Configuring Wireless Networks for CompTIA Network+
Although wireless networking has been around a lot longer than most people know, it has only been in the last five years or so that the cost of wireless networking equipment has dropped significantly enough for the technology to be widely available in large enterprises, small companies, and even home networks. Today it is virtually impossible to find a populated area without numerous wireless network signals. Airports, train stations, and even hotels offer wireless Internet access to travelers, companies offer wireless access to mobile users within the organization, and wireless Internet access on cell phones has become a standard feature. Even despite the negative reputation of wireless network security, it is still increasing in popularity. Concerns about security have resulted in many administrators spending countless hours ensuring that these wireless network environments remain secure in order to reap the benefits offered by the technology’s wider coverage area as compared to a wired network which is limited by the length of the cable traditionally used with networked devices.
Accessing the Router
Once a new wireless router has been unpacked, need to make sure that you set the device up properly. Now the first portion of this process is pretty much the same as that taken with a typical wired device. This configuration is made by using the web browser of the local computer to initiate a connection to the router. In this document we will walk through the configuration of a typical Linksys wireless router. In this instance type the value http://192.168.1.1 and press enter. This is the typical factory default IP address used by Linksys. Once you access the router and use the default password you will find yourself looking at the typical WAN, LAN, and DHCP settings.
WAN (Wide Area Networking) Settings
This is the first place where you will make changes. The setup tab marked Basic Setup is where you will start. Here, setup the router to work with a public IP address provided by the service provider. This process can be done in one of four typical fashions:
- Automatic ConfigurationDHCPChoose this option to obtain an IP address automatically from your ISP. (For most cable modem users). Optionally key in a name for this router. The default MAC address is set to the WAN’s MAC address on the router.
- Static IP Choose this option to set static IP information provided to you by your ISP. You will required to type in all network information manually if select this option. This option is mostly used by business users. Lot of works if use this option, try to avoid this if possible.
- PPPoESame as PPPoE, This option is mostly used by DSL service users with provided username, password and IP information.
- PPTP Uses a control channel over and a GRE tunnel operating to encapsulate PPP packets.
LAN (Local Area Networking) Settings
Once you have made the necessary changes to the WAN settings, you will move to the LAN settings tab. Here you will set up the IP address of the router. This address is special because it will be used by all devices connected to the network using this router as the default gateway IP address. The default gateway address is the address used by a device to reach the public internet or devices in another network. In this example we will use the address 192.168.10.1 with a subnet mask of 255.255.255.0.
This configuration will necessitate the need to make changes to the router’s ability to dynamically assign addresses in the 192.168.10.0/24 address range to devices on the same network as the router’s LAN interfaces. This ability of the Linksys is part of the router’s DHCP service that runs by default. The DHCP server will dynamically begin to assigning address to devices on both the wired and wireless network. On the configuration page, specify the IP address to issue initially, as well as defining the number of addresses to lease, and the amount of time the lease will be considered valid once it is assigned to a device. A typical configuration for a home network would be to a maximum of 20 addresses, with lease duration of 1 day (specified with a value of 0 on most Linksys Routers).
The settings available under this configuration tab are the “wireless specific” configuration settings. These settings are characteristics unique to wireless, and are not available on wired only routers. These characteristic settings include:
- Wireless Network Mode3 wireless operating modes are supported on most devices we find today; 802.11b (B only), 802.11g (G only) or both (Mixed). If the value of Mixed is selected, that wireless clients with 802.11b or 802.11g wireless network adapters can join the network.
- Wireless Network Name (SSID) The SSID will be the network name of a wireless network and needs to be the same on all devices in the network. When wireless clients start up, they scan the wireless frequency band for special beacon frames that contain SSIDs sent by wireless routers or access points once this is done the client or supplicant will connect to the network that is preferred by user. (SSID is case-sensitive and must not exceed 32 alphanumeric characters. It is recommended to never use the factory default SSID due to security concerns.)
- Wireless Channel There are 13 wireless channels (1-13) supported on Linksys devices. All devices in a single wireless network must use the same channel in order to function correctly. It is also advised not to use the factory default wireless channel. Routers on the same channel, serving different networks can in effect cancel each other out.
- Wireless SSID BroadcastIf this feature is enabled, the router will broadcast an SSID in its beacon frames that can be detected by wireless clients on the network. As a general rule this feature is disabled as a security precaution.
Wireless Network Authentication
Unsecure networks exist where a wireless client can join a wireless a network without authentication, but this is considered the highest level of insecurity. It is advised that authentication be utilized on any wireless router at the time of deployment. Linksys routers support an array of authentication mechanisms. They currently employ support for legacy WEP and WPA/WPA2 authentication with a pre-shared key or RADIUS server. Most home users are not going to use advanced authentication features like RADIUS, so that leaves WEP, WPA personal or WPA2 personal security modes as viable options to protect the wireless domain. One important thing to note is that WPA/WPA2 features are only available on 802.11g routers, whereas WEP is the only authentication feature supported by 802.11b routers.
As a general rule it is considered best practice to use WPA personal or WPA2 personal mode if they are supported by your wireless adapters. You will need to supply a pre-shared key that will be used for authentication. Additionally, choose AES as the WPA or WPA2 algorithm.
WPA-enterprise or WPA2-enterprise requires a RADIUS server and do not rely on pre-shared keys.
802.11b standard network cards will require WEP and a passphrase with a 64 or 128 bit encryption.
The Group Key Renewal settings determines how often your group key changes.
Whether a wireless router or access-point is being deployed in a public area, your home, or in the secure environments found in workplace networks, the basic concepts are all the same. In fact, more often than not, the real differences boil down to the cost associated with the device being deployed. Needless to say, more expensive devices will provide more features, better tools for optimization, and more feature rich security enhancements. But despite the difference in cost the basic features and the rules employed to operate are all the same between any of these devices.