Guide to Setting Up
a Wireless Network
DirectSupport Programme
ruralnet|uk
National Rural Enterprise Centre Stoneleigh Park, Warwickshire CV8 2RR, UK
Tel: 0845 1300 411 Fax: 0845 1300 433 Web: www.ruralnetuk.org
ruralnet|uk is a registered rural regeneration charity (1089238)
RNUK Ltd is a wholly owned trading subsidiary of ruralnet|uk working in urban and rural regeneration (Company Number 4275701)
Contents
1. Purpose of this Guide...2
2. What is a Wireless Network? ...3
3. Wireless Network standards...4
4. A Typical Network ...7
5. Wireless Network Components ...9
6. Networks, the Internet and TCP/IP... 12
7. Planning Your Network ... 14
8. Setting up your Wireless Network ... 20
9. Wireless Network Security ... 22
Appendix 1 Setting up your computer to use DHCP... 26
Appendix 2 How to find the MAC address of a personal computer ... 32
1. Purpose of this Guide
This guide has been commissioned by the Department for Education and Skills, in partnership with NIACE (National Institute of Adult and Continuing Education), to support those working with wireless networks for Adult and Community Learning. It has been written by the DirectSupport initiative, which has been supporting UK online centres, Wireless Outreach Projects, and similar Community ICT access programmes, since 2000. DirectSupport is run by the charity ruralnet|uk, together with other community development partners.
The guide is for learning practitioners, and their support staff, who are
considering the installation of a new wireless network or want to understand the implications in extending an existing network by using wireless components. It offers information to tutors and community development practioners, who may work in outreach venues, in learning access centres, or in small organisations. Those who may not have a technical team on call, and require simple DIY guidance on how to set up a small network of computers to share files, printers and connect to an existing Internet connection, will find this guide helpful.
It sets out to explain the basic principles behind wireless networking, the different standards available and the components needed to set up the network. It also discusses how to add a wireless segment to an existing network constructed using cables or wires – a wired network. It covers configuring the network,
setting up network security and basic troubleshooting. The guide assumes a basic understanding of computer networking, but is not intended as a comprehensive guide to network design, management or support
Readers from organisations which have a network maintained by their own technical support staff should obtain advice from these staff before connecting wireless components to the existing network.
2. What is a Wireless Network?
For many years, it has been possible to connect two or more computers together using cables, so that computer users can exchange and store files, share printers, share an Internet connection or other common resources. If you were to get a wired network installed today, it would most likely be constructed using ‘Category 5’ cable, which is designed to carry network signals at speeds of 10 Mbps1 or 100 Mbps for distances of up to 100m between devices on the network. Which speed is used will depend on the network devices available, but most 100 Mbps devices can also work at 10 Mbps.2 Higher speed network devices and cables are
available, but these are normally used to connect servers or data storage devices together rather than office computers.
Wireless networking is a technology that enables the cabling that connects each computer to the network to be replaced by a specially coded wireless signal. When fitted with a wireless network card, a computer can exchange data with other similarly equipped computers nearby without the need to be plugged into a network point, forming a wireless network. Since the wireless network uses the same protocols and addressing schemes as a wired network, the two types of network can be freely mixed.
Like a wired network, a wireless network is neutral to the operating systems used by the computers on the network. Whether you are a PC user, a Mac user or a Linux user you will be able to wireless network if you install the appropriate wireless card in your computer or laptop.
In the last two or three years, low cost wireless components have produced a number of ways of connecting computers together wirelessly. These networks are growing in popularity with many organisations because they offer low purchase costs, almost no installation costs and they allow wireless equipped computers to be freely moved around the room, the building or even outside.
Wireless networks can be easily assembled with only basic knowledge of computers and networking. Most wireless components are built with their own software or firmware that will make them work “out of the box”, so for many users it has simply been a matter of install and go. However, this deceptive ease of use hides a number of pitfalls to do with differing standards, physical
limitations with wireless signals, and security issues. These pitfalls can make setting up or extending a wireless network a nightmare if the issues are not considered before the components are purchased.
1 Megabits per second – a measure of data transfer speed.
3. Wireless Network standards
Whilst this is not intended to be a technical document, it is important to
understand that a number of different wireless network standards are available. These standards were established by the IEEE (Institution of Electrical and Electronic Engineers) and are commonly called the 802.11x standards, as there are presently three different ones in use: 802.11a, 802.11b, 802.11g.3 The differences are categorized by how fast data can be transmitted between devices, how far they can be apart, what radio frequency they use and whether they will work with the other standards. The table below shows the basic differences between the standards.
Standards Compared
Standard Speeds up to Frequency Typical Range CompatibleStandards 11Mbps 54Mbps Outdoors/Indoors
802.11a ✓ ✓ 5 GHz 23 m / 8 m 802.11a only
802.11b ✓ 2.4 GHz 50 m / 20 m 802.11b only
802.11g ✓ ✓ 2.4 GHz 50 m / 20 m 802.11g and 802.11b
Looking at the above table, you might ask why anyone would want to use the 802.11a, as 802.11g would appear to be superior in both range and compatibility. The answer is that the frequency used by 802.11a makes it less susceptible to RF interference (electrical noise from motors or other electrical devices) than the other standards. So, it would work better – for example - in a manufacturing environment such as a factory. Also, the way that 802.11a wireless devices encode the signal is better for multimedia voice, video and large-image applications in densely populated user environments. The future of 802.11b is less certain as it offers less than the a or g standard, so it is likely to be retained for ‘backwards compatibility’ in networks where existing b standard components are in use.
There is also a standard called WI-FI. This is not an electrical standard like the IEEE 802.11x standards described above; it is a standard agreed by a number of manufacturers to ensure compliance between their wireless systems. To obtain WI-FI Certification, manufacturers must submit a sample product for testing to see if it will work correctly with other WI-FI compliant devices. If the sample product passes the test, then the product can be certified for use with other WI-FI devices and can be sold with this accreditation. Note that the testing will be against other devices using the same 802.11 standard so although it is possible to obtain a WI-FI compliant 802.11a device, this will not work with a WI-FI
compliant 802.11b or 802.11g device. However, it is expected that WI-FI certified
devices that use the same standard (802.11a, b or g) should work together successfully.
How far can the network go?
Unlike a wired network, whose characteristics are easy to predict, the physical environment around them noticeably affects wireless networks. As the signal travels away from the aerial on a wireless device, the power is dispersed so that after a certain distance there is too little power to be detected by the receiving device. Outdoors, in a space where there are no trees, buildings or other large objects, the signal will deteriorate evenly in all directions above ground (including upwards). The only factor that can reduce the distance is the weather; during rain or fog the maximum distance at which the network functions may be reduced, as the moisture in the air absorbs the radiated energy. A heavy rainstorm may be enough to temporarily disable the network in some situations.
Indoors there are a large number of obstructions such as furniture, walls, floors and ceilings. The wireless signal is absorbed by some materials and reflected by others. This often gives dead spots in the area covered by the access point where no wireless reception is possible. Sometimes there are ‘freak’ areas where
reception is possible beyond the normal range of the access point. Some wireless devices are also affected by interference from other high frequency devices like microwave cookers, which may give rise to errors or a complete loss of the network for a period of time. Unfortunately, wireless networking is not an exact science and the positioning of wireless devices may require some fine-tuning to get them working reliably.
There is a basic trade-off between the speed of the wireless network and the distance that the signal travels – the higher the speed the less distance the signal will travel. The table below shows a comparison of speeds and distances. The speeds indicated are typical of those available in wireless networks. By default, wireless devices are set to run at their highest available speed.
SPEED OUTDOOR INDOOR
54 Mbps 50m (165ft) 20m (65ft)
18 Mbps 150m (490ft) 60m (195ft) 11 Mbps 180m (590ft) 75m (245ft) 1 Mbps 570m (1870ft) 125m (410ft)
The distances are indicative only in clear air and will vary for different
manufacturers and situations. If you are using these as a basis for planning a wireless network, then take the figures above as a best case and try to keep distances between devices less than those shown in the table.
If the distances between the wireless devices are large, close to the maximum tabled above, the network speed can be manually reduced to a lower speed than the maximum. This results in better reliability at a distance, but at a loss of speed across the whole of the network.
However, if you run a mixed network with 802.11g (54 Mbps) and 802.11b (11 Mbps), then the network will work at the lowest speed everywhere, in this case 11 Mbps.
How many computers can share the network?
Whether wired or wireless, all networks have a maximum rate at which data can move through the network. If the network has only one pair of computers connected to it, one computer can send data to the other using the maximum data rate of the network. If a second pair of computers are connected and exchange data at the same time as the first pair, then they share the maximum data rate with those computers. As more computers are added to the network, then they too get a share of the maximum data rate. From the computer user’s perspective, data exchange will get slower as more computers are added. In practice, most computer users are surfing the internet, collecting e-mail, saving a file to the server, or sending prints to a network printer, all of which are much more variable in the way they make demands on the network. So, quite often, users will not be aware of the presence of the other computers.
So how many computers can run on the network? A good rule of thumb is to assume that each computer – running the above sorts of things – will use about 2 mbps of the available bandwidth of the network. For example, the bandwidth of an 802.11b network is nominally 11Mbps maximum, so dividing this by 2 will suggest you could connect 5 computers and expect a reasonable performance. Using the same rule of thumb, an 802.11g or 802.11a network, nominally 54 Mbps maximum, would probably support up to 25 computers. It must be emphasized that these are only rough figures, and assume that the maximum data rate can be achieved in each type of network. As mentioned previously, as distance increases, the maximum available bandwidth falls, and this should be taken into consideration when applying the above rule of thumb.
So, if an 802.11b network was running at extended distances and was manually configured to run at 5.5 Mbps to increase reliability, our rule of thumb would suggest that this network would support only two to three computers, rather than the 5 that it would support at maximum speed.
4. A Typical Network
The diagram below illustrates a typical network which might be found in an office or learning environment.
Diagram of a typical network
In a typical small office environment, there will be a mixture of desktop and laptop computers – these are illustrated on the left of the diagram. Each
computer needs a network card installed in it; depending on the type of card, this could be a wireless or a wired connection.
Through this card, the computers connect to a hub, a device that manages the flow of data between the computers in the network. All the network data between computers, the Internet and any other devices on this network will flow though this hub.
A shared network printer and a file server may also be connected to the hub, to provide shared services for the network. Servers are usually connected to the hub by wire, not wirelessly, as the wired connection can provide greater throughput between the server and the rest of the network than any current wireless connection can.
A DHCP server may also be included in the network. This server can automatically provide a unique address to any device connected to the network; this address is necessary for successful networking.
To provide a connection to the Internet, a number of devices are required. 1. A firewall – a device that can block ‘bad’ or ‘unwanted’ data that has
originated from the Internet. It can control which computers may use the Internet and also which Internet services can be accessed – for example the firewall could block e-mail going to or coming from a particular computer on the Local Area Network (LAN), prevent users
connecting to a specific website, or block access from the Internet for all services except e-mail and web browsing. Whilst it is possible to make an Internet connection without the use of a firewall, this is definitely not recommended.
2. A router – this is a device which joins the LAN and the Internet networks together. It looks at data on one network to see if it is intended for the other network and will pass it onto the other network if it is destined for that network.
3. A modem - this is the device that encodes and decodes data onto the telephone line (if using ADSL) or onto the cable (if using cable). It also provides a means of initiating and maintaining the connection and also identifying the user of the connection to the ISP (Internet Services Provider)
Note that the file server is NOT part of this Internet Connection, and it is not a pre-requisite. A file server on the LAN can provide local security or extended local services such as file, print and a local mail host, but does not have to be the route through which Internet services are provided to the users’ computers, whether connected by wireless or otherwise.
The above diagram shows the devices needed to provide a basic secure small network and to connect it to the Internet. These do not need to be discrete units though; for small networks with relatively low traffic demands, it is quite feasible to provide a single box which integrates the functions of the router, firewall, DHCP server and even the hub into a single unit. These single units, although not flexible enough to manage large numbers of computers on the local area network, provide a satisfactory solution for small implementations of say 5 to 20 computer users.
Within the local area network, wired and wireless solutions are now common, and manufacturers offer both wired and wireless versions of all of the main
networking components needed. These and less sophisticated devices are described in the next section.
5. Wireless Network Components
Wired and wireless networks use the same basic types of components to build the network.
Wireless Network Cards
Each computer that needs to be connected to the network requires a network card to be installed in it.
In a desktop computer, the card is usually installed inside the computer, most commonly in one of the PCI expansion slots that are common in tower or desktop PC configurations. On a wireless card, a short aerial, about 10cm (4 inches) protrudes outside the computer and can be swiveled about to receive the best signal.
Wireless card for a PCI Expansion Slot Wireless card for a PCMCIA Slot
In a laptop computer, the card would most likely be installed in one of the PCMCIA slots in the side of the laptop. On a wireless card, about 2cm (3/4 inch) of the card protrudes beyond the slot to act as the aerial. On Apple Macintosh computers, the Airport card is installed inside the computer and is not obvious from the outside.
A wireless card which connects to a USB port
A third possibility is to connect the card via a USB cable to the computer. In this case, the aerial will be on the card, which can be placed anywhere that the USB cable will allow it, which could be up to 5 metres (16 feet 4 inches) from the computer. The card is powered though the USB cable, so no additional power supply will be required.
The wireless card will come with installation software; as well as providing a means of controlling the card and establishing the network, the software usually provides some sort of visual indication of signal strength, so that aerial or card position can be adjusted to obtain the best signal.
Wireless Access Point
Most existing computer networks are based on the use of network cables (wires) that plug into sockets on the wall. The wires behind these sockets are routed back to a central location where they are plugged into a hub, either directly or via a patch panel. (Patch panels are used to provide greater flexibility when
configuring or reconfiguring the physical connections in the network). The hub is a box with (commonly) 4, 8, 16 or 32 sockets on it; in order to communicate on the network each computer’s network card will have to be connected to one of the sockets on the hub. When all the sockets on the hub are used, no more computers can be attached. To overcome this limitation, most wired hubs can be ‘cascaded’ together so when all the sockets on one hub have been used, a second hub can be connected to make more sockets available. Of course, these extra sockets would require cabling between them and the computers; installing these is a costly and often disruptive operation.
The wireless alternative to the hub is a wireless access point (WAP). When the WAP is powered on, it will be the point of communication for the wireless cards in each of the computers that are configured to connect to it. Any wireless enabled computer that works with the same or a compatible wireless standard can then be configured to link up with this wireless access point. If the access point is linked to an existing hub which offers shared services such as file, print and Internet connections, then these can be made immediately available to the wireless computer. All that is required is software configuration - no manipulation or installation of wires.
A wireless access point
It is not necessary to connect the wireless access point to a wired network for the wireless part of the network to function, although this may require manual
configuration of IP addresses on each wireless card. When a wireless network uses a wireless access point, it is configured in infrastructure mode.
Wireless Broadband Routers
For many community access or learning situations, a requirement is that the network is connected to the Internet. As discussed earlier, a connection to the Internet can be established with a router, firewall and an ADSL modem. A number of manufacturers provide these in a single unit, and also include a small wired hub with – for example – four ports, so that both wired and wireless devices can join a local network.
In addition, such broadband routers can be set up to offer DHCP services to the local network and include a basic firewall, so a complete local network with a shared Internet connection can be established with this single unit.
When choosing a broadband wireless router, do look carefully at the specification of the unit to determine what it contains, as different manufacturers offer
different configurations. Many broadband routers do NOT include the ADSL modem, so if your ISP does not provide this, you will have to provide it as a separate device. If you are using an ISP which provides Internet via cable, do ensure that any router with a built-in modem can support a cable connection.
Wireless Bridges
A Wireless Bridge
A wireless bridge is a way of joining two remote LANs together wirelessly. A typical application might be where you have two LANs in separate buildings and you would like to join these together without the need to run a cable between the buildings.
A wireless bridge is required on each LAN, and the two bridges need to be within wireless range of each other. The range of a wireless bridge is usually slightly greater than a wireless access point, typically 350m for an 802.11g device, due to the design of the aerial. Wireless bridges are usually designed so that a large aerial, which can be mounted outdoors for maximizing range, can replace the rod aerial normally fitted. It is also possible to replace the omni-directional rod aerial with a directional dish aerial, and this can increase the bridging distance to distances of several miles when the antennae are correctly installed and configured.
Wireless bridges are not normally required in a small installation, but are mentioned here because they may be relevant to some installations.
6. Networks, the Internet and TCP/IP
In order to be recognized on the Internet, a computing device must have a unique address, so that exchanges between devices on the Internet can be properly managed. Each device is therefore provided with an Internet Protocol (IP) address that is unique to the device and also determines which other devices it can communicate with.
IP Addresses
Every computer connected to a network (wired or wireless) needs a unique address to enable data to be sent to it. To enable networks to be connected together (such as through the worldwide web) an internationally recognised Internet Protocol (IP) address format has been defined. Rather like a postcode or telephone number, the IP address pinpoints the precise location of the computing device in the network. IP addresses are made up of four groups of 3-digit
numbers separated by dots: for example 192.168.123.115. The number in each group can take a value between 0 and 255. In theory, this method of addressing would allow up to more than 4 thousand million individual addresses. To make this easier to manage, these individual addresses are subdivided into different classes or address spaces, but how and where these are used is beyond the scope of this guide and for most purposes is irrelevant when setting up a small network. All that normally matters is to understand that the first three groups are fixed for your local network and that only the last group will vary. This means that you can have up to 256 devices on your network, wired or wireless, although it is not recommended that you have this many in a practical network situation. If you have two networks with different IP addresses – in other words one or more of the first three groups are different, then you need a router to pass data between these two networks. This means that if more than one computer is to share your Internet connection, a router is needed between the Internet and your two computers to enable this to happen. The router may be a real box with wires coming out of it, or could be software running on a computer. In this guide, we will only discuss routers as the former – boxes with wires coming out of them; other ways of doing this task are beyond the scope of this guide.
As noted earlier, every computer on the Internet must have a unique address, so the usage of these addresses is carefully controlled by an organisation called the InterNIC. InterNIC records who has been authorised to use specific addresses and which addresses have not yet been allocated. Most Internet users will directly or indirectly get their Internet connection though an Internet Service Provider (ISP). The ISP will have paid to obtain a block of Internet addresses, that can be offered to their customers for ongoing connection to the Internet. Obtaining these
addresses and retaining them on an annual basis is an expensive option for an ISP, so ISPs will normally try on make optimum use of their IP addresses. If the computer has to be connected to the Internet at all times (e.g. a mail or web server) then it is usually provided with a STATIC IP address by the ISP – this means that the ISP does not allow anyone else to use that address. Computers that do not need to be connected at all times (e.g. for web browsing, collecting mail) are usually provided with a DYNAMIC IP address from a pool of available addresses that the ISP provides. If there are, for example, 50 addresses in the pool, then as each user connects he will be allocated the next available address from the pool. When he disconnects, the address he was using becomes available again for use by another user. The ISP usually offers these addresses on a
pool, he is offering a 20 to 1 contention ratio. If he puts 200 addresses in the pool, he is offering a 5 to 1 contention ratio, so a user will be much more likely to obtain a connection.
Automatically providing IP addresses – DHCP
Before a node (e.g. a computer, WAP or file server) can connect to a network it needs to be allocated its own unique IP address. In a small network of static PCs this can be done manually since the IP addresses rarely need to be changed. However, in a larger network or one in which laptops or other portable devices are used, changes need to be made frequently: new equipment needs to be configured, IP addresses for obsolete equipment need to be re-allocated, and temporary IP addresses need to be provided for “visiting” laptops. DHCP (Dynamic Host Configuration Protocol) provides an automatic mechanism for allocating IP addresses and configuring individual nodes.
NAT
With the widespread introduction of broadband, it is unlikely that a single computer will actually use the maximum throughput of the Internet connection. Allowing a number of computers to share a single broadband connection is both cost-effective and also allows a number of computers to share a single IP address on the Internet. A common method of address sharing is called Network Address Translation (NAT), which allows several networked PCs to share an Internet account using a single IP address.
The router or gateway computer that manages the Internet connection usually performs Network Address Translation. NAT provides a way of tagging a request to the Internet from a user’s computer so it can then replace the address of the user’s computer with the single address assigned by the ISP for the Internet connection. So from the Internet viewpoint, all requests for information appear to come from one single address and all responses are sent back to that single address, and all the computers on the LAN then share that single connection. The NAT system manages these requests and uses the tagging so that the data returning from the Internet is sent back to the computer that requested it. This scheme offers the additional benefit of firewall-like protection because the addresses of computers on the LAN are not visible to the Internet through the translated connection, so a hacker on the Internet cannot find the individual computers on the LAN to attack them.
The NAT system will normally come with a preset range of IP addresses that are available for use by the computers on the LAN. Typically these addresses will be in a range such as
192.168.0.0 - 192.168.255.255
This address can normally be changed to a different address range if required; however unless there is a good reason to alter this default address range, there should be no need to alter it.
7. Planning Your Network
The Layout
A wireless network is much more versatile than a wired network. As long as computers are within range of the wireless hub, they can join onto the network. There are many possible configurations that you may wish to set up in your own situation. Some basic structures – with their pros and cons – are illustrated below.
Simple Ad-Hoc Network
This is possibly the simplest way to network two or more computers together. Each computer is set up with a wireless card, which is configured to work in ad-hoc mode. In this mode the computers can communicate directly with each other to share files or printers and other resources – such as an Internet connection – which are
connected to individual computers. The main advantage of this type of network is that you only require an inexpensive wireless card in each computer to get this working.
The disadvantage is that you will have to set up all the wireless cards in each
computer manually; the cards do not automatically configure themselves into ad hoc mode. It will also be necessary to provide a valid and unique IP address for each card; for example, 192.168.1.2 and 192.168.1.3. In addition, this kind of network cannot easily be extended to include wired devices such as network printers or file servers. If file sharing or printer sharing is required, then this will have to be provided though one or more of the computers on the ad hoc network, which will – of course – make these computers run more slowly.
192.168.1.1
192 168.1.2
Adding to a wired Network
This is perhaps the most common way of establishing a wireless network. A wireless access point (WAP) is connected to the existing wired network, and then offers a wireless network segment to suitably equipped computers. The wireless equipped computers can then access the file server in the same way as the wired computer can.
The disadvantage of adding a wireless segment to the network is that all traffic to and from the wireless segment has to travel down the single wired connection. If many wireless computers are connected into the wireless segment of the network and they require constant service from the file server in the wired segment, the network may slow noticeably for the wireless users.
To configure this network, you would need to do the following, after turning on the Wireless Access Point:
Configure each wireless card to work in Infrastructure mode.
Configure each wireless card to log onto the Wireless Access Point by default. Configure the IP address of the wireless card to suit the IP address range of the network or – if DHCP is available from the existing wired network - configure for DHCP addressing.
In this configuration all the user computers are connected wirelessly via a wireless router.
The router provides support for wireless access, but also provides an internal router and an ADSL or cable modem so it can be directly connected to the telephone or cable. Most routers of this sort will also provide a firewall, DHCP services and NAT for the LAN, which can be used if these services are not available from one of the
servers in the local network. Some routers also provide a small number of wired ports so that servers, network printers and similar devices that require a permanent and fast connection can be attached to the network.
In a situation where there is no existing hub or router, we recommend using just a wireless router as this will provide all the necessary facilities. (The alternative is to build the necessary facilities using a hub, a firewall, a simple router, and ADSL or cable modem).
To configure this network, you would need to carry out the following: Configure each wireless card to work in Infrastructure mode.
Configure each wireless card to log onto the Wireless Router by default.
Configure the IP address of the wireless card to suit the IP address range of the network or – if DHCP is available from the existing wired network - configure for DHCP addressing. The IP addresses of the server and printer should be provided manually to complement the DHCP configuration.
Configure the router to connect to the Internet, according to the requirements of your Internet Service Provider. This may involve configuring the router and
associated modem with appropriate settings for the ADSL service; these details will be available from your ISP.
Extended wireless network
This configuration is appropriate where the physical area in which the computers are located is large, such that some computers might be out of range of a single Wireless Access Point. In this case, a second wireless access point is placed within range of the wireless router, and is configured to relay the signals from that router to the remote computers, thus extending the physical range of the network. It is often a way of improving the quality of a wireless network where local conditions such as internal walls, fixed metal equipment and so on have conspired to produce weak signals or dead spots in areas that might otherwise have been expected to work. Placing the second access point where it can relay the signals from the first access point will boost the overall signal in the areas where signal reception was poor. The ability to extend the range of a wireless network is not a ‘standard’ feature of the 802.11 wireless specifications; it is something that has been introduced by a number of manufacturers as a feature of their product. It is therefore recommended that, if you plan to implement this sort of network, products that are specified to work in this fashion be obtained from the same manufacturer. Configuring the network will be done according to the manufacturer’s instructions.
Some manufacturers support ‘roaming’ in wireless networks with multiple access points. This is best understood by examining the diagram below:
In this configuration, two wireless access points are connected to a single hub through wired connections. A file server and a network printer might also be available, and the network could connect to the Internet if required. The wireless access points are located some way apart, and their signal coverage may or may not overlap.
A user with a laptop computer is working at a location that is covered by wireless access point 1, on the left of the diagram. He then moves his laptop to a location covered by wireless access point 2. With the two wireless access points configured for ‘roaming’, the user will be able to continue to work at the second location without having to change the settings on his wireless card – the ‘roaming’ feature
automatically handles this for him. If the signals from the two wireless access points actually overlap, it might even be possible for him to work whilst moving from one location to the other, as long as he did not stray out of range of the signal from either access point; the switch from access point 1 to 2 would take place without his intervention.
8. Setting up your Wireless Network
To make setting up your wireless network as simple as possible, we recommend that you set up the wireless access point or router first, and then set up the wireless cards in the computers that are to attach to the network.
Setting up the Wireless Access Point
Should you be setting up a broadband router that includes a wireless access point, the following information is also relevant.
The Wireless Access Point (WAP) should be located indoors, and away from any large metal structures such as filing cabinets, metal shelves or reinforced glass that contains wire mesh. It should not be located close to reinforced concrete pillars or beams, or other metal structural items such as water tanks. Such items can cause reflection or obstruction of the wireless signal, reducing the
effectiveness of the network.
The WAP can be plugged into an ordinary domestic power socket and can be switched off when not required. It will take a few seconds to power up and provide the wireless network facility. Don’t switch on any of the computers with wireless cards until you have set up the WAP.
The WAP should be now be configured to your requirements. You should consult the instructions to see exactly how this should be done. Most WAPs and routers can be set up by connecting a PC to them. Usually, you can connect a PC to the WAP using a standard patch cable: the sort of cable normally used to connect a PC to a network wall socket. It may be convenient to locate the WAP temporarily alongside the PC while you are doing this. Once you have carried out the basic configuration, you can relocate the WAP to its final location as discussed earlier. We recommend that you change the default name of the network to something different from that set by the manufacturer. We recommend that the name you choose should consist of letters and numbers (no punctuation) and should be eight or more characters long. Note this name down for use when configuring the wireless cards in your computers.
You should also change the administrative password to something other than that set by the manufacturer. Please note the new password down. If the new
password is lost, it will require a full reset to the WAP, which loses all settings. You should also set up network security as discussed in the next section. Once the wireless router has been set up, you can set up the wireless cards.
Setting up Wireless Cards
If your computer came preconfigured with a wireless card, you should be able to skip to the next step. However, we do recommend that you read any information provided with the wireless card before starting to configure it.
Before installing any wireless cards, whether internal or using a USB or similar connection, you must consult the instruction manual provided with the card and follow the appropriate installation sequence. Please observe any instructions about anti-static procedures for handling the card when you install it, and also on taking your computer apart and re-assembling it.
In some cases, it is necessary to install software on the computer before the card is installed or attached. Other cards may have to be installed first, or may require some reconfiguration on the computer before installation. It is recommended that you check your operating system and version before starting, and check the manufacturer’s instructions.
If the installation procedure fails, then ensure that you are following the process as described for your computer’s operating system exactly. If you haven’t followed it correctly, we recommend that you remove the wireless card from the computer, and also remove the software from the computer, using the usual Windows uninstall processes.
Configuring your Wireless Cards
Once the card has been installed, and the WAP is running, you can now configure the network card. Follow the manufacturer’s instructions on how to do this as it may ask you to use the manufacturer’s software rather than the standard Windows software provided for the purpose. Using these, you should be able to set up a standard network connection in your operating system. This should show in the networks panel as a wireless card – although there may be other
connections present too.
Use the network name and security settings that you have decided on for your wireless network and configured earlier. Once you have applied these settings, the wireless card should be able to ‘see’ the WAP. Most software has some sort of indicator for the signal strength, and as long as this is showing 60% of maximum or greater, your wireless card should be able to attach itself to the WAP. If signal strength is lower than 50%, then you may have problems. Altering the position of the aerial on the wireless card, moving the computer or even removing any metallic object locally can help. Computer workstations that are made of metal are not the friendliest supporters of wireless networks!
If there is a DHCP server in your network, then you should be able to set up your wireless card to get itself an address automatically – see appendix 1. If you have to set the card with a manual address, you need to use an address that fits in with your IP addressing scheme. If you don’t know what this should be, see your network administrator.
Once you have completed the configuration process, check it works by seeing if you can access the Internet through your browser. Try bringing up your favourite website – if this works, then you have successfully configured your wireless card!
9. Wireless Network Security
Implementing Security
In a wired network, physical access to the network is required to gain access to it – in other words you have to plug a computer into a network socket before you can use it. In a wireless network, no such barrier exists; you merely have to be within range of a wireless access point with a suitable wireless card to be able to connect. Thus it is quite possible that an unauthorized person standing outside a building, with a wireless enabled laptop computer, could establish a connection to your wireless access point without your knowledge.
Fortunately, wireless networks have security features built into them, so it is possible to reconfigure a wireless network to make it much more secure.
Unfortunately, wireless network equipment usually ships with all security features turned OFF, so these MUST be turned ON to gain any degree of security.
There are three main security mechanisms available on a wireless network.
Configure ‘Closed Mode’
Wireless access points will ship in ‘Open Mode’ with a preset name for the network that it is supporting. This means that as soon as the access point is turned on, it starts broadcasting ‘beacon’ packets which tell any other wireless device in the area that it is available for connection and this is its Service Identifier Name (SSID) – for example ‘tsunami’. A Windows XP computer which has a wireless card installed will automatically go into detect mode if it is turned on; if it receives a beacon packet, it will use the SSID information to attempt to set up a connection to that access point. Although this makes it very easy to set up a wireless network, it also means that anyone with a wireless card could connect to the access point.
If the system is reconfigured into ‘Closed Mode’, then the access point no longer broadcasts beacon packets. In this mode, the SSID information has to be entered into the configuration of the wireless card so it can send the necessary connection request to the wireless access point and establish a connection. However, it is also advisable to change the name of the network to something other than the preset name. This preset name is publicly available in the user manuals that come with the access point, so the hackers know it too.
Unfortunately, the SSID information can be discovered by a determined hacker with the right software on a wireless-equipped computer, so activating closed mode does not make things completely secure.
Set up MAC Filtering
Whether for wired or wireless use, every network card has a MAC address, a unique address that is allocated to each card during manufacture. It provides a way of identifying that network card independently of any other identity it may have. The MAC address of a network card will look something like this: 00-0E-3A-5C-69-35. This information is transmitted with every packet sent between a computer and the wireless access point.
sending computer will receive no response; therefore it cannot access the
wireless network. To allow a computer to access a network where MAC filtering is active, it is necessary to determine the MAC address of the computer’s wireless card and manually add it to the list of allowed addresses stored in the wireless access point.
To find the MAC address of a computer, see appendix 1.
Does MAC filtering make the network secure?
Unfortunately, the packets of data sent to the wireless access point contain the MAC address of the originating computer. A determined hacker using specialized software could ‘catch’ the packets going across the network on his own computer, record them and examine them to reveal this address. He could then use
software to falsify the MAC address of his own wireless card so that it appeared to contain a valid MAC address that is listed in the Mac Filtering table. The wireless access point sees it as a valid address and then the hacker can connect to the network. So, by itself, MAC filtering is not sufficient to protect your network from a determined hacker.
Enabling WEP
WEP, Wireless Encryption Protocol, adds encryption to the wireless network. This means that data sent across the wireless network is no longer in a readable format whilst in transit, but is decoded back into a readable form by the receiving device. Thus, if a data packet is ‘caught’ whilst in transit, the data in the packet is encoded and thus unreadable. A hacker can no longer replace the MAC address unless he knows how to decode the original address correctly.
WEP provides a significant improvement in security, but it is by no means perfect. In the UK, a 48-digit key is used to encrypt the data. Whilst the thought of
working out the correct 48 digits might seem highly unlikely, this is not difficult with a fast computer, so the encryption is considered ‘crackable’ if one is
determined enough. The way that the data is encrypted is public knowledge, and modern computers are consider fast enough to ‘crack’ the encoding simply by going through every possible combination until the answer is found – a 48 digit key could be ‘cracked’ in a few hours.
Enabling WEP does have one disadvantage: since the network packets are now encrypted, they take time to encode and decode so the network will run slower than if WEP is disabled.
Some security is a must
For a small network environment, enabling all these three features (closed mode. MAC filtering and WEP) should give adequate security. Not enabling any of these features leaves your network open to abuse and misuse and is not recommended. Changing the security settings is usually achieved through a web browser on a computer connected wirelessly (or sometimes directly) to the wireless access point.
Instructions on how to do this will be in the manual that comes with the wireless access point. The manual will tell you the factory-set IP address of the wireless access point (for example 192.168.1.1), and you should enter this into the address field of your browser. Usually you will be then prompted for a user name
and a password (the manual will give you the factory settings for these) and you should then see something like the display below.
Depending on the manufacturer of your router, your browser display may be different from this.
The highlighted area shows the security features discussed previously. The SSID name of this access point is scr1b3s. Beacon packets are disabled (SSID
broadcast is set to Disable) and WEP is turned on (Mandatory).
It is often necessary to restart the router once these values have been applied; the manufacturer’s instructions will say what is necessary.
Firewalls and Virus protection
The importance of having a firewall to protect your LAN from bad or unwanted data has been discussed previously. Most wireless or wired broadband routers designed for use in small networks will implement NAT, which as explained previously does provide a degree of protection to computers on the LAN, as it ‘hides’ them from the Internet.
Once a connection is made to the Internet, a large number of ports or channels of connection become available for communication between computers; these are normally closed if they are not in use. Ports are fundamental to the working of the Internet, and specific services are established through these ports or
SSID Name of this Wireless access point
Disable the transmission of beacon
packets
as Internet Explorer or Outlook running on the user’s computer, and closed when these programs are closed. Normally, the user would not know which ports have been opened when, as there is no normal way of displaying such information on screen.
A hacker can make use of an open port to compromise the user’s computer. One way this can be done is by creating a program that opens an unused port, then uses a virus to install this onto a user’s computer. He then uses another program on his computer to communicate with the opened port and gain control of certain elements of the user’s computer This is known as a ‘back door’ program and was the technique used with the virus ‘W32/MyDoom-E’, which allowed outsiders to connect to TCP port 3127 and control the infected computer. In the case of MyDoom, it searched for e-mail addresses contained in files on the computer’s hard disc and then sent rubbish e-mails – containing a copy of itself – to the addresses it had found.
A good firewall can reduce the risk of such an attack by preventing information going to or from unused or lesser-known ports. It does this by closing all ports on the connection to the Internet except for those that use well-known ports such as those used for web and e-mail. If a user’s computer does become infected, then the virus will not be able to communicate with the hacker’s computer on the Internet, as the firewall has closed the port for transmission. Most firewalls are now set up so that, when they are taken out of the box, only a few of the well-know ports are open. The rest are closed, thus minimizing the chance of
interference. However, you would be advised to check the firewall settings to see if they are set up to maximize your security.
Installing virus management software on each computer will in most cases prevent infection from virussed e-mails or web sites, although it may not protect a computer if it is a very new virus that is not recognized by the virus protection software. Even so, it is strongly recommended that such software be installed on every computer on the LAN to minimize the risk of virus attack.
The most reliable kind of virus software is one that automatically checks for new virus information over the Internet, rather than leaving this task for the user to remember to carry out on a regular basis. If there is a file server on the network, this should have virus software installed too.
The need for adequate virus protection and correct setting of the firewall is vitally important to the health of your network, whether it is wired or wireless.
Appendix 1 Setting up your computer to use DHCP
Setting up your computer to use DHCP (Windows XP)
To obtain IP addresses automatically via DHCP, open Network Connections from within Control Panel and right-click on the Wireless Network Connection to reveal the menu.
Selecting Properties opens the Wireless Network Connection Properties.
Highlight the Internet Protocol (TCP/IP) item and click on Properties, to open the TCP/IP Properties box.
Clicking on the option to “Obtain an IP address automatically” will turn on DHCP.
Setting up your computer to use DHCP (Windows 2000)
To obtain IP addresses automatically via DHCP, open Network and Dial-up Connections from within Control Panel and right-click on the Wireless Connection to reveal the menu.
Selecting Properties opens the Wireless Properties.
Highlight the Internet Protocol (TCP/IP) item and click on Properties, to open the TCP/IP Properties box.
Clicking on the option to “Obtain an IP address automatically” will turn on DHCP
When you click the OK button, your computer should prompt you to restart. It is advisable to do this immediately to check that you have set this up correctly.
Setting up your computer to use DHCP (Mac OSX)
From the Apple Menu, select System Preferences and choose the TCP/IP control panel. Make sure that the ‘Connect via’ pop-up is set to Airport, the internal wireless card of the Macintosh.
On the ‘Configure’ pop-up, select Using DHCP Server.
In the DHCP Client ID field, enter the IP address of your DHCP server. If you are using the DHCP services in your broadband router, use the LAN address of the broadband router. Unless you have altered this in the router set-up, it will be the factory preset address.
Setting up your computer to use DHCP (Mac OS9)
From the Apple Menu, select Control Panels and choose the TCP/IP control panel. Make sure that the ‘Connect via’ pop-up is set to Airport, the internal wireless card of the Macintosh.
On the ‘Configure’ pop-up, select Using DHCP Server.
In the DHCP Client ID field, enter the IP address of your DHCP server. If you are using the DHCP services in your broadband router, use the LAN address of the broadband router. Unless you have altered this in the router set-up, it will be the factory preset address.
Appendix 2 How to find the MAC address of a
personal computer
Finding the MAC address of a PC
On a PC, the MAC address of the card can be determined as follows: go to the MS-DOS prompt or command line and enter the command IPCONFIG /ALL. The information returned will be similar to the text below.
Windows 2000 IP Configuration
Host Name . . . : helpfulsystems Primary DNS Suffix . . . :
Node Type . . . : Hybrid IP Routing Enabled. . . : No WINS Proxy Enabled. . . : No Ethernet adapter Local Area Connection 5: Connection-specific DNS Suffix . :
Description . . . : Realtek RTL8180 Wireless LAN (Mini-)PCI NIC #2
Physical Address. . . : 00-50-FC-83-BC-22 DHCP Enabled. . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.36.188 Subnet Mask . . . : 255.255.0.0 Default Gateway . . . :
DNS Servers . . . : Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . :
Description . . . : Intel 8255x-based PCI Ethernet Adapter (10/100)
Physical Address. . . : 00-00-39-38-E7-09 DHCP Enabled. . . : No IP Address. . . : 192.168.1.212 Subnet Mask . . . : 255.255.255.0 Default Gateway . . . : 192.168.1.1 DNS Servers . . . : 195.40.1.36 212.135.1.36 Primary WINS Server . . . : 10.0.0.1 Secondary WINS Server . . . : 10.0.31.135
Many computers have a wired Ethernet port installed as well as a wireless card, so there may be two entries, as you can see in the above results. The MAC address of the wireless card is in the first block of information – this is apparent from the description
Description: Realtek RTL8180 Wireless LAN (Mini-)PCI NIC. The MAC address is on the line below the description
Physical Address: 00-00-39-38-E7-09
Once this address information is added to the MAC filter table, and filtering is enabled, only devices whose addresses are recorded in this table can access the system.
Finding the MAC address of a Macintosh
If you have Apple Macintosh computers in your network, they will almost certainly have an Apple Airport card installed. The MAC address of the airport card will be available in the System Profiler if your Macintosh runs the OS9 operating system, or in About This Mac (more info) if you are running OSX.
If you have Apple Macintosh computers in your network, the MAC address of the airport card will be available in the Airport application (OS9). The airport pane is shown below – the arrow indicates where to find the MAC address of the airport card.
For a Macintosh running OSX, you need to go to About This Mac and then click on the more info button. The MAC address is then found by selecting the Network item in the navigator pane on the left of the window. The arrow indicates the MAC address of the airport card.
Glossary of Terms and Acronyms
ADSL Asymmetrical Digital Subscriber Line
ADSL Modem A broadband modem for connection to a telephone line that is enabled for ADSL services.
Asymmetrical Digital Subscriber Line
A method of providing a broadband connection to the Internet over a normal telephone line, allowing concurrent use of the telephone line for voice and data at the same time.
(The speed of the connection is normally defined as the outgoing speed from the exchange (i.e. Internet) to the user, which is normally several times faster than for
information sent from the user to the exchange; hence the use of the term ‘Asymmetrical’.)
Broadband
Connection Normally refers to a high-speed connection to the Internet.(Some ISPs offer a broadband connection speed as low as 128 kbps. For a connection shared by a number of
computers, we would recommend a broadband connection with a minimum of 512 kbps.)
Cable Modem A broadband modem for connection to a cable broadband service
DHCP Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
A service that can be provided from a file server or
broadband router that allows computers and other network devices to automatically obtain a temporary IP address when they connect to the network.
Firewall A software or hardware device that prevents unwanted traffic moving between two networks. Normally used to reduce the risk of hackers intruding into a local network or individual computer. Requires considered configuration for maximum security.
IEEE 802.11
standards One set of electrical standards that define and establish themethods where wireless devices can communicate with each other.
Network Address
Translation A mechanism for sharing a single Internet address amongsta number of computing devices on a LAN. It also provides a means of ‘hiding’ local addresses on the LAN from the Internet, so adds to LAN security.
Router A software or hardware device that connects two networks together and controls how information is exchanged between the networks
WAP Wireless Access Point.
WIFI A set of standards defined by a group of wireless network equipment manufacturers to ensure compatibility between systems. Compliance to the standard is ensured through practical testing
Wired Network A network of computing devices connected together using cable
Wireless Access
Point. A device which connects a number of wireless equippedcomputers to a wired network Wireless network A network of computing devices connected together without
