networking - Transfer rates on wireless network?

The (wired) network I'm connecting to uses tunnelled TLS to authenticate clients.

I'm wondering if it's possible to get a router which can:

• NAT/firewall a local, wired network to the secured network.
• Share the secured connection wirelessly (segregated from the "local" network), but force the clients to authenticate themselves, rather than the router authenticating

My terminology is probably a little off, I've not done a lot of of networking before.

EDIT: RE: authentication, it's a university network; Without authenticating you appear to be locked into a walled garden which provides info on setting up the authentication:

• enable 802.1X security
• select "Tunnelled TLS" as the security method
• select a security certificate
• set "inner authentication" to PAP (on ubuntu this is the default so I assume it's usually standard)
• enter our network login details

After going through it in my mind I'm guessing that it should be possible as long as the router doesn't attempt to authenticate to the uni network?

I bought the WZR-HP-300NH and have been playing around with it today. After messing around with it and doing a bit of research it seems like what I wanted to do isn't possible.

I think in order to properly solve this problem you need to understand how these systems actually work to some degree in order to figure out what is failing, which then we know at what point we need to create a work around, it'll be a bit long so if you must you can skip to the end. Your Saying you want to have your computers auth while the router is doing NAT so lets start. first off when a properly connected computer goes to access data on the internet it sends out a request with it's own Internet Protocol address and the one of the remote host that has the information, it hops from one router to another to get there and then the host sends out a reply with it's address and the one for your computer that it got from the request the routers send it between networks until it gets back to yours and bammo you got mail or what ever else you where trying to do. The ip addresses must be unique across all the entire internet or there's no way of telling what data goes where. to show why imagine you made friends with someone you know lives somewhere in the us and he invited you to come see him, he tells you he lives in Grenville but gives you no indication of what state he is in, since all 50 states have a city called Grenville in them with out getting some other information there is no way to find the guy short of visiting all the states which is way to costly you need to add on the state name to make it unique so you can find what part of the county he's in. now here's the catch most people who get an internet connection only have one ip address on the internet yet they have several devices on at the same time. how does this work? Network Address Translation. this is where your router acts as the middle man between all of your devices and the internet in general, sending out the requests your computers makes on their behalf so thus the internet only sees one ip that of your router. But for this to work all requests being sent out of the router must have the routers ip address as the return address not your computer. as really its only the router that's connected to the other networks not your computer. So the router changes the "From" field on the request before relaying it so it gets back to the router, and then the router sends the reply back to the computer. the way it keeps separate what reply goes where is using port numbers, similar to port numbers on a apartment, when it's changing the "from" field it also as a "reply on port X" as well and then knows the next bunch of data it gets on port x is the reply to the request your computer made and then changes the to address from the routers ip to your computer's ip also changes the port to the one your computer said to reply on. and sends it back to your computer.

Now this means that in order for the router to do NAT not a bystander it's the part that's actually doing all the heavy lifting between your local network and the internet so there it's impossible for any router to be passive while it's doing NAT by definition. thus is why the router must be able to authenticate itself to the internet connection before it can do NAT.

My idea on how to fix the whole mess, especially since it sounds like the regular off the shelf routers can't do the kind of authentication needed for your campus network requires, would be to get a cheap computer with two network cards in it. (easy way to add the 2nd one would be with a usb Ethernet card you may have to order online or go to a electronics store to find it as you don't want a wireless usb card for this) and then use the windows internet connection sharing built right into the os or get some other program have your computer NAT the connection form card one to card two, then plug a ap or switch into card two and there you go.

From what I understand, it requires a Wireless Access Point

They can wirelessly authenticate with another wireless router.

(I don't think wireless routers can do it)

(Note- I think a wireless access point and wireless bridge are the same thing).

I got that note wrong. Maybe it's that a wireless access point is like a wireless switch.