Linksys WAP11, SMC MC2655W and the Netgear ME102
Increasing RF power on Access Points using snmp commands.
Disclamer: Anything you do to your access point is at your own risk!
Check your laws for power output restrictions.
Please read this article before proceeding:
In my testing I used a Linksys WAP 11. These same commands may or may not
work with other brands. Before any of this worked I needed to upgrade my
firmware to 1.4g.5. It's likley that it will work with later versions but
I have not tested it. All the tcpdump output and snmp commands are done in
Linux. There are
ports of these programs in Windows as well.
Using the information from the above article I sniffed the snmp information
to set power in tcpdump. Note: the word "string" is the read/write snmp
15:50:28.641418 > 192.168.2.233.32770 > 192.168.2.2.snmp: C=string
Linksys default power settings from the above dump:
If we want to change these channels to the maximum power we use snmpset:
snmpset -On 192.168.2.2 string .220.127.116.11.4.1.410.1.1.8.8.0 x 8080808080808080808080808080
To verify that the Access Point accepted the snmpset we can do an snmpget:
snmpget -On 192.168.2.2 string .18.104.22.168.4.1.410.1.1.8.8.0
The correct result:
.22.214.171.124.4.1.410.1.1.8.8.0 = Hex: 80 80 80 80 80 80 80 80 80 80
80 80 80 80
To set it back to the default power settings:
snmpset -On 192.168.2.2 string .126.96.36.199.4.1.410.1.1.8.8.0 x c7c3bfbdbbbbbbb9b9b9b9b9b9b9
We can use the Netstumbler graphing
to see any difference in our signal. This is running on a laptop with a
Lucent/Orinoco card. The first graph is with the Access Point around 30
feet away in the same room. "X" marks the spot when the power was set to
The second graph is with the Access Point around 50 feet away, one floor
down in a wood frame building. "X" marks the spot when the power was set
Once you know the snmp OID you can use snmpset to change many settings in
the access point. For example. If we want to have snmp traps broadcast to
the local subnet First we sniff them with tcpdump. Enable traps:
15:50:45.931418 > 192.168.2.233.32770 > 192.168.2.2.snmp: C=string
Disable traps captured in tcpdump:
15:50:48.801418 > 192.168.2.233.32770 > 192.168.2.2.snmp: C=string
Then we know the parameters to enable and disable snmp traps using snmpset
snmpset 192.168.2.2 string .188.8.131.52.4.1.410.1.1.1.3.0 d 1
snmpset 192.168.2.2 string .184.108.40.206.4.1.410.1.1.1.3.0 d 2
Snmp traps could be used to monitor the MAC addresses of WLAN clients as
they associate themselves with an access point. Useful for security monitoring.
Pasadena Networks, LLC
See other articles:
Vacation War Driving.
War Driving in Southern
California. Almost 1,500 Access Points mapped from Los Angeles to San
War Driving the Rose Parade.
802.11b WLAN Resources.
WAP 11 Hack
Want to know when I write more articles about wireless networking?
Send me email to be notified.
Many wireless hardware and software Links: http://wireless.pasadena.net
All logos and trademarks in this site are property of their respective
owners. All the rest © 2001
Pasadena Networks, LLC