given router depends on the chipset used in that router. That is to say, if the firmware is designed to run on a particular chipset (such as a particular model from Broadcom) and your router uses that chipset, then the firmware might work on your router. But as I said earlier, check for specific compatibility (including your AP's model number and serial number) unless you want to experiment and can afford to risk rendering an AP completely useless.
The first alternative AP firmware that I want to make you aware of is DD-WRT, which is essentially a mini version of Linux designed specifically to support wireless APs. Because DD-WRT is based on Linux, many common tools available for Linux are either already integrated into the standard firmware package or can be added after installation, provided that your AP has enough free flash memory to store the tools and enough RAM to run them.
DD-WRT works on a variety of APs, including some models from ALLNET, Askey, ASUS, Belkin, Buffalo Technology, Linksys, Motorola, RAVO, and Siemens. For a complete list, view the DD-WRT wiki page at the first URL below and read the DD-WRT news for May 11 at the second URL.
http://www.dd-wrt.com/wiki/index.php?title=Installation#Supported_Devices
http://www.dd-wrt.com
One advantage of using DD-WRT is its support for Remote Authentication Dial-In User Service (RADIUS) authentication. This feature lets you consolidate Wi-Fi authentication to a centralized RADIUS server.
DD-WRT also comes with a Secure Shell (SSH) daemon, which can be very helpful. For example, you can use a standard SSH client to connect to the router to use its shell and available tools. If you travel and use open wireless networks, you can also use the SSH daemon to tunnel traffic securely when you're on the road. Doing so helps prevent snoops from obtaining sensitive information. See James Strassburg's blog at the URL below for a example of how to set up a secure tunnel by using DD-WRT and PuTTY.
http://jstrassburg.blogspot.com/2006/01/howto-tunneling-http-over-ssh-with-dd.html
Another useful feature of DD-WRT is the built-in PPTP client. You can use the client to connect your AP router directly to any VPN that supports PPTP. So for example, if you have remote offices with APs, you can use DD-WRT on one or more of those APs to connect the remote offices to your central office to access any necessary corporate resources. At the same time, you can configure DD-WRT so that traffic not destined for resources on the VPN goes directly to the Internet.
As you might expect, DD-WRT also supports SNMP for management and monitoring. Other advantages include a built-in Samba client, a firewall based on Linux ipchains, and Quality of Service (QoS) traffic-shaping capabilities. And finally, one notable advantage of using DD-WRT as opposed to some of the other alternative firmware packages is its Web management interface. The interface is well-designed and very easy to use, which of course makes administration easier.