I think I get what you're implying. As long as the router itself with its firewall + DNS + NAT, is secure from attacks by actors over there internet, the access point I will connect to it only needs to be secure against people within 100 feet of it.
My only concern here is configuring an access point to just be a dumb antenna that xmits/recvs and AES encrypts/decrypts ethernet packets from a handful of MAC addresses without doing NAT or any other additional processing of those packets. The concerns my OpenBSD buddies have about the software on ASUS routers is well-founded, but I don't think any of us is sufficiently versed in layer 2 security.
What's the extent of your expertise in layer 2? I would rest easy as long as my router and access point are not willy-nilly giving away my MAC addresses to fine institutions like this place.
My only concern here is configuring an access point to just be a dumb antenna that xmits/recvs and AES encrypts/decrypts ethernet packets from a handful of MAC addresses without doing NAT or any other additional processing of those packets. The concerns my OpenBSD buddies have about the software on ASUS routers is well-founded, but I don't think any of us is sufficiently versed in layer 2 security.
What's the extent of your expertise in layer 2? I would rest easy as long as my router and access point are not willy-nilly giving away my MAC addresses to fine institutions like this place.