In this topic, we describe the installation and configuration of your wireless home network’s access point. We explain how to set up and configure the access point so that it’s ready to communicate with any and all wireless devices in your home network.
Before Getting Started, Get Prepared
Setting up an AP does have some complicated steps where things can go wrong. You want to reduce the variables to as few as possible to make debugging any problems as easy as possible. Don’t try to do lots of different things all at once, such as buying a new PC, installing Windows Vista, and adding a router, an AP, and wireless clients. (Go ahead and laugh, but lots of people try this.) We recommend that you follow these steps:
1. Get your PC set up first on a stand-alone basis.
If you have a new computer system, it probably shouldn’t need much setup because it should be preconfigured when you buy it. If you have an older system, make sure that no major software problems exist before you begin. If you have to install a new operating system (OS), do it now. Bottom line: Get the PC working fine on its own so that you have no problems when you add functionality.
2. Add your dial-up or broadband Internet connection for that one PC.
Ensure that everything is working on your wired connection first. If you have a broadband modem, get it working on a direct connection to your PC first. If you’re using a dial-up connection, again, get that tested from your PC so that you know the account is active and works. Make sure you can surf the Web (go to a number of sites that you know work) to ascertain that the information is current (as opposed to coming from cache memory from earlier visits to the site).
3. Sharing a broadband or dial-up connection with a router, add your home network routing option.
This step entails shifting your connection from your PC to your router; your router will have instructions for doing that. After that’s working, make sure you can add another PC or other device, if you have one, by using the same instructions for your router. Make sure that your PC can connect to the Internet and that the two devices can see each other on the local area network. This action establishes that your logical connectivity among all your devices and the Internet is working. Because you may be installing an AP on an existing broadband or dial-up network, we’re covering the AP installation first.
4. Try adding wireless to the equation: Install your wireless AP and wireless NICs and disconnect the wired cable from each to see whether they work — one at a time is always simpler.
By now, any problems that occur can be isolated to your wireless connection. If you need to fall back on dialing into or logging on to your manufacturer’s Web site, you can always plug the wired connection in and do so.
If your AP is in an all-in-one cable modem/router/AP combo, that’s okay. Think about turning on the elements one at a time. If a wizard forces you to do it all at once, go ahead and follow the wizard’s steps; just recognize that if all goes wrong, you can reset the device to the factory settings and start over (it’s extreme, but usually saves time).
Setting Up the Access Point
Before you install and set up a wireless network interface adapter in one of your computers, you should first set up the wireless access point (also called a base station) that will facilitate communication between the various wireless devices on your network. In this section, we describe how to set up a typical AP.
Preparing to install a wireless AP
The procedure for installing and configuring most wireless APs is similar from one manufacturer to the next — but not exactly the same. You’re most likely to be successful if you locate the documentation for the AP you have chosen and follow its installation and configuration instructions carefully.
As we discuss in next topic, when deciding which AP to purchase, consider ease of setup. By far the easiest setup we have found is from Belkin. The Belkin N1 Vision has a simple CD-based installation. After its basic settings are in place, you can manage the router from the LCD screen on the front of it with little effort. Apple’s AirPort Extreme wireless routers have a similarly simple setup for Mac users (and include software for Windows only users as well).
Because having a network makes it easy to share an Internet connection, the best time to set up the AP for that purpose is during initial setup. In terms of setting up a shared Internet connection, you will already have a wired computer on your broadband (cable or DSL) or dial-up Internet connection. This is very helpful as a starting place for most AP installations because most of the information you need to set up your AP is already available on your computer. If you don’t have a wired computer on your Internet connection — that is, if this is the first computer you’re connecting — first collect any information (special login information, such as username or password) that your Internet service provider (ISP) has given you regarding using its services.
Before you begin plugging things in, make sure that you’ve done your research:
Ensure that your computer has a standard wired Ethernet connection.
Most AP configurations require wired access for their initial setup. An Ethernet port is normally found on the back of your computer; this port looks like a typical telephone jack, only a little bit wider. If you don’t have an Ethernet adapter, you should buy one and install it in your computer. Alternatively, if your computer has a Universal Serial Bus (USB) port (preferably USB 2.0, also known as USB High Speed), you can purchase an AP that connects to the USB port.
Very few APs have this USB interface, and almost all PCs now have an Ethernet port — so using USB to connect to your AP is extremely rare these days. We mention it just to cover all the bases.
Collect your ISP’s network information. You need to know the following information; if you don’t already know this stuff, ask the tech support folks at your ISP or check the support pages of the ISP’s Web site:
• Your Internet protocol (IP) address: This is the equivalent of your network’s phone number. Your IP address identifies your network on the Internet and enables communications. It’s always four 1- to 3-digit numbers separated by periods (125.65.24.129, for example).
• Your Domain Name System (DNS) or service, or server: This special service within your ISP’s network translates domain names into IP addresses. Domain names are the (relatively) plain English names for computers attached to the Internet. The Internet however, is based on IP addresses.
• Whether your ISP is delivering all this to you via Dynamic Host
Configuration Protocol (DHCP): In almost all cases, the Internet service you get at home uses DHCP, which means that a server (or computer) at your ISP’s network center automatically provides all the information listed in the preceding bullet, without you needing to enter anything manually. It’s a great thing!
In the vast majority of cases, your ISP does use DHCP, and you don’t have to worry about any of this information. If your service is Verizon’s FiOS, your ISP is delivering an Ethernet connection to a firewall box that may or may not have wireless already built in. Verizon gives you the access information to this box when it’s installed, and you can find all the information about your network connection from this box.
Collect the physical address of the network card used in your computer only if you’re already connected directly to a cable/DSL modem. Many ISPs used to use the physical address as a security check to ensure that the computer connecting to its network was the one paying for the service. Because of this security check, many AP manufacturers have added a feature called MAC address cloning to their routers. MAC address cloning allows home users to pay for only one connection from their ISP while having many devices able to get to the Internet. Most AP and Internet access devices available today permit you to change their physical addresses (Media Access Control [MAC] addresses) to match the physical address of your computer’s existing network card. How you do this varies from system to system, but typically you’ll see a list of MAC addresses (in a pull-down menu) for all devices connected to your AP. Simply select the MAC address you’re looking to clone and click the button labeled Clone MAC address (or something similar).
Because some providers still track individual machines by MAC address, it’s best to be prepared by writing down the MAC address of your computer’s NIC in case you need it. How will you know that your ISP is tracking MAC addresses? Well, unfortunately, it’s not always obvious — you might not see a big banner on the ISP’s Web site telling you that MAC address tracking is in effect. But if you switch from a direct connection to your PC to a Wi-Fi router connection and you can’t get online, MAC address tracking may indeed be the issue. The first step in troubleshooting such a problem is to unplug everything from the power supply (router/AP, broadband modem, and PC), and then turn it back on starting with the modem and slowly working your way back to the PC(s). If you’re still not getting online, call your ISP’s technical support line. If MAC tracking is the issue, you can get around it by cloning your PC’s MAC address in your router as discussed in the preceding paragraph.
Installing the AP
If you’re connecting your first computer with your ISP, the ISP should have supplied you with all the information we list in the preceding section except for the physical address of the network card (which isn’t needed if you aren’t already connected).
Before you install your wireless gear, buy a 100-foot Ethernet cable. If you’re installing your AP at a distance farther than that from your router or Internet-sharing PC, get a longer cable. Trust us: This advice comes with having done this a lot. You need a wired backup to your system to test devices and debug problems. To do that (unless you want to keep moving your gear around, which we don’t recommend), you need a long cable. Or two. Anyone with a home network should have extra cables, just like you have electrical extension cords around the house. You can get good-quality 100-foot CAT-5e/6 patch cables online at places like Deep Surplus (www.deepsurplus.com) or a host of other online retailers for around $15.
When you’re ready to do the AP installation, follow these steps:
1. Gather the necessary information for installing the AP (see the preceding bulleted list) by following these steps:
In Windows XP:
a. Choose StartOProgramsOAccessoriesOCommand Prompt.
This step brings up the command prompt window, which is a DOS screen.
b. Type IPCONFIG /ALL and then press Enter.
The information scrolls down the screen. Use the scroll bar to slide up to the top and write down the networking information we list earlier in this topic (physical address, IP address, default gateway, subnet mask, DNS servers) and whether DHCP is enabled. You use this information to configure the AP in Step 4.
In Windows Vista:
a. Choose StartONetworkONetwork and Sharing Center.
The Network and Sharing Center appears, which gives you access to all network adapters and their properties.
b. From the Network and Sharing Center, click the View Status link.
A pop-up status window appears with all the information you need.
2. Run the setup software that accompanies the AP or device containing your AP, like a wireless or Internet gateway.
The software probably starts when you insert its CD-ROM into the CD drive. In many cases, this software detects your Internet settings, which makes it much easier to configure the AP for Internet sharing and to configure the first computer on the network. For example, Figure 6-1 shows the Linksys Wireless-G Setup Wizard that accompanies the Linksys WAP54G Wireless-G Access Point, which is a wireless gateway from Linksys, a division of Cisco Systems, Inc.
If your computer is using Windows Vista, you will see a lot of security dialog box pop-ups. The enhanced security in Vista asks for your permission every time the installation software tries to do anything. As long as you have administration rights on your user account, you can keep saying yes to these security pop-ups and move through your AP setup. Be sure to look at the top left of the pop-up window so you know when you are saying yes to a security warning and when you are saying yes to the install. Even though Vista dims the rest of the screen when a security warning pops up, it is confusing with the number of pop-ups you can run into. Just read the top left of the window and you will always know what you are working in.
3. When you’re prompted by the setup software to connect the AP (see Figure 6-2), unplug the network cable that connects the broadband modem to your computer’s Ethernet port and plug this cable into the Ethernet port that’s marked WAN or Modem on your network’s cable or DSL router or Internet gateway.
Figure 6-1:
The Linksys Wireless-G Access Point Setup Wizard.
Figure 6-2:
It’s time to connect the AP or wireless router.
If you’re using an Internet or wireless gateway, run a CAT-5e/6 cable from one of its Ethernet ports to the computer on which you’re running the setup software. (CAT-5e/6 cable is a standard Ethernet cable or patch cord with what look like oversized phone jacks on each end. You can pick one up at any computer store or Radio Shack.)
If you’re using a separate AP and router (in other words, if your AP is not your router), you need to connect a CAT-5e/6 cable between the AP and one of the router’s Ethernet ports. Then connect another cable from another one of the router’s Ethernet ports to the computer on which you’re running the setup software.
Most new APs try to obtain an IP address automatically and configure themselves for you by choosing the channel and setting default parameters for everything else (see Figure 6-3). In most cases, you need to manually configure the security and some of the other information you collected in Step 1 (so have that information handy).
4. Record the following access point parameters:
• Service set identifier (SSID)
• Channel — if you’re using an 802.11n draft 2 AP, this should be set to Auto
• WEP key or WPA2 passphrase, if your system doesn’t use WPS
• Router pin, if your system does use WPS.
• Admin username and password
Figure 6-3:
What the AP can find on its own.
• MAC address
• Dynamic or static wide area network (WAN) IP address
• Local IP address
• Subnet mask
• PPPoE (Point-to-Point Protocol over Ethernet) — usually found on DSL connections, and rarely for cable modems
The preceding list covers the AP parameters you most often encounter and need to configure, but the list isn’t comprehensive. (Read more about them in the "Configuring AP parameters" subsection.) You need this information if you plan to follow the steps for modifying AP configuration, which we cover in the later section "Changing the AP Configuration." (What did you expect that section to be called?) Other settings you probably don’t need to change include the transmission rate (which normally adjusts automatically to give the best throughput), RTS/CTS protocol settings, the beacon interval, and the fragmentation threshold.
5. Complete the installation software, and you’re finished.
After you complete the AP setup process, you should have a working access point ready to communicate with another wireless device.
Configuring AP parameters
Here’s a little more meat on each of the access point parameters you captured in Step 4 of the preceding section.
Service set identifier (SSID): The SSID (sometimes called the network name, network ID, or service area) can be any alphanumeric string, including upper- and lowercase letters, up to 30 characters long. The AP manufacturer may set a default SSID at the factory, but you should change this setting. Assigning a unique SSID doesn’t add much security; nonetheless, establishing an identifier that’s different from the factory-supplied SSID makes it a little more difficult for intruders to access your wireless network. And, if you have a nearby neighbor with a wireless AP of the same type, you won’t get the two networks confused. When you configure wireless stations, you need to use the same SSID or network name that’s assigned to the AP. It’s also a good idea to turn off the SSID broadcast, a feature whereby the AP announces itself to the wireless world in general. Turning this off helps hide your AP from the bad guys who might want to hang off your network. However, hiding your SSID by no means absolutely hides your network (think of it as a mechanism for keeping out casual intruders to your network — dedicated intruders won’t be stopped by a hidden SSID).
Router PIN: This is the PIN number used for rapid implementation of network encryption and security using the WPS (Wi-Fi Protected Setup) system that many new APs include.
Channel: This is the radio channel over which the AP communicates. If you plan to use more than one AP in your home, you should assign a different channel (over which the AP communicates) for each AP to avoid signal interference. If your network uses the IEEE 802.11g protocols, eleven channels, which are set at 5 MHz intervals, are available in the United States. However, because the radio signals used by the IEEE 802.11g standard are spread across a 22 MHz-wide spectrum, you can only use as many as three channels (typically 1, 6, and 11) in a given wireless network. If you have an 802.11n draft 2.0 AP, you will want to have this set to Auto so that the AP and the wireless network card can switch between channels and use the ones with the least interference.
You can use other channels besides 1, 6, and 11 in an 802.11g network, but those three channels are the ones that are noninterfering. In other words, you could set up three APs near each other that use these channels and they wouldn’t cause any interference with each other.
If you’re setting up an 802.11a AP, or an 802.11n router that supports the 5 MHz frequency range, you have somewhere between 12 and 23 channels from which to choose (depending upon which country you live in). These channels don’t overlap (like the 2.4 GHz channels do), so you can use them all without interference, while you can use only three without interference in the 2.4 GHz band. If you operate only one AP, all that matters is that all wireless devices on your network be set to the same channel. If you operate several APs, give them as much frequency separation as possible to reduce the likelihood of mutual interference.
Most 802.11g access points, such as some from Linksys, default to Channel 6 as a starting point and detect other access points in the area so that you can determine which channel to use. 802.11n access points will dynamically switch channels and choose the channels with the least interference automatically, which is cool.
Most 802.11n APs available today use only the 2.4 GHz frequency range. They can use multiple channels in this range, switching dynamically between channels if they find too much interference. The 2.4 GHz range is also the same frequency as Bluetooth devices. All new 802.11n draft 2 APs have the option to work in a default mode, using only 20 MHz of bandwidth inside the 2.4 GHz channel space (a single channel), or they can use a combined pair of channels (providing 40 MHz of bandwidth). Using combined (or bonded) channels allows your 802.11n gear to reach greater data speeds and has the fringe benefit of helping your network avoid interference with Bluetooth devices. If you use a lot of Bluetooth devices around your computer — such as a Bluetooth headset, mouse, keyboard, and camera — make sure you are in combined mode so that your 802.11n connection does not affect your Bluetooth devices and vice versa.
When you have multiple access points set to the same channel, sometimes roaming doesn’t work when users move about the house, and the transmission of a single access point blocks all others that are within range. As a result, performance degrades significantly (you see this when your throughput, or speed of file and data transfers, decreases noticeably.) Use different, widely separated channels for 802.11g; because the 5 GHz 802.11a (and some 802.11n) channels are inherently not overlapping, you don’t have to worry about choosing widely separated channels in this case.
WPA2: Wi-Fi Protected Access (WPA2) is one of the best solutions in Wi-Fi security. Two versions of WPA are available:
• WPA2 Personal, or Pre-Shared Key (PSK), gives you a choice of two encryption methods: TKIP (Temporal Key Integrity Protocol), which utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers, and AES (Advanced Encryption System), which utilizes a symmetric 128-bit block data encryption. TKIP was the only system available in the first version of WPA; WPA2 added the ability to use AES, a stronger encryption system.
• WPA2 Enterprise, or RADIUS (Remote Authentication Dial-In User Service) utilizes a RADIUS server for authentication and the use of dynamic TKIP, AES, or WEP. RADIUS servers are specialized computer devices that do nothing but authenticate users and provide them with access to networks (or deny unauthorized users access). If you don’t know what a RADIUS server is all about, chances are good that you don’t have one.
WPA2 Enterprise is, frankly, overkill for the home environment and much more difficult to set up. We recommend that you use WPA2 Personal instead — it gets you 99 percent of the way there in terms of security and is much easier to set up and configure.
WEP keys: You should always use some security on your wireless network, and if your network cannot support WPA, you should use, at minimum, Wired Equivalent Privacy (WEP) encryption. Only a determined hacker with the proper equipment and software can crack the key. If you don’t use WEP or some other form of security, any nosy neighbor with a laptop, wireless PC Card, and range-extender antenna may be able to see and access your wireless home network. Whenever you use encryption, all wireless stations in your house attached to the wireless home network must use the same key. Sometimes the AP manufacturer assigns a default WEP key. Always assign a new key to avoid a security breach.
WPS: Wi-Fi Protected Security works with WPA2 and makes it considerably easier to set up WPA2 security on your network by automating the process. As we discuss in next topic, you can implement WPS in two ways:
• PIN code: You can turn on WPA2 by simply entering a PIN code printed on your Wi-Fi hardware (usually on a label).
• Pushbutton: You can press a button on your Wi-Fi router (a physical button or a virtual button on a screen on the router). When the button is pushed, your devices can automatically connect to the router and automatically configure WPA2 in 2 minutes. Simply push the button(s) and let things set themselves up with no further intervention.
Username and password: Configuration software may require that you enter a password to make changes to the AP setup. The manufacturer may provide a default username and password (see the user documentation). Use the default password when you first open the configuration pages, and then immediately change the password to avoid a security breach. (Note: This isn’t the same as the WPA2 shared key, which is also called a password by some user interfaces.) Make sure that you use a password you can remember and that you don’t have to write down. Writing down a password is the same as putting a sign on the equipment that says "Here’s how you hack into me." If you ever lose the password, you can always reset a device to its factory configuration and get back to the point where you took it out of the box.
MAC address: The Media Access Control (MAC) address is the physical address of the radio in the AP. This number is printed on a label attached to the device. You may need to know this value for troubleshooting, so write it down. The AP’s Ethernet (RJ-45) connection to the wired network also has a MAC address that’s different from the MAC address of the AP’s radio.
Dynamic or static wide area network (WAN) IP address: If your network is connected to the Internet, it must have an IP address assigned by your ISP. Most often, your ISP dynamically assigns this address. Your router or Internet gateway should be configured to accept an IP address dynamically assigned by a DHCP server. It’s possible, but unlikely, that your ISP will require a set (static) IP address.
Local IP address: In addition to a physical address (the MAC address), the AP also has its own network (IP) address. You need to know this IP address to access the configuration pages by using a Web browser. Refer to the product documentation to determine this IP address. In most cases, the IP address is 192.168.xxx.xxx, where xxx is between 1 and 254. It’s also possible that an AP could choose a default IP that’s in use by your cable or DSL router (or a computer that got its IP from the cable or DSL router’s DHCP server). Either way, if an IP conflict arises, you may have to keep the AP and cable or DSL routers on separate networks while configuring the AP.
Subnet mask: In most cases, this value is set at the factory to 255.255.255.0. If you’re using an IP addressing scheme of the type described in the preceding paragraph, 255.255.255.0 is the correct number to use. This number, together with the IP address, establishes the subnet on which this AP will reside. Network devices with addresses on the same subnet can communicate directly without the aid of a router. You really don’t need to understand how the numbering scheme works except to know that the AP and all the wireless devices that will access your wireless network must have the same subnet mask.
PPPoE: Many DSL ISPs still use Point-to-Point Protocol over Ethernet (PPPoE). The values you need to record are the username (or user ID) and password. The DSL provider uses PPPoE as a means of identifying and authorizing users.
Changing the AP Configuration
Each brand of AP has its own configuration software you can use to modify the AP’s settings. Some products provide several methods of configuration. The most common types of configuration tools for home and small-office APs are
Software-based: Some APs come with access point setup software you run on a workstation to set up the AP over a wireless connection, a USB cable, or an Ethernet cable. You don’t see this much any longer except in professional high-end equipment that needs remote management not meant to work over the local network. One big exception here is Apple’s AirPort Extreme, which uses software built into Apple’s OS X operating system (or a downloadable software client for Windows) instead of a Web-based configuration system.
Web-based: Most APs intended for home and small-office use have a series of HTML forms stored in firmware. You can access these forms by using a Web browser over a wireless connection or over a network cable to configure each AP. In many cases when you are setting up your AP, you simply open the Web browser on the machine you have connected to the wired port on the AP; the browser automatically takes you to the AP setup wizard. This is so much simpler than the old days of having to load software on your machine just to set up your AP.
To access your AP’s management pages with a Web browser, you need to know the local IP address for the AP. If you didn’t note the IP address when you initially set up the AP, refer to the AP’s user guide to find this address. It’s a number similar to 192.168.2.1. If you’re using an Internet gateway, you can also run ipconfig (Windows XP), or Network and Sharing Center (Windows Vista).The Internet gateway’s IP address is the same as the default gateway.
Some APs and wireless routers have their administrative and configuration Web page IP addresses printed on labels on the back or bottom of the AP. If yours doesn’t, we recommend that you get a label maker and print your own. There’s nothing worse than looking for the user manual at an inopportune time when you need to be online now!
Most APs use the first address available on the network, such as 192.168.2.1. Note the last digit is almost always 1 to show the first of a possible 254 addresses in that last position. If you can’t remember your AP’s IP address, you can use the methods mentioned earlier in this topic to get your computer’s IP address. This will give you the first three numbers, and just putting a 1 at the end will work most of the time. When you know the AP’s IP address, run your Web browser software, type the IP address on the Address line, and then press Enter or click the Go button. You will probably see a screen that requests a password. This password is the one you established during the initial setup for the purpose of preventing unauthorized individuals from making changes to your wireless AP’s configuration. After you enter the password, the AP utility displays an AP management screen. If you’re not using a Web-based tool, you need to open the application that you initially installed to make any changes.
You should also bookmark your AP’s configuration page in your Web browser for easier access in the future.
Within the AP’s management utility, you can modify all the AP’s settings, such as the SSID, channel, and WEP encryption key. The details of how to make these changes vary from manufacturer to manufacturer. Typically, the AP management utility also enables you to perform other AP management operations, such as resetting the AP, upgrading its firmware, and configuring any built-in firewall settings.
AP manufacturers periodically post software on their Web sites that you can use to update the AP’s firmware, which is stored in the circuitry inside the device. Many new APs have the ability to automatically update the firmware directly from the manufacturer’s site. We don’t recommend that you set this up because most of the time you are not going to need it, and upgrading firmware is serious business. If you decide to install a firmware upgrade, follow the provided instructions very carefully. Note: Do not turn off the AP or your computer while the update is taking place.
The best practice is to modify AP settings only from a computer that’s directly connected to the network or the AP by a network cable. If you must make changes over a wireless connection, think through the order that you will make changes; otherwise, you could orphan the client computer. For example, if you want to change the wireless network’s WPA2 key, change the key on the AP first and make sure that you write it down. As soon as you save the change to the AP, the wireless connection is effectively lost. No data passes between the client and the AP, so you can no longer access the AP over the wireless connection. To reestablish a useful connection, you must change the key on the client computer to the same key you entered on the AP.
