How To: Wireless Network Setup
Setting up a secure wireless connection.
Step 1: Plug your cable modem into the WAN port on your router.
Step 2: Plug your wired PC into one of the LAN ports on the router.
Step 3: Turn your cable modem on.
Step 4: Turn your router on/plug it in.
Step 5: Boot up your wired PC, and configure it's IP settings to 'Get an IP Automatically'
Step 6: Following the instructions with your router, launch your web browser to configure your router. Your documentation will tell you the default password for your router and the web address to use. Some come with an installation CD that provides a user friendly front-end to this process.
Step 7: Change your router's administration password to something other than the default.
Step 8: Configure the router's WAN settings to communicate with your ISP. This will vary based on the type of connection you have. For Shaw cable, you can just set it to 'Get an IP Automatically' or 'DHCP' (which is the same thing).
Step 9: Check your router's status page to make sure its WAN section is connected and it has an IP address.
Step 10: Make sure your router is configured as a DHCP server. Most come configured that way automatically.
Step 11: Make sure the wired PC can connect to the internet (www.google.com, Yahoo, etc)
Step 12: Enable the wireless side of your router.
Step 13: Change the 'SSID' or 'Broadcast ID' of your router in the wireless settings to something meaningful to you. If you want to hide the existence of your wireless network to the casual passer-by, then turn of "SSID Broadcast".
Step 13 note: SSID Broadcasting basically means your router sends out packets every so often saing "There is a wireless network here, and this is it's name". This helps wireless network configuration software (Such as Win XP) locate and connect to wireless networks. Turning it off hides your network from the average wireless user nearby, but not from determined wireless hackers. It also makes it a bit more complicated to connect to your own LAN. I would suggest leaving SSID Broadcast enabled at first until you're sure everything is working, then look at disabling SSID Broadcast. If you are using a sophisticated WPA based (discussed below) system, then turning off SSID Broadcast isn't really required. Leaving it on will let you connect to your wireless LAN quicker.
Bascially it's a minor security issue. Off is a teeny bit more secure, on makes your wireless LAN a bit easier for authenticated users to connect to.
Step 14: Boot up your wireless PC, install drivers for your wireless network card. Follow the instructions to connect to the wireless network. Your PC should be configured to "Obtain an IP Address Automatically".
Step 15: Try to browse the web in order to see if you have connectivity. If you don't, follow the instructions in the user manuals for your router and your network card to try to diagnose the problem, or post here asking.
Step 16: Read your router user manual about the security options your router provides. There are basically two major types of wireless security, called 'WPA' and 'WEP'. There are various sub-options for each. Familiarize yourself with the options.
Step 16 Note: WEP is an older, and cracked, security protocol. Using it is better than using nothing, even so. Make sure you use a long bit version of the protocol, if you decide to use WEP. Both your router and your network card must support the bit length you decide to use, so check both manuals. DO NOT enable your security at this time.
WPA is a newer set of security protocols. There are many incarnations and variants to how WPA is implemented. They include things such as TKIS (which is essentially a shared key system where the shared key changes every so often automatically), AES, which is the standard 802.11i encryption, where you use a shared key that you enter in the router and in your wireless network settings in Windows. Note: use a 20 character or more keyphrase for WPA for maximum security.
There are also variants of WPA that use what is called a 'Radius database' (a database used by many ISPs for user validation) for even more security. This option is for the advanced user, unless your router is able to support Radius-like validation within its settings)
Generally I would recommend using either TKIS or AES with a shared key, and use a long phrase as the key, that you will provide for anyone attempting to connect to your LAN with a wireless card.
Step 17: Go back to your wireless PC, and open up a command shell "Start/Run..." and enter "cmd.exe". In that shell, type: ipconfig /all
For Vista users, just type cmd in the search box above the Start button then ipconfig /all
This command will list information about every network card on your machine. Find the section that looks like it belongs to your wireless network card. Beneath the 'Description' you will see a line like the following:
Physical Address. . . . . . . . . : 00-B0-D0-DE-08-03
Write down those six hexadecimal numbers.
Step 18: Go back into the config on your router. Enter the new administrator password you set earlier. Go to your wireless settings. Enable 'MAC Address Filtering' and then select the option to enter a MAC address. Enter the numbers you saw above, and apply the changes
Step 19: Go back to your wireless PC, and disconnect/reconnect to the wireless network. Make sure there are no connection issues and that you can browse the Internet. If there are problems, go back to your router settings (Using the wired computer if need be), and make sure you entered your wireless network card's MAC address into the ENABLE list properly.
Step 19 Note: Step 17 and 18 and 19 will need to be repeated for every WIRELESS network card on your LAN, keep this in mind if you invite anyone over with a wireless card. The purpose is to try to limit the cards that are allowed to access your network. This is a security feature. It can be "beaten" by someone who finds out what a valid MAC is and changes their MAC address by hand, but it is another level of discouragement for casual wireless network hackers, who will prefer to find an unprotected network.
Step 20: Enable wireless security in your router settings. You should do this from your wired PC because you will have to disconnect your wireless PC from the network and configure your wireless connection with your new security settings. I recommend using WPA with a long (20+ character) shared key, either use TKIS or use AES. If you are more advanced, there are pages on the Internet about even more secure WPA that you can perform with Radius or FreeRadius servers or advanced routers.
If you choose to use WEP instead of WPA, use the highest bit protection that both your router and your wireless network card supports. Again, read the user manual closely and read up on wireless security sites (Microsoft has a good set dealing with Windows XP in their help and support.microsoft.com pages). You may need to get a wireless update for Microsoft Windows depending on what version you have in order to support WPA, as it is a new standard.
Step 21: Disconnect/reconnect to your wireless network using your new security settings, making sure you can access the Internet. Ask questions or re-check manuals if you are having problems. You can disable the security setting in your router for the time being until you get it figured out, but it is strongly recommended you enable it.
Great article Supergrover!:)
I think alot of people that are not to familiar with networking will find it extremely useful. I'm wondering if you could add a few screenshots of the different points you touch on? I know alot of people might read it and as "were do I find that setting".
thats a good article a couple of things i should point out.
1. it's tkip not tkis.
2. aes and tkip and encryption algorithims not wifi encryption standards. standards are those such as wPA, WPA-PSK, WPA2, RADIUS.
if you want i could explain tkip and aes if you like but it's very boring. basically i would use AES if your hardware supports it if not use tkip. and use wpa2-psk if not update your hardware.
These are just some additions i thought i would point out.
great read supergrover
i see that you recomend wpa as your security i have been using wep with 128bit encription, do you recomend that i should change that?? :thumb:
yes change it now. WEP is very weak encryption.
WEP - Wired Equivalency Privacy
WPA - wifi protected access
here's why wep is so crappy. even though your wep is set to 128bit encryption your data encryption is only 104 bits not very hard to crack.
with wpa you should probably use wpa-psk and tkip. basically i uses a preshared key (max of 65 characters) and the uses the tkip protocol to encrypt the data for true 128 bit data encryption or higher. But if you want uber secure go for wpa2-psk using AES instead of tkip.
Thanks Supergrover. Thanks to your How-to, today, my first wireless set-up was a breeze.
thanks you for your post, you help is appreciated:biggrin:
thank you for sharing... soon, i will change wep to wpa as you suggest...
Thank You So much, im the biggest network noob of all time, slowly getting better though. Recently just figured out i had been running my wireless network with no password for over 4 months, and i had did the little tin foil mod to boost the range to :S
|All times are GMT -7. The time now is 12:50 PM.|