Does a wireless access point, or a switch, require an IP address?

Soldato
Joined
22 Dec 2008
Posts
10,369
Location
England
I have a suspicion that this is a stupid question. Hopefully that means a short, simple answer. The objective is to a combine a bridge/transparent firewall with an unmanaged switch / access point.

So, one machine running a dhcp server. This one definitely needs an IP.
A cable goes to a second machine, a firewall, which doesn't need an IP.
If another cable joins this firewall to an access point, to which various laptops connect, does the AP itself need an IP?

The appeal to a bridge firewall is that since it doesn't have an IP, it's rather difficult to attack it directly. I'd like to set up a small box with a wired nic, and a separate wireless nic, as an access point with basic firewalling rules built in. This is also possible. However I'd also like it to lack an IP, in order to make it difficult to compromise the AP itself in the same fashion as the transparent firewall.

Is this idea sound, if unusual?
Cheers
 
Last edited:
As these are bridging devices (layer 2) they dont need an ip to operate. however with no ip you will not be able to connect to the management interface to configure them.
 
As these are bridging devices (layer 2) they dont need an ip to operate. however with no ip you will not be able to connect to the management interface to configure them.

Yep. I've used an AP configured with an address in a completely different subnet to what the network was actually using and it worked perfectly. Obviously management wasn't accessible due to it being configured for a different subnet but there were no problems with wireless clients at all.
 
Er.. que?

Your AP will need an IP. A switch wont unless you intend to manage it. As per the last comment, "management wasnt accessible due to it being..." - if you can access it via one method you can access it via another.

Different subnets wont matter providing you have a route to it.

With regards to the OP; if you intend to use *anything* to perform a task such as routing beetween LAN/internet, LAN/LAN, LAN/Firewall/LAN, you will need that device and (for simplicity) all devices in the chain to have an IP address.
 
Wireless Routers*

Anything that routes needs an IP address. Networking 101. An ethernet switch deals with ethernet frames therefore does not need an IP address to function (Layer 2 switches that is).
 
Interesting. So there isn't really a consensus on this. I think the confusion is over terminology as much as anything else, e.g. a router cannot be put into AP mode unless you're misusing the term router.

As far as I know, an access point effectively is a switch. Everyone seems to agree that a switch doesn't need an IP unless you want to manage it. So if one doesn't want to manage the AP, it probably doesn't need one either.

In the interests of clarity, the hardware I have in mind has a serial port available for management. Since managing it over ssh would be a convenience rather than a necessity, I'd rather have the (possibly imaginary) improvement in security. Clearly I'll still have to worry about securing the dhcp router independent from this.

Please do correct me if I'm wrong. Cheers
 
Making management a pain in the arse under the banner of 'security' is stupid. If someone's already on your network then you've failed. Use strong passwords and disable HTTP interfaces if you have to, but I wouldn't go any further.
 
I've used routers as switches/AP before and they don't require an IP address once the DHCP is disabled. I'm currently using a Netgear router as an AP to expand wireless range. If you want to use it normally again you have to hard reset it.
 
Back
Top Bottom