INFO: Networking with a Wireless Access Point or Wireless Router
A wireless access point connects your local wired network with wireless clients. A wireless router performs the same function but allows you to share a connection to another network or the Internet with all of your local wired and wireless systems.
This is the typical configuration used for wireless hotspots that can be found in hotels, coffee shops, airports and other locations.
Before any client system can connect to a wireless router or access point, the router must be connected to the wired network and configured. You will usually find that most routers and access points are factory configured to automatically obtain an IP address and will make the wired network available as soon as they are powered on and connected. This makes it very easy to test your wireless connection right out of the box, but keep in mind, if it’s easy for you, then it is just as easy for anyone else that might be in range.
The first step with your new wireless router will be to connect a system so you can configure its settings. To do this, connect a cable between a system with a wired network adapter to one of the local area network connections. (The following steps are for Windows XP, but should be similar for other versions of Microsoft Windows. For other operating systems such as Linux, Linspire or Apple OS, check your help screens or documentation files for configuring a network.)
- Open your network connections, and right click on the (wired) local area network adapter and select "properties".
- Select TCP/IP from the list and click on properties. This should be set to "obtain an IP address automatically" since the router should be factory configured to provide one.
- Once this has been done, exit back to network connections and save any changes.
- In the Network connections window, double click on your network connection to display the status.
- In the Connection status list, you should see that you adapter has been assigned an IP address and gateway by the router. The Gateway address should be the address of your wireless router; it is this IP address you will use to check or change the router settings.
- Open a browser window and enter the gateway address in the address bar. A typical router might have an IP address of 192.168.1.1, in this case you would enter http://192.168.1.1 for the web address. When you press enter or the "Go" button, you should see the router’s password prompt or login screen. Check your documentation for how to proceed, since each vendor is slightly different. Some may have a user of "admin" or "root" with no password, others may have no user name, just a password.
To start, change your router’s SSID and set a password. Most of the other settings will not need to be changed until you are ready to start implementing security features on your network. I don’t recommend activating WEP, WPA or MAC address security features until you have successfully connected to your network. Once you know all your hardware works together, then you can turn on these features one at a time, making sure that the clients can continue to communicate at each step. If you activate them first, it makes it very difficult to troubleshoot communication problems. If you add additional clients later, you may need to disable these security features and then reactivate them one at a time using this same approach. The network names that show up in an "Available Wireless Networks" list are the name you entered for the SSID - all devices sharing a single network connection must have the same SSID entered. If you have a different SSID for your client, you will not connect to the wireless network until it matches what the router has (or other peer-to-peer clients.) If you need to increase the coverage area for your wireless network, such as you might want in a business environment, connect several access points throughout the building to the same wired network. All access points must have the same SSID, but should have unique transmit channels assigned, and unique network IP addresses. For example, if you have three access points on the network, you could assign local IP addresses of 192.168.1.1, 192.168.1.2, and 192.168.1.3. The IP address for the router or access point becomes the gateway address used by the wireless client.
The next step will be to configure your client system to connect to the wireless router. With Windows XP managing the connections, this should occur as soon as the hardware drivers for the wireless adapter have been loaded. Your alternative to having Windows manage the wireless network is to use the software that comes with the adapter. If you are using a notebook with built-in wireless, you may not have this option. If you have Windows XP Service Pack 2 (SP2) installed, an enhanced Wireless Networking wizard is available and can be easily accessed in a number of ways, including clicking on the Wireless Network icon in the Windows status bar; clicking on Network Connections or one of the configuration wizards in the Windows Control Panel; or accessing the network adapter properties for your adapter in Network Connections. With SP2 installed, choosing to "View Available Wireless Networks" opens the Wireless Network Connection wizard. This should show all available networks in the range of your system. To connect to your router, you should have to do little more than select the Network SSID from the list and click on "Connect". Since we have not enabled any security on the router yet, you will probably get a message box warning you that this network is not secure. If all works as it should you will be connected to your wireless router and to any wired network that it is connected to. Congratulations! You have also succeeded in creating a completely unsecured wireless connection, exposing your local network and/or Internet to anyone within wireless range...
If you don't have Service Pack 2, or for that matter - Windows XP, then you will probably have to use the wireless utility that comes with your adapter. Many of these are based on a common core utility so have similar choices and features for your connection settings.
The router menus will vary from manufacturer to manufacturer, but there should be some common features such as:
- Setting the SSID
- Setting the password
- Setting the wireless channel
- Enabling or Disabling WEP encryption and setting the level of encryption (i.e. 64 or 128-bit)
- Generate or enter WEP encryption key
- Restricting access by MAC address
- Assigning IP addresses or an address range
- Setting the local IP address range
- Setting the Wide Area Network address or automatically obtaining one
- Other enhanced security features may include:
- Enabling or disabling broadcast of the SSID
- Enabling WPA encryption
Security Tip: While most routers and access points require configuring through a physical cable connection, some will allow you access to the setup menus through the wireless connection. For this reason, you should make it a point to change both the name (SSID) and password for your router as the first order of business. Changing the name (SSID) helps identify your specific network, which is more of an issue if there are multiple Wireless networks in your business or immediate neighborhood. Changing the password helps prevent someone from granting themselves access to your network, changing your router settings, or worst-case, locking you out of your own equipment.
Setup Tip: WEP encryption codes can be entered as a hexadecimal string (numbers 0-9 letters a-f), or generated with a text-based pass-phrase. (The pass-phrase is used to create the hexadecimal string.) If the method to generate the string is not consistent between your different clients, you may need to copy the resulting hexadecimal string from one device and then paste or manually enter it into the rest of the network configuration boxes.
- Type your text string to generate the key on the first system
- Click on manual key to switch to the resulting hexadecimal code
- Copy this to a text file
- Cancel the WEP change (remember that your network is still insecure at this point)
- Save the text file to your shared folder where the other user can get it over the network
- Re-enable the WEP security on the both systems and the router, using the manual configuration with the same key you generated.
Windows XP Service Pack 2 Feature: The new Wireless Networking Wizard that is part of Windows XP Service Pack 2 includes a method of saving this configuration detail to a USB flash drive (or other storage media) to transfer the necessary settings to other XP SP2 systems.
Additional comments: Hiding your SSID can minimize unauthorized access to your router, but will not prevent it. Programs that monitor the data passing between your system and the router and can easily identify the SSID. Depending on your network settings, your system may be "searching" for the connection even when you are not nearby, transmitting this information even when you are not connected. Your system broadcasts the network SSID whenever you have your wireless configuration set to "connect, even when not in range."
WEP is considered to be a very simple, easy to break encryption. Computers using the appropriate (hacker) programs can break WEP security in just a few hours. WPK and other security protocols offer stronger protection, but whatever method you choose, all of your devices must support it. If you are mixing old and new computers, phones, or other wireless enabled devices, you may have no choice but to use one of the older, more vulnerable encryption modes. While this is better than not using any security, this would never be recommended for any business, or where you might be passing sensitive customer or credit information between wireless systems or exposing data files on the network. Failure to secure your customer information could expose you and your company not just to hackers, but to federal penalties as well.