Configuring Your Access Point
If the existing network consists of a single
computer hooked directly to a cable or DSL modem, you should add
a broadband router before continuing. You’ll need a router to
share the connection between multiple computers, including
computers connecting via the wireless access point.
The one exception to this is if
all
your computers will
connect via a wireless connection and
your access point supports connection sharing (usually
via a combination of services called
NAT and DHCP). If your access point has two or more
Ethernet ports as well as wireless support,
then it almost certainly supports sharing. Check the
documentation to be sure.
Preparation
You can configure your wireless access point for
your network in many ways.To leave room in this book for more
projects, it’s assumed that you’re adding this new outdoor
access point to an existing network. This network already has a
working broadband connection connected via a broadband router
that provides facilities for sharing the connection between
multiple computers.
In geek speak, your network provides DHCP, NAT,
and gateway services.
Now it’s time to get the access point
configured. The steps are:
1.
Download the most recent
firmware file from the manufacturer’s Web site to your computer.
This has the latest bug fixes and it may not be on your
device already.
2.
Unplug the computer from
your network and plug it into your access point. Follow the
access point setup directions to access the
administrative interface via a Web browser.
3.
Skip the suggested
configuration steps and update the firmware using the file you
downloaded earlier. This option is
usually under a System or Tools menu. If you get stuck, see
the manufacturer’s Web site from where you downloaded the
firmware.
4.
Again connect to the
administrative interface via a browser. Now you can start the
configuration. The configuration
steps that follow require a few settings and decisions. Of
course you can change anything you
want later on, but after people start using the system some
things are easier to change than
others. See Figure 8-10 for an example of upgrading the firmware
on an access point.
Always perform the firmware upgrade through the
Ethernet port on the access point, not through the wireless
connection. A mis-applied firmware upgrade could result in
damage to the access point and a warranty replacement through
the manufacturer.
Access Point Password
It goes almost without saying that you should
always set a new password for your access point so people can’t
change the configuration and even disable or hijack it. Make
sure that you

change the password for the administrative user
(“admin” in most cases) and the user-level passwords, if
applicable.
SSID
Choose a unique SSID instead of the default that
comes with your access point. This reduces confusion for people
trying to use your system and allows you to easily identify your
system from other wireless signals you may find nearby.
It’s considered good form to provide an SSID
that allows someone to contact you if necessary. This is useful
if your new access point starts interfering with their signal.
You could use a Web site name or even an e-mail address. Or you
might use your house or apartment number with or without your
street name depending on your expected coverage area. Most
systems support SSIDs that are case-sensitive, are 2 to 32
characters long and include most common punctuation characters.
Some examples of SSIDs you could use are:
house922,
www.socalfreenet.org,
myname@fastmail.fm,
janewireless. Avoid mixing upper- and lowercase letters to
prevent configuration problems.
The SSID is essentially the personal address of
your access point. This is what people will see when setting up
their computer to get on your wireless network.
WEP
Wired Equivalent Privacy (WEP) was designed to
provide security for wireless networks. If you want to start a
debate amongst a group of wireless experts, ask them whether you
should use WEP on your wireless network.
Those against will say that WEP can be cracked
easily and will cite the seminal paper
www.isaac.cs.berkeley.edu/isaac/wep-faq.html
in their support and point
to one of
several readily available programs that automate
breaking a WEP key. Those in favor will say that enabling WEP
will stop most casual people from accessing your network and you
should turn it on as a matter of routine.
As is so often true, both sides are correct and
the right answer for your network is “it depends.”
Wireless security is a large topic that fills
entire books: How
Secure is Your Wireless Network?
by
Lee Barken is a good starting place.Wireless
Security End-to-End
by Brian Carter and
Russell Shumway is another good book on the subject.
The short answer is to leave WEP off unless you
have access to all the computers that will use your access
point. If you turn WEP on at your access point, you’ll need to
configure each wireless computer individually to use it. And no
one else will be able to use your network until their computer
is similarly configured—except the patient hacker running the
cracking tools of course.
For example, if you want to have an open access
point that others can share, leave WEP off. If you want to share
with a select group of neighbors, turn it on and then configure
each of their computers—and be prepared to reconfigure them when
they mess up the settings. If you do use WEP, also enable Media
Access Control (MAC) filtering on your access point (most of
them support it). It will require you to gather the unique MAC
address of every computer that will use your access point, but
you can do this when you’re setting up WEP on each of them. See
your access point manual for details.
Wireless LAN Security
Use good security practices whether you use WEP
or not. Here are some steps that will keep your data safe from
prying antennas:
Install a firewall on each wireless computer. Free firewalls are
available from
www.agnitum.com/
www.zonelabs.com/
You
may need to hunt around a little to avoid the paid versions,
though. This stops the spread of worms within your wireless LAN
and limits the damage if one does get loose.
Install anti-virus software and keep it updated. In addition to
the standard off-the-shelf products, consider smaller companies
like www.nod32.com that provide competitive bulk
licensing and yearly renewals if you call them
directly. Then as you help people get onto your wireless LAN,
you can offer them virus protection too. A comprehensive list of
products is available at
http://directory.google.com/Top/Computers/Security/Anti_Virus/Products/
Secure your e-mail. Well-known Web mail services like yahoo.com
and hotmail.com provide an optional
secure logon, but they don’t secure the messages. Consider
switching to a provider like
fastmail.fm that provides secure Web pages for all your
messages, just as your online bank
does. If you use an e-mail program, be sure to set the Advanced
settings to “This server requires a
secure connection (Secure Socket Layer or ‘SSL’)” (or similar)
for both outgoing and incoming
mail. If your e-mail provider doesn’t support SSL for e-mail,
switch to one that does (for example,
fastmail.fm
again).
When
you use Web sites with sensitive personal data, double-check
that they are in ‘secure mode’. Most Web browsers indicate this
with a lock icon of some sort, and the URL will
generally begin with
https://
instead of the usual
http://.
Surf
completely anonymously, if you care, by using a third-party-paid
service like
www.freedom.net
www.anonymizer.com
A good overview of these services is found at
www.webveil.com/matrix.html
and a general directory is available at
http://directory.google.com/Top/Computers/Internet/Proxies/
Wireless or not, continue to use good security
practices like choosing good passwords (a mix of characters and
symbols), not reusing the same password in multiple places, and
changing your passwords regularly. A good password helper
program like
www.roboform.com can
make this much easier to manage.
Channel
Your access point can operate on any of the 11
channels (plus a few more in some countries). However, each
channel actually overlaps with two or three channels on either
side. Thus only three distinct channels are actually available:
1, 6, and 11. However, recent research suggests that a scheme of
1, 4, 8, and 11 is a reasonable alternative.
Do a mini-war drive in the region your outdoor
access point will cover, as described in Chapter 6. Pay
particular attention to the channels used by any access points
you discover. Choose the least occupied channel for your access
point. When the access point is installed, you may need to
adjust the channel based on real-world usage. Fortunately, any
client computers using your SSID will automatically adjust, so
this is not as critical as, say, the SSID you choose or the WEP
key you set (if you enable WEP).
LAN Settings
When you first configure your access point, it
will be on a private LAN consisting of just your computer and
the access point, so the settings used don’t matter as long as
they’re compatible. However, when you add the access point to
your main LAN, it will need to have compatible settings so it is
accessible and doesn’t cause conflicts with other devices on the
network. The settings needed are:
IP
address: A unique address for the access point. Choose a number
that’s easy to remember and doesn’t
conflict with other devices. For example, many routers use the
range from 192.168.0.1 to 192.168.0.254, and often
reserve the first number,
192.168.0.1, or last number, 192.168.0.254, for their own
address. So you might choose
192.168.0.2 as the address for the access point.
Subnet mask: On most home networks, this will be set to
255.255.255.0.
Gateway: Usually the router acts as the gateway and the address
commonly ends in .1. Thus, 192.168.0.1 is a common setting.
DNS
server: This value is supplied by your Internet Service Provider
(ISP) so refer to their setup
instructions. Sometimes the router will forward or cache DNS
requests so it may be the same as
the gateway value. One way to
determine these settings is to find the same settings on a
computer on your network. Usually
the router supplies these settings automatically via Dynamic
Host Configuration Protocol (DHCP). On a Microsoft Windows
machine, you can find the value from a command prompt as
follows:
C:\>
ipconfig
/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : mike
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Intel(R)
PRO/100 S Desktop Adapter
Physical Address. . . . . . . . . :
00-02-B3-B7-xx-xx
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . :
192.168.1.199
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1,
66.80.131.5
Lease Obtained. . . . . . . . . . : Monday,
March 22, 2004 9:53:47 AM
Lease Expires . . . . . . . . . . : Monday, March 22, 2004
10:53:47 AM
Here you can deduce that Internet Protocol (IP)
addresses range from 192.168.1.1 to
192.168.1.254 with a subnet mask of
255.255.255.0. The gateway is 192.168.1.1, and the DNS
servers are both the gateway and an alternate of
66.80.131.5.
Configuration Example
The DWL-900AP
has a configuration wizard that guides you through the
installation. It is useful to skip the wizard and configure the
settings screen-by-screen to see some of the useful choices that
the wizard doesn’t offer and to see how to use them.We’ll walk
through these selections in this section.
Basic Wireless and LAN Settings
If the access point has several operating modes,
set it to “access point” (also called “infrastructure access
point”). Other modes are used in other wireless applications,
such as a wireless relay (see Chapter 9), or to connect to
another access point. Find the page in your access point to set
the SSID, channel, and often a name for the device (see Figure
8-11). The name is sometimes visible to client software, but is
mostly useful for maintaining multiple access points as it
sometimes gets confusing which one you’re editing when you have
several.
Be sure to save the wireless settings, and then
find the page to set the LAN settings you calculated. Select the
“Static IP Address” setting. If you choose “Dynamic IP Address,”
the access point will work when it’s plugged into your network,
but it will be hard to find it via the browser to administer it
as you won’t know what address to use! (See Figure 8-12.) After
you enter and save the LAN values, you’ll need to either adjust
your computer network settings to match, or plug both your
computer and the access point back into the LAN and continue the
configuration from there.
Setting Your Password and Saving the
Configuration
Be aware that your access point is live from
here on, so the next step is to change your password. The
browser address of the access point will now be the static IP
you entered (for example,
http://192.168.1.2).
If you can’t get back into the configuration of
your access point, you may need to reset it to the factory
default settings and start over. The instructions for this are
usually on the CD that came with the access point or on the
manufacturer’s Web site. The same steps are used if you forget
your password.
Change your administration password at the
appropriate page and then log back in to continue. At this
point, it’s useful to save your configuration settings. Most
access points allow you

to download the
settings to a file on your computer so you can easily restore
them later. As you now have the access point basically
configured and accessible from your network, it’s a good time to
save the settings. As you continue changing other settings, you
can save again (and again) to ensure you don’t miss anything.
Figure 8-13 shows the save-to-file setup page.
Saving your settings becomes even more important
if you turn on WEP and start using MAC filtering to protect your
network. It’s tedious to re-enter MAC addresses and key values
(and be sure to keep a backup copy).
Advanced Settings
Your access point will have a page of advanced
wireless settings somewhere that contains items like those shown
in Figure 8-14. Some are more useful than others:
Antenna
selector:
It’s important to set this if your access point has two
antennas, because you’ll only be using one. It isn’t always
clear whether left and right are while facing the
front or back of the access point, but the manual or
manufacturer’s Web site should clarify.
Speed (Tx/Basic Rate):
You can increase the range of your network by decreasing the
maximum allowed speed. In theory, it shouldn’t make any
difference because Wi-Fi should
automatically downgrade to a lower speed if the connection is
poor. In practice, it’s useful

to force everyone to a lower speed and save the overhead
of all the hunting around for the best speed. Note, though, that
you can significantly lower the maximum speed of your network
and reduce sharing among users, because now all transmissions
will take longer and everyone has to wait until each
transmission completes before getting a turn.
Authentication and SSID Broadcast
: If you use WEP, you can
change these two settings to Shared
Key and Disabled, respectively. These hide your system more
effectively from hackers. Sometimes
disabling the SSID Broadcast can cause problems with some client
adapters, so test this first.
Power: If there
are a lot of access points in your area, it’s good form to turn
down the power if all the computers
connecting to you are close by. This reduces interference to
other users. This is also a good security practice as it
makes your access point less visible
and your network harder to access from further away.
Experiment to find a reliable value.
If you’re in doubt about what the settings do,
change and test them one at a time. Be sure to save your
configuration changes so you can revert to a previous version if
something stops working.
Don’t be afraid to explore other settings. If
the supplied documentation doesn’t explain the settings
adequately, a Web search will quickly find more information.
When you’re all done, save the settings to disk,
power everything off, take a break, and then come back and do
one final test. If possible, find a computer that hasn’t had
wireless installed before, then add an adapter and ensure that
you can configure it to work with your access point. If you’re
using WEP and advanced security measures, this is especially
important, as some of the details are hard to get just right.
It’s much easier to work out what’s wrong with
all the pieces of the puzzle right in front of you, than when
half the gear is up a pole in the rain.