Setting Up the Network

Setting Up the Network

Configuring Your Network

Now, we get to the fun part! Up to this point, we've run the wires (and/or configured your wireless connections) and hooked the underlying network together to your switch, router and/or WAP. We have link lights (or the equivalent) on every wired and wireless device. (Right?) Even with all that, we so far have only provided a stable medium - for the wired network anyway - upon which the network can communicate. We (may) still need to configure each device on the network in order for them to listen to each other.

A wireless network has an additional step that a wired network does not. To connect to devices on a wired network, only the proper cable is required. A wireless network uses radio wave rather than a cable as the transmission medium. The wireless transceivers used in both the WAP and Wireless Ethernet Adapters must be configured before the standard configuration can be done. That's the topic of this and the next several sections.If you are trying to configure wireless network equipment - especially if the equipment is not from the same manufacturer - you may need to skip ahead to the section on the configuration of the wireless equipment.

Craig Prall

Using DHCP

Using DHCP

Using DHCP IP Address Assignment for Automatic Configuration

If you are using a router (as opposed to a standalone switch), it will probably have a Dynamic Host Control Protocol (DHCP) server to allocate IP addresses (using the DHCP protocol) to any Ethernet adapters (wired or wireless) that ask for one. This is the topic of this section. With such a router, you may have a working network as soon as it is cabled (or connected wirelessly).

If your network is connected together by a combination router/switch/WAP, the simplest way to set the IP addresses for the other devices on the network is to have them get their IP addresses using DHCP. The term "DHCP" stands for Dynamic Host Configuration Protocol. It is a network protocol that does pretty much just what it sounds like - it dynamically configures hosts (i.e., devices) on the network. Most routers include a built-in DHCP server, and it's usually turned on by default. If you are configuring a standalone network using only a switch, you probably don't have a DHCP server available and should skip to the section titled Fixed/Static IP (Manual) IP Assignment.

"DNS" stands for Domain Name Service. You can think of a DNS server as the Internet version of the phone book. The Internet works on IP addresses - that is, numbers. Since humans find numbers hard to recall, we use names like Therefore, we need a way to look up a name (like a person's name in the phone book) so that we can convert it to a number. It's the number we actually "dial" so that we can connect to another computing system. A DNS server does that conversion. Queried with a name, it will respond with the IP address it has associated with that name. If it doesn't know the name itself, it knows the IP addresses of a web of other DNS servers that it can ask. There's a lot more to it than that, but this short description will do for this section. Your ISP, if you are connecting to the Internet, will tell you the IP addresses of the DNS servers that they provide for your use. If you are creating a standalone network, you won't have a DNS server (unless you create your own) and you don't really need one.

When a device wants to connect to a network and wants to get its network settings dynamically using DHCP, it will broadcast a network-wide message (with its MAC address included, since that is the only unique number it has at that moment) asking for a DHCP server to lease it an IP address and other settings. If your WAP/router has a DHCP server and it is enabled, it will respond to the request with an IP address and other network settings like the network mask, network gateway IP address (which is usually the LAN IP address of the router itself since it is the gateway to the Internet) and the IP addresses of one or more DNS servers. It also includes the length of time that the DHCP server will reserve that IP address for that device. That is called the "lease" time of the DHCP request. Devices that are configured using DHCP are called "DHCP clients." If you have no DHCP server for your LAN or it is not turned on initially, you will have to set the IP addresses manually. A DHCP server is never required, but almost all home routers do have a DHCP server and they are quite convenient. If you are setting up a LAN without a shared broadband conenction, you may still want to consider including a router with a DHCP server just for this convenience. (There are cases, however when you want a particular computer to always have the same address. See the section Fixed/Static IP (Manual) IP Assignment for the discussion on that topic.)

I'd like to offer one word of caution here (because it's been done a number of times based on what I see on the networking forums). If you first buy a router without a WAP (or your ISP supplies you a router without one) and later wish to add a second router with a WAP (because the combo router/switch/WAP boxes are often cheaper than standalone WAPs), you will need to turn off the DHCP server on the new router (or at the very least configure it to serve a different range of IP addresses). If that is not done, which of the DHCP servers will answer a request for an IP address will be potentially random. This will result in machines on the network getting duplicate IP assignments if the two DHCP servers on the network assign an overlapping range of IP addresses.

Right-click on My Network Neighborhood

Setting an Ethernet adapter to use DHCP is very straightforward. The following example uses the Windows 2000 operating system, but the other Windows OSes are similar. First, right-click on the "My Network Neighborhood" icon on your PC's desktop. Choose the Properties menu item from the pop-up menu as shown here. In Vista, go to the Start menu and choose the Control Panel. In the Control Panel, choose Network and Sharing Center. From the Network and Sharing Center, choose Manage network connections from the list of tasks on the left.

This will bring up the Network and Dial-up Connections window as shown below. In Vista, this is called just "Network Connections." (Since I sometimes use my laptop with a wired network card and with a wireless card at other times, I renamed the wireless Ethernet adapter to "Netgear Wireless WG511T" so I know at a glance, which one I have plugged in. If you would like to rename your network adapter, left-click on its icon and choose "Rename" from the pop-up menu.)

Network and Dial-Up Connections

Left-click on the network adapter, which will usually be named something like "Local Area Connection" by default. This will bring up a pop-up menu. Choose Properties from that menu as shown here.

Picking Properties from the pop-up menu

This will bring up the Properties dialog for your Ethernet adapter. Select the Internet Protocol (TCP/IP) from the components list (you may have to scroll it to the bottom) and click on the Properties button. (Double-clicking the Internet Protocol (TCP/IP) line will have the same effect.)

Ethernet adapter properties dialog

The Internet Protocol (TCP/IP) Properties dialog box will appear as shown below. On that dialog and under the General tab (which is the only tab), choose the radio buttons to Obtain an IP address automatically (i.e., get an IP address from a DHCP server) and Obtain DNS server address automatically (i.e., also get those IP addresses from the DHCP server).

Ethernet adapter properties dialog

Click on the OK button. With Windows 2000, you sometimes have to reboot after making such a change. With Windows XP and Vista, you almost never need to reboot after changing the IP address. Repeat the above steps for your other wireless devices.

Ethernet adapter properties dialog

Repeat the above steps for your other networked devices.

Welcome back (if you had to reboot, that is). Now, it's time to see if we got what we expected. We should now have basic connectivity between all the connected devices and the WAP. We can check this using Test 4: Checking for Valid IP Address and Test 5: The Handy-Dandy LAN Ping Test. Try those tests now and then move on to the next section.

Craig Prall

Changing DHCP Server IP Assignment

Changing DHCP Server IP Assignment

Changing the DHCP Server's IP Assignment Range

By default (at least in the case of the Netgear WGT624), the full range of LAN IP addresses is given to the control of the DHCP server. That is, all the addresses from through (where is reserved by the router for its LAN IP address) are handed out by the DHCP to clients as they are requested. If we need to reserve some addresses for fixed IP assignment, we need to wrest a few of those away from the DHCP server's control. In order to do that, we need to change the configuration of the DHCP server in our router. As with anything dealing with changing the configuration of the router, first we log in.

Logging in to the Router

That will bring us to the first (Basic Settings) page. We need to go to the page where the DHCP settings are. On the Netgear WGT624, that is found on the LAN IP Setup page, so we click on that.

The router's Basic Settings page

The LAN IP Setup page is shown below. We click on the last text box on the Ending IP Address under the Use Router as DHCP Server section, so that we can change the value from 254.

The router's LAN IP Setup page

For the example shown below, we change the Ending IP Address to 49. That means your DHCP server will hand out IP addresses from through, inclusive or 48 addresses in total. That should be enough for most home networks, but you can always bump it up later. These IP addresses are only given to devices attached that ask for automatic configuration - that is, devices that act as DHCP clients. You'll also notice a setting for the IP Subnet Mask on the page below. That will also be given to your client as well as the Domain Name Server (DNS) Addresses (if any), which on this router are found near the bottom of the Basic Settings page.

Updated DCHP IP address range

When you have the configuration numbers set the way you want, press the Apply button. If the machine you configured the router from happens to also be one of those DHCP clients, an interesting thing may or may not occur at this point. You may loose your connectivity to the network. The basic troubleshooting from Test 4: Checking for a Valid IP Address is to check to see if you have a valid IP address. Sometimes when you are fooling around with the DHCP Server settings and you are a DHCP client, you'll find yourself with no IP address after you apply the change. This state is shown in the first ipconfig command's results below. The situation is (usually) easily recoverable. Just as the DHCP server for a new IP address. Just type in the command ipconfig /renew as shown in the bottom half of the screen below and the DHCP server should give you a new IP address. The renew option will make your machine send out a DHCP request for a new IP.

Lost DHCP address and ipconfig /renew to recover

I haven't determined what causes the loss of the IP address you already had, and it doesn't happen every time the DHCP server's settings are changed. (At least, not in my experience.) It's a mystery. Oooh!

Craig Prall

Changing the Router's Internal Network

Changing the Router's Internal Network

Changing the Router's LAN (Internal) Network Number

This section is totally optional and used for fixed (static) as well as when DHCP is being used for IP assignment. If you're brand new to home networking, I suggest skimming it for now, but not actually performing the changes. You may want to come back to it later when you are more comfortable with your home network. Also, if you add a second (or third) router to your network, you will likely have to perform the changes given here.

Warning! Warning! Danger, Will Robinson!
Try to be careful and get this right on the first try if at all possible. If you get the settings in an inconsistent state, you may be forced to reset your router back to the factory defaults (using the reset button) in order to recover it to a state in which you can talk to it again.

You can also change the LAN's network number - which is the beginning portion of all the devices on your LAN. We're going to stick with 192.168 as the beginning two "octets" of the IP address. There are other valid values for that part, but we'll leave that discussion as an exercise for the reader. To change the network number of your LAN, first login to the router, and then click on the LAN IP menu. (This will be different for a different brand of router.)

The router's LAN IP Setup page

The original settings on the Netgear WGT624, as shown below, have the LAN IP address set to (Linksys uses as their default.)

Original LAN IP address

In our example, we'll change the network number from 192.168.0 to 192.168.4. Change the third field of the LAN TCP/IP Setup, IP Address from 0 to 4. The new gateway address for the devices inside your LAN will be You also need to change the IP addresses that the DHCP server is lending out to be in the same network - namely, the 192.168.4 network. To do this, change the third fields in both Starting IP Address and Ending IP Address to match the setting for the LAN IP Address, which in our example is 4. When you've set those three fields, the result should look like the screen below.

New LAN IP address

Once you press the Apply button, your network number will be changed. You many need to issue an ipconfig /renew command in a Command Prompt window (See the example in the section Changing the DHCP Server's IP Assignment Range.) so that the devices that are DHCP clients get a new address in the new network number's range. (For devices like an Xbox 360, you may have to cycle power to get them to lease a new IP address on the new network.) If you have set any IP addresses manually (i.e., Fixed or Static IP addresses as explained in the next section), you also get the pleasure of resetting them manually. (The same is true if you've set any firewall rules for machines at a fixed IP address.) We talk about fixed (or static or manual) IP address assignment in the next section.

Craig Prall

Fixed/Static IP (Manual IP) Assignment

Fixed/Static IP (Manual IP) Assignment

Fixed/Static IP (Manual IP) Assignment

Picture of a hand holding a bolt as in 'bolt it down'

Technically, you don't need a DHCP server anywhere on your network; it's just a convenience. You can manually assign the addresses of all the devices on the network. In the beginning of TCP/IP networking, there were no DHCP servers and no DHCP protocol. All device addresses were set manually. There's a bit of comfort in having complete, manual control over your network's configuration. Still, using fixed IP addresses can be a bit of a chore if you change your network very often. While that's less typical in most home networks (excluding at least my own home network), it's very typical in offices as employees move, projects add/remove hardware, etc.

If you are setting up a Local Area Network using only a switch (and no router) to connect the network together, your only option (short of installing a DHCP server on one of the networked computers) is using fixed IP addresses. It's also very typical, even if you are using DHCP, to reserve some portion of the IP address space on your network for devices that need a fixed IP address that will be reserved for that device "permanently." A very common reason you'll need this is to be able to set up firewall rules necessary to let some online games work. That is, you will set up a rule in your router's firewall to allow certain types of network traffic to pass through to a particular machine by specifying the IP address of that machine. It's desirable that the machine's IP address doesn't change over time so that you don't have to periodically edit the rule(s) to match. However, when a machine uses DHCP, there's no way to guarantee its IP address won't change; in fact, it's pretty certain that it will at some point. In this case, giving that machine a fixed IP address is the way to go. (I'll use the terms "static," "fixed," and "manual" interchangeably in this section.) Another common device to give a fixed IP address is a networked printer. Many of the printer drivers installed on computers will have trouble locating a printer if it's IP address changes. It's best to assign a fixed IP address to a networked printer.

In the section Changing the DHCP Server's IP Assignment Range, we configured the router to use only part of our internal LAN IP address space. In that example, is reserved for the router itself to use, so that we have a fixed gateway address. The DHCP server hands out addresses from through, inclusive. What happens to the rest of the network addresses - those from through ( is reserved for network broadcast messages.) The answer is "Anything we want." Those addresses have been made available for fixed IP address assignment for those devices that need such a thing. All we need to do is make sure we don't reuse an IP address more than once and that the ones we choose to be fixed are outside of range of DHCP server, but still on the same network.

Right-click on My Network Neighborhood

Setting a static IP address for an Ethernet adapter is a variation on setting up the DHCP configuration. On the machine that we wish to give a fixed address, we start by opening up the network properties by right-clicking on My Network Places (or Network Neighborhood) and choosing Properties from the pop-up menu.

Next, we pick our Ethernet adapter from the list. (Here, I've renamed my wireless adapter to "Netgear Wireless WG511T." By default, yours will probably be named "Local Area Connection.") Right-click on the adapter name and pick Properties from the pop-up menu. (Alternatively, you can double-click on the adapter's name and press the Properties button from the Local Area Connection Status dialog. [Not shown here.])

Picking Properties from the pop-up menu

From the Properties dialog for your Ethernet adapter (as shown below), pick the Internet Protocol (TCP/IP) entry from the components list and click on the Properties button. (Double-clicking on the Internet Protocol (TCP/IP) component name yields the same result.)

Ethernet adapter properties dialog

If you have been using DHCP prior to this or the Ethernet adapter is still set at the default settings, your Internet Protocol (TCP/IP) Properties dialog will probably look like the one below.

Ethernet adapter properties dialog

What we want is to specify a particular IP address for our adapter. To do this, click on the Use the following IP address radio button. That will enable the IP address, Subnet mask, and Default gateway text fields. It will also enable the Preferred DNS server and Alternate DNS server text fields and disable the Obtain DNS server address automatically radio button. (See the following screen.)

Use the following IP address dialog

Enter the IP address you've chosen for this Ethernet adapter into the IP address text area. In the example below, was chosen. Place your cursor before the first period and type "192" into the first text area of the IP address. Because 192 fills up the area, the cursor automatically advances to the second text area. Type "168" into that text area and the cursor will automatically advance again. Next, type "0" into the third text area. This time, the cursor does not automatically advance because 0 does not fill the (three character) area. Press either the right arrow or press the period key to advance to the next and final IP address field. Finally, type "100" into the fourth IP address field.

Manually set a new IP address

Press the tab key to move to the Subnet mask text area. Without explanation, I'm just going to tell you to type "255," "255," "255" and "0" into the text fields. (The cursor will automatically advance on the first three.) Exactly what the subnet mask does is beyond the scope needed for setting up a small network. Search for subnet mask if you wish to know more.)

The Default gateway is set to the IP address that is reserved for the router on the network. The example below assumes we have not changed the default and "" is entered using the same entry method as for the IP address.

The values for the Preferred DNS server and Alternate DNS server are generally given to you by your ISP provider if you are setting up a Broadband Connection Sharing network. These will be the IP addresses of the DNS servers they provide for your use. If your router uses DHCP to get an IP address from your ISP (in the same way that your DHCP clients get IP addresses on the internal LAN from your router), the DHCP response will include the preferred DNS servers. Therefore, you should be able to look at the basic network settings screen of your router to see what addresses to copy to the fields below. If you are setting up a LAN, you can leave these entries blank.

Once these entries are completed in a manner similar to the one above, click on the OK button. The typical response is that the Window takes a few several seconds or a minute to close. (On older Windows operating systems prior to XP, you will be asked to reboot. Do so if asked and continue from this spot.) If you see a warning message similar to the one below, it means you have accidentally assigned the same fixed address to two (or more) networked devices. Change one of the IP addresses so that each machine has a unique one. Typically, the other machine at that IP address will display a message that some other device is attempting to use its IP address.

Duplicate IP address dialog box

That's it for setting a fixed IP address.

Craig Prall

Configuring Wireless

Configuring Wireless

Configuring the Wireless Access Point and Wireless Ethernet Adapters

If your ISP provided you with a router that has wireless networking capabilities that you don't plan to use, that capability should still be managed. Either go through this section to set up the wireless portion of the router or disable the wireless capability (so that it can't be used by others without your awareness). See Disabling an Unused Wireless Network.

Once you have decided on the wireless equipment you will use, the next hurdle to overcome is configuring equipment to work together. With a wired network, there is no configuration of this sort. We can plug almost any cable into any hub, switch, router, or Ethernet adapter and be fairly certain a link will be established between the two devices. With wireless networking, this is not (yet) true. The radio medium must be configured before the equipment will exchange any data with each other, and this must be completed correctly before the network configuration can be completed (which was discussed in Configuring Your Network).

The specific WAP used as an example here is a NetGear WGT624-V2 combination router (with firewall), 4-port 10/100 switch, and 802.11g (54 Mbps) wireless access point. Is also features Netgear's proprietary 108 Mbps Super G technology, which supports data rates at up to twice the standard 802.11g (according to Netgear) when used with Netgear wireless Ethernet adapters with Super G technology. The wireless Ethernet adapter used is Netgear's WG511T wireless 802.11g Ethernet adapter with Super G technology. While there will be similarities, other manufacturer's installation and setup will differ somewhat from what is shown here. However, the goals of these operations are the same. Different models of wireless equipment from the same manufacturer have also different installation programs and procedures. The user's guide for the devices you purchase should have the specific information you need. For the rest of this section, the term "WAP" will be used to describe both dedicated WAP devices and combination devices unless we need to distinguish between the two. Before we go into how to set the items, let's take a look at the items we will need to set.

There are a large number of variables that can be set, but only a few of them must be set when establishing the radio connection. The first is to decide on the channel to be used. In 802.11b and g networks, the network transmits in the 2.4 GHz frequency band. However, there are multiple specific frequencies (channels) in that band that are available. The number and exact frequencies used vary depending on the country you live in. In the U.S., there are 11 channels numbered 1 through 11. This is one way that several discrete wireless LANs can be established in the same physical location. If you live in a dorm or townhouse environment and someone else purchases wireless equipment from the same manufacturer, the two radio transmissions will interfere with each other if they are both left at the defaults. If the default channel number for the WLAN is 6, you could decide to use channel 3 instead. That way, you can both have WLANs with overlapping operational ranges, but they won't interfere with each other. (If your neighbor has left his WLAN at the manufacturer's defaults and doesn't want to touch anything in case they "break it," you may have to get them to shut their WAP off until you get yours configured to not interfere.)

The second variable is the Server Set-Identification or SSID. This is the name of the WLAN assigned by the WAP. It is fairly arbitrary and you should feel free to give it a name you find easy to remember. Linksys WAPs like to use "linksys" or "wireless" as the default SSID. Netgear seems to use "NETGEAR." This isn't guaranteed by any means, and the manual that comes with the WAP will identify what the default channel and SSID is. (It is sometimes printed somewhere on the WAP itself as well.) Technically, two (or more) WLANs operating on the same channel, but using different SSIDs can also to co-exist, but the transceivers on all the WAPs and wireless Ethernet adapters will see all the WLAN traffic. They will ignore the traffic without the proper SSID. However, if the WAPs are operating on different frequencies, they will have less radio traffic to inspect, and the throughput will be higher. If you know you have a neighbor operating a wireless LAN, you should find out what channel they are using and pick a different one if possible. (One caveat: if you decide to use Netgear's proprietary Super G 108 Mbps speed, only channel 6 can be selected. Therefore, a different SSID would have to be use to differentiate two Netgear WAPs if both are using the Super G mode.)

A third variable is the encryption settings, which we will leave for later. Using a secret key you choose for your network, all traffic will be encrypted at a level that will make it unreadable by others with a wireless Ethernet adapter if they happen to come in the transmission range of your WAP. Most WAPs come with the encryption disabled (although some come with it enabled and with a initial, random secret key printed on the WAP). While this aids in the initial setup of the WLAN (by removing one of the variables to contend with), it's not how you want to operate normally. We'll leave it disabled for now until we get the basic network up and going. In practice, you do not want to operate your WLAN without some form of encryption.

Some WAPs (especially standalone models that are only WAPs) come with software programs that let you configure the WAP over a USB or network connection without the need to set up the IP addresses. The methods described in this section should work for most WAPs.

Most WAPs can be (or must be) configured using a web browser like Internet Explorer. The WAP has a built-in, specialized web server used for configuration. Rather than browsing to a well-known URL like, you instead browse to the internal LAN address of the WAP. For the Linksys WRT54G and most other Linksys combination devices, that address is by default, so is the address of the main configuration page. For the Linksys WAP54G, on the other hand, the default IP address is The user's guide for your WAP will give the default IP address.

Graphic of chicken and egg

Here, we find ourselves in another chicken and egg situation. We would like to change the default settings of the WAP's channel and SSID. However, in order to do that with a wireless Ethernet adapter, we have to first talk to the WAP's configuration web pages using its default configuration. We will also need to configure the Ethernet adapter to have an IP address on the WAP's default LAN, which is a topic we really don't formally tackle until after the wireless radio medium configuration is completed. We have to do this in order to be able to contact the WAP, so that we can tell it what changes we want to make. (Note: If we are setting up a combination router/firewall/switch/WAP, this can also be done using a wired Ethernet adapter connected to one of the LAN ports on the switch portion of the box. However, this section will go over the general case that works for both standalone WAPs and combination router/WAPs.)

Set the Wireless Ethernet Adapter's Channel and SSID to the WAP's Defaults

First, we need to set the default SSID in the wireless Ethernet adapter to match the default SSID of the WAP in order for the Ethernet adapter to be able to communicate with the WAP for the rest of the configuration. If you purchased your WAP and Ethernet adapter from the same manufacturer and they are complimentary models, the SSID of the adapter may already be set to match the WAP's SSID. If this is so, you can skip to the next section.

We change the SSID used by the wireless Ethernet adapter using the software supplied by the adapter's manufacturer. (Windows XP [at least since service pack 1 or 2] and Vista also come with the Wireless Network Setup Wizard. However, I've always had better luck with the manufacturer's programs written for their hardware.) With the wireless Ethernet adapter installed and powered up, we launch the configuration utility. Every wireless adapter I've had seems to come with a radically different looking configuration utility - even for different wireless models from the same manufacturer. For this example, I'm using a Netgear WG511T 802.11G wireless Ethernet adapter. I also have the Linksys WPC54GS wireless Ethernet adapter, which has a very different looking utility, but with more or less, the same functionality. If the utility for your wireless adapter doesn't look like the screens shown here, don't fret about it. Just try to understand the purpose of what's being done, and you should be able to translate it to your configuration utility. Our goal here is just to make sure that the adapter is using the same SSID as the WAP.

The Netgear wireless utility for its wireless adapter - NETGEAR WGS511T Smart Configuration - has the ability to scan for wireless networks that are within range. If we didn't know (or forgot) the default SSID of the wireless access point, we could use this utility to find out. (However, our home WAP can be set to not broadcast its SSID, so this may not work.) In order to do that with the Smart Configuration utility, we open it and pick the Networks tab. Clicking on the Scan button starts a scan.

Netgear Smart Configuration Utility scanning for wireless networks

When the scan has completed, any networks found are displayed as shown below. This WAP is still set to its default values, namely an SSID of "NETGEAR" and no security. (The user's manual said the same thing, so this isn't much of a surprise.)

Utility showing discovered wireless networks

Now, we need to set our adapter to match the SSID of the WAP (if it's not already set to that value). The SSID setting for the WAP is the name of the network that it controls and needs to be the same for both the WAP and (all of) the wireless adapter(s). Once set for the Ethernet adapter, that SSID is the only network that it will pay attention to. If other wireless traffic from another SSID is broadcasting in the same area and on the same channel, both the WAP and wireless Ethernet adapters will ignore it. For the Netgear WGS511T, that SSID is changed on the Settings tab.

Setting the SSID through the utility

Above, I have set the name of the SSID to "NETGEAR" and I will save it in a profile named "Netgear." (Apparently, I wasn't feeling too inventive when I captured these screens.) Leave the security setting to "Disabled" (or change if to disabled if it isn't already) and hit the Apply button. (We will enable the security settings once we have established the basic wireless network. "Baby steps, Ellie, baby steps.") The result should be the screen picture below. That is, the Ethernet adapter should change from "Scanning" to displaying the new connection.

Setting the SSID through the utility

The status indicator line at the bottom of the screen now shows the wireless network we are connected to (NETGEAR), the channel being used (11), the current connection speed (54 Mbps at the moment, although this WAP and adapter card can go up to 108 Mbps), and the signal strength (8 of 8 dots or 100%; the WAP is just across the room from my laptop). I also clicked on the Save Profile button so I can recall this setup later if I need to. Using profiles comes in handy when we have a laptop that travels between wireless networks at home and work.

Note that we set the SSID, but we didn't set the channel. Most wireless Ethernet adapters will scan through the available channels and find the one your WAP is transmitting on. It will stop when it finds a WLAN that matches the SSID it is set to. If this does not happen, most cards will let you can set the channel manually. (This is left as an exercise for the reader.)

Now that the radio medium is established - the wireless equivalent of connecting the cable between the PC and the switch - we need to configure the Ethernet adapter to be on the same logical network as the WAP. That is, the adapter needs to have an IP address on the same network that the WAP operates its LAN and WLAN on. (However, it cannot be the exact IP address of the WAP; no two devices on the same network can share the same IP address.) Exactly what that IP address should be depends on the manufacturer (and possibly model) of your WAP. Assuming there is a router somewhere on your network - as will be the case if this is a combination router/switch/WAP - you may find that your newly-connected machine got a valid IP address using DHCP.

To make things simple and remove as many variables as possible, you may find it easier to set the address of the Ethernet adapter you are using (wired or wireless) manually to start with. It must be valid with respect to the WAP's default settings. For example, if the WAP uses as its default LAN address, the manual setting for the adapter should be, where "xxx" can be any number between 2 and 254, inclusive. (You can't use 1 because the WAP has reserved that address for itself.) The manual that came with the WAP will tell you what the WAP's default LAN (a.k.a., inside, internal, local) IP address is by default. You will need to jump to section Fixed/Static IP (Manual) IP Assignment in order to find out how to set the IP address manually, and then return here.

Craig Prall

Configuring the Wireless Router

Configuring the Wireless Router

Connect to the Router/WAP's Configuration Pages

Now that your Ethernet adapter has the SSID of the WAP and an IP address on the WAP's network, we need to configure it to the settings we want for our wireless network. First, we just need to see if we can contact it at all. To test to see if we have our Ethernet adapter configured to talk with the WAP, let's bring up the WAP's administration pages. Most WAPs and Routers have a built-in mini web site that can be used to check their status and to change their configuration. So to view the WAP's settings, we use a web browser like Internet Explorer or Firefox just like we would use to visit any other web site. The user's guide that came with your WAP will tell you for sure, but typically you get to the WAP's configuration pages by browsing to or into the address bar. Linksys equipment, for example tends to use the "1.1" address. Netgear WAPs, typically use the ".0.1" address instead.

Logging in to the Router/WAP

Above is an example of logging in to the Netgear WGT624 router. Note the IP address typed into the address bar as the URL. We can change the LAN IP address of the router if we wish. Notice that a dialog box popped up for us to enter the username and password for the router. By default, the Netgear WGT624's password is "password." (Sometimes, they aren't too imaginative either, so I don't feel so bad.) The default user name is "admin," and I have yet to find a way to change it. On the Linksys WRT54GS router, you get the same dialog box, but Linksys doesn't care what you type into the user name field (including nothing at all). The Netgear router does care. Once we have entered the administration password for the router, you should see the main page of the router configuration like the one below. (The very first time you logon to the router, you may be prompted with a page asking if you want to automatically detect your settings or get an offer to check for upgraded firmware. Decline such pages for now.)

WAP's main (default) configuration page

Every router's main page is different, and right now, we're concerned with changing the wireless settings. Therefore, we'll put discussing this page off until later and just click on the Wireless Settings link on the left menubar under the heading Setup. That brings up the basic wireless settings page as discussed in the next section. (Note there is a Wireless Settings Page under the Advanced heading, too.)

Set the WAP's Channel and SSID to Your Desired Choices

If you purchased your WAP and wireless Ethernet adapter from the same manufacturer, the wireless Ethernet adapter will probably be configured with the same defaults for the channel and SSID as the WAP. This means that your laptop or desktop will probably be able to talk to the WAP as soon as you install the software and drivers for the adapter. Even so, you will want to change the defaults.

You may be wondering why you should even bother to change the default SSID. After all, if the Ethernet adapter and your WAP are both set to the same defaults right out of the box, they'll already be configured to talk to each other, right? There are two reasons to change the default SSID. The first is that if someone near you like your neighbor buys a WAP like yours (because yours is so cool), it would be nice to avoid your WAP "colliding" with that new WAP while it's being set up. Two WAPs using the same SSID can really cause a wireless Ethernet adapter a bit of confusion. The second reason is that if you know what the default SSID is, so does every hacker nearby that would like to freeload off of your wireless service. I think too much is being made of "drive-by" hacking as I think you'd notice somebody constantly hanging around your home with a laptop. However, in a dorm, condo, or town home environment, your neighbor just might discover a cheap way to get on the Internet. Let's not make it too easy for that to happen. (However, this is very weak as security measures go. More on this in a bit.)

If your wireless Ethernet adapters don't initially have the same channel and SSID as the WAP, you will need to change (at least one of) the adapter(s) to match the WAP at least long enough to change its settings. (See the section Set the Wireless Ethernet Adapter's Channel and SSID to the WAP's Defaults if you haven't done this already.) If you have a combination router/switch/WAP, you can also use a wired connection to the switch to configure the WAP's channel and SSID. Every router's wireless settings screen is different, but they will have a page for setting the SSID. The basic wireless configuration page for the WGT624 is shown below.

The WAP's wireless configuration

In the next screen, I've changed the default SSID from the default ("NETGEAR") to my desired name - Hard2Guess. Please don't use that name. Make up your own. Just make it something you'll easily remember and others aren't likely to use themselves.

Update WAP's wireless configuration

You should also set the region at this time if it is not already set. Setting it to United States defines how many and which exact channels (frequencies) the WAP's radio transceiver can use. (In the case of the US, it's 11 channels.) If you want, you can also pick a specific channel to use. If you aren't getting the range you want or you have a 2.4 GHz cordless phone (or wireless mouse/keyboard or RF remote control or wireless speakers for your home theater or ....) that's interfering with your wireless LAN, changing the channel may help. With this particular router, I changed the mode to "Auto 108Mbps" in order to take advantage of Netgear's proprietary "Super G" 108 Mbps speed. Doing so locks the channel at 6, so I have no choice in this case. We'll leave the security options set to "Disable" for now. Hit the Apply button to make the changes and continue on to the next section.

Craig Prall

Reset the Wireless Ethernet Adapter

Reset the Wireless Ethernet Adapter

Reset the Wireless Ethernet Adapter's Channel and SSID to the WAP's New Settings

Most of the time when you make a change on the router and hit Apply, the router will go to a special page or pop-up a dialog box to let you know the changes were made successfully or at the very least return you back to the same page with the changes showing. However, when you apply this change, the Netgear router doesn't come back at all. Why not? Because you've just changed the WAP to only talk to cards on the newly-named WLAN (i.e., "Hard2Guess"). Your wireless Ethernet adapter is not on that WLAN; it's still using the old SSID named "NETGEAR." If you open your wireless adapter's configuration utility and again scan for networks, you'll see the new Network Name (SSID) you chose listed as shown below.

Using the WAP to scan for the new network

For the Netgear WG511T, we fix this problem by going back to the Settings tab just like you did in the Set the Wireless Ethernet Adapter's Channel and SSID to the WAP's Defaults section. However, this time we set the SSID to match the new one as shown below. (You may have to close and reopen your browser before you'll be able to browse to any other configuration pages for the WAP. If so, do that now.)

Setting the adapter's SSID to match the WAP's new SSID

Hit the Apply button and your adapter should connect using the new SSID (as it did originally using the WAP's default SSID). Continue on to the next section.

Change the Router/WAP's Default Password

Selecting Set Password from the WAP main menu When choosing a password, pick something you will remember, but make it hard to guess. In general when picking a password, include numbers, letters and special characters like "!@#%^&" if your router will allow it. Also, passwords are case sensitive, so use both upper and lower case.

On the Netgear WGT624, the router's default password is found on the page accessed by clicking on the Set Password menu found under the heading of Maintenance as shown here.

This will bring up the password change page as shown below. On this page, type in the default password and the new password you have chosen (twice to verify you've set it correctly since the dialog does not display what you type). Press the Apply button when you are finished. Most routers, the WGT624 included, will make you login with the new password in order to continue.

WAP Change Password screen

If you should ever forget your password, you can always reset your router to the default password by performing a hard reset. How you do this exactly differs with each model of router. For the Netgear WGT624 and Linksys WRT54GS, a hardware reset is done by pressing and holding the reset button on the back of the router for about 10 - 20 seconds. This will set everything back to the factory defaults - including any wireless and LAN settings you chose earlier, so they will need to be set up again.
Craig Prall

Additional Wireless Security Measures

Additional Wireless Security Measures

Turn Off SSID Broadcasting?

I used to be a big proponent of turning off the broadcasting of your WAP's SSID in order to hide it from would be hackers. The theory was turning off SSID broadcast makes it harder for outsiders to use your network since they would first have to guess your SSID. Since then, it was demonstrated to me just how simple and effective it is to use a wireless hacking program that can sniff out the SSID of a WLAN even if it is not being broadcast in the usual fashion. The program isn't particularly hard to find, so I've changed my viewpoint to hide it if you want to, but don't expect that will do much. I've also had trouble with some wireless Ethernet adapters (in laptops) reconnecting to the WLAN if the SSID broadcast is off.

Selecting Set Wireless Settings from the WAP main menu

In order to turn off the SSID broadcast, you'll need to find that setting in your router's configuration. For the WRT624, that setting is on the Advanced Wireless Settings page. Click on the Wireless Settings menu entry under the Advanced heading.

On the Advanced Wireless Settings screen, click on the Enable SSID Broadcast checkbox to clear it (so there is no "check" in the box) and hit the Apply button. If you go to the Networks tab of the WG511T wireless Ethernet adapter's configuration utility (as you did in the section Set the Wireless Ethernet Adapter's Channel and SSID to the WAP's New Settings), you will still see the Network name if you scan for networks. This is because that adapter already knew the name.

Disabling the SSID broadcast

However, any adapter that did not already know the SSID of your network will see the following if they do a scan. The wireless adapter can see that there is a wireless network operating at the "G" speed on channel 6, but it can't determine the Network Name. Thus it is blank.

Setting the adapter's SSID to match the WAP's new SSID

Enable Wireless Encryption

Not all hackers just want to use your wireless LAN; some want to monitor it to learn personal information, passwords, and credit card numbers. If your WLAN is operating in a small office, a hacker may be interested in learning your trade secrets, active court cases, or delivery schedule. Tools exist for hackers to capture and analyze your wireless network traffic without appearing to be connected to your WLAN. For these reasons, encrypting the traffic on your wireless LAN is almost essential. It also just happens to keep freeloading neighbors off your WLAN, too.

Initially, there was no encryption available on 802.11 networks as security was an optional part of the standard. Later, Wired Equivalent Privacy (WEP) encryption became available. However, WEP has some well-documented weaknesses that were found soon after its introduction. (Still, WEP is better than no encryption, and 128-bit WEP is better than 64/40-bit WEP.) Any hacker with enough time within range of your wireless network can capture enough wireless traffic to break WEP's encryption. WEP may keep the 10 year old next door off your WLAN, but nowadays, it won't even slow down anyone that is determined to compromise your wireless network. A decent WEP cracking program on a modest laptop can generally crack a WEP password in under 10 minutes.

Later versions of the 802.11 specification promoted Wi-Fi Protected Access (WPA) Pre-Shared Key (WPA-PSK) as the encryption protocol. WPA-PSK is much stronger than WEP while still based upon it, which let existing routers take advantage of it with only firmware upgrades. The next picture shows setting the WPA-PSK with the Netgear WRT624 using the Basic Wireless Settings page. (Remember to first set the wireless settings on the WAP and then go back and set the wireless Ethernet adapter to match.) Click on the radio button next to "WPA-PSK" and then enter a passphrase.

Set WPA encryption key

Unfortunately, WPA-PSK can also be compromised and has since been updated to WPA2. The newer WPA2 encryption can be compromised, but has technologies in it to make it much more difficult. If your wireless equipment supports WPA2 using that is more secure than WPA. WPA2 also comes in a couple of flavors: TKIP and AES. Both are good, but AES is better. If given a choice, use AES. Any recently manufactured wireless equipment should support WPA2 and AES. Using a passphrase of 21 characters or more makes it significantly more difficult so long as a strong password (i.e., void of common dictionary words) is used. This is these types of encryption are particularly susceptible to dictionary attacks against passphrases. The passphrase can be to 63 characters in length. Making the phrase longer and more complex and using a mix letters (upper and lower case), numbers and special characters makes the password significantly more difficult to crack. One way to do this is a way that is easier to remember is to substitute numbers for certain letters (that have the effect of spelling those letters backward or look similar to the original letter). For example, use "3" instead of "E" or "e" and "1" instead of "I." As mentioned, using special characters is very good. For example, using '!' as a substitute for the word "not" or '&' for "and". The passphrase "Th1s1s!MyP@55p4r@53UF00l" is a much stronger than "thisisnotmypassphraseyoufool" will ever be. Just be sure to remember what your scheme is.

Once the WAP has been set and the Apply button pressed, you will loose connectivity with your wireless LAN until the wireless Ethernet adapter has been changed to match the WAP's new settings. With the Netgear WG511T, this is done using the Settings tab in the Smart Configuration utility. Click on the Advanced radio button.

Set WPA encryption key Set WPA encryption key

This will cause the Advanced Security dialog to appear. Enter the same passphrase you used for the WAP and press the OK button.

For most types of wireless Ethernet adapters, changing to the Wireless Access Point's SSID and encryption method with the proper passphrase is all this is required. The card should now be able to connect to the WAP and send & receive data as it did when it was set to the defaults. If there is a problem at this point, try re-entering the passphrase on the wireless Ethernet adapter (and check that it matches what was entered for the WAP). It may be necessary to reset the WAP (router) and the wireless adapter back to the defaults and try again.

Configuring MAC Address Filtering

One of the earliest forms of WLAN protection was MAC Address Filtering. The term "MAC" is short for Media Access Control. Every hardware device on an 802 network (wired or wireless) has a unique MAC address. This is not the same as the IP address; the MAC address can be thought of as "stamped" onto that network device. It's much like the VIN number found on an American automobile. To start, open a Command Prompt window as shown below.

path to open Command Prompt window

In the Command Prompt window, type in the command ipconfig /all, the "Physical Address" listed is the MAC address for the Ethernet adapter in use.

results of ipconfig /all

Most WAPs will let you enter a list of MAC addresses of "approved" wireless devices that will be allowed to use the WAP's services and connect via a wireless connection. (Some routers also have a list for wired devices kept either separately or in combination with the wireless list.) Using "MAC address filtering," as it is called, helps to keep people from using your network, but it does nothing to keep them from capturing the traffic generated by it. (Hence, encryption is still needed.) Also, MAC addresses are not secure; programs exist that will allow the MAC address of a wireless card to be temporarily changed to mimic any MAC address - including one in your approved list. This is just one more tool to help keep unwanted wireless devices off your network. To set up MAC Address Filtering on the WRT624, go to the Advanced Wireless Settings page using the left menu. Then click on the Setup Access List button.

Pressing the Setup Access List button

Check the "Turn Access Control On" check box and hit the Apply button.

Enabling the Turn Access Control On check box

This will refresh the page with a list of wireless adapters currently in range. Most WAPs start with a list of devices currently connected in order to make it easy to set up the initial list.

Reviewing the wireless devices in range

Select the radio button next to the one(s) you wish to include. You can also manually enter the MAC address (found using the ipconfig /all command in the Command Prompt window).

Add a wireless device to the Access Control List

Disabling an Unused Wireless Network

If your ISP supplied your router, it will likely include wireless networking built in. By default, it is usually enabled and either not secured or secured only with the factory default settings. If this is the case, and you aren't going to use the wireless capabilities, you should disable them completely - unless you want to provide free Internet service to your neighbors (which likely violates the Terms of Service with your ISP). If you don't, they can use your wireless connection freely for any purpose they choose such as illegal file downloading and sharing. This is especially prevalent in townhomes and apartment buildings. If the RIAA lodges a complaint about illegal file sharing, it will be traced to the IP in use by your account. Your ISP will generally terminate your service permanently without question upon receipt of the complaint even if you weren't aware of the activities taking place. Even if they aren't doing anything illegal, they may be doing things that use lot's of your network's bandwidth, and it's quite possible they will be able to see and inspect the devices on your network. Let's avoid that.

If you aren't going to use the wireless capabilities, the best thing to do is to shut them off. (If you are going to use wireless networking, you want to configure your network to use wireless encryption and perhaps take other security precautions.) How the wireless is shut off varies between different makes and models of routers. You will need to consult the user's guide for your router. What you are looking for is something that disables wireless networking or disables the wireless radio. In the example below, the check box is simply labeled, "Enable Wireless Router Radio." Take care not to confuse this with a setting to Enable the SSID broadcast. These two settings are not the same and disabling the SSID broadcast does not disable wireless networking.

Disabling the SSID broadcast

If you've ventured this far, congratulations! You've reached the end of configuring the wireless network medium. Now it's time to go back to Configuring Your Network. Having gone through this section, you have a leg up on that task because we had to do a good portion of it in order to configure the radio medium. Don't worry if you don't need to do some of the tasks in that section because they were already done when you went through this section.

Craig Prall