How to build the ultimate wireless network

[dhilipkumar]

How to build the ultimate wireless network

Wi-Fi standards can be a confusing, ever-changing subject, especially when manufacturers engage in a war of buzzwords regarding the latest frivolous features. You can safely ignore most of those marketing terms -- especially ones that are trademarked. With that out of the way, let's look what you do need to know to choose a wireless router, configure a network, and get started.

Select a wireless router

These days, you should buy a router that uses the 802.11n wireless standard. But there are a few caveats. This Wi-Fi protocol is backward-compatible with 802.11g and 802.11b; if you or a visitor uses a laptop based on one of those older technologies, the machine will work with your new router so long as you configure the router for backward compatibility. The 802.11n spec reaches farther and transfers data faster than the other two Wi-Fi methods; nevertheless, it has not yet received official approval as a standard.
The final 802.11n specifications are expected to appear in 2010, so technically you'll be buying a draft 802.11n router. There's a very small chance that current routers won't work with the final standard; but since the companies that sit on the 802.11n decision board have been selling their versions of those chips, they are unlikely to rock the boat much at this point. Instead, a free firmware release will likely update today's routers to the final approved specification.

It's a good idea to choose a dual-band router. Such routers divide traffic over two areas of the wireless spectrum, 2.4GHz and 5GHz. This arrangement basically opens up an extra lane for communications so the network can handle more data at once, and at faster speeds. Many routers, such as the Linksys Simultaneous Dual-N Band Wireless Router (WRT610N), can divide traffic over two SSIDs (service set identifiers--aka network names), letting you put slower or lower-security 802.11b devices on their own loop. Other routers, such as the Netgear Rangemax Dual Band Wireless-N Gigabit Router (WNDR3700) let you isolate traffic on the two wireless networks. This is ideal for leaving an open segment as a neighborly gesture, while closing off file sharing to your PCs.

You should base the remainder of your buying decision on the router's ports. Even though theoretically you could set up a wireless-only system, your network will likely consist of a mixture of wired and wireless devices. Wired connections are still optimal for speed, simplicity, reliability, and security.
Some routers include a USB port, too. Consult the documentation for the specific model you're considering purchasing for details of its use; typically, you can connect the USB port to a printer or hard drive to bring those devices onto the network. If those features match your needs, the extra cost is justified. If not, focus on the abilities discussed earlier.

If range is crucial in your setup, be sure to get a router that has an external antenna port, and don't naively rely on the broadcast distance advertised on the packaging. Many factors influence a router's range, including the structure of the surrounding building and interference from neighbors. If you're trying to blanket an entire house -- or backyard -- you may have to buy a second access point.
computerworld

Many wireless routers still include 100Base-T Ethernet, instead of the speedier gigabit (1000Base-T) standard. Look for a model that incorporates the higher gigabit speed so that your network can keep wired traffic blazing along. Even while streaming high-definition video around your home, you'll be able to share other files without a slowdown. For maximum benefit you'll have to use gigabit ethernet computers, but you could upgrade your 100Base-T clients subsequently, since they (and 10Base-T clients) still work with faster hardware. Routers commonly include about four Ethernet ports. Get more if you need them (and if you can) -- or see my instructions at "Use a Switch to Add More Ports," to increase the number later on.

[dhilipkumar]

Configure your router
Most routers come packaged with an installation disc, but I suggest putting it aside and configuring your router manually through a Web browser. Installation CDs are convenient for novices, but you'll typically get better access to advanced setup options through the browser interface. In addition, you can access that interface from any of your connected computers without having to bother with a disc. Once you've learned how to configure the network through the browser interface, you'll be far better prepared if something goes wrong with your network later on. The exact process varies slightly with each brand and model, but the menu options on most of the leading brands are quite similar. Here's how to get started.

For maximum range, position the router on a high shelf or mount it near the top of a central wall. Connect an ethernet cable between your broadband modem (be it cable or DSL) and the router, so that it leads to the router's Internet port. To ensure high-quality throughput, stick with Cat-5e or better cables for all connections. Don't bother with bargain-basement cables. Connect a second ethernet cable between any of the router's LAN ports and your PC. If you use a laptop to configure your router, you'll unplug this cable at the end of the process, when you're ready to connect wirelessly.

The first detail you'll need to know about your router is its IP address. Sometimes this is printed on a sticker somewhere on the router itself. If not, you can locate it in the Windows Network Connections control panel. The Local Area Connection listing should read 'Connected', since your router will default to DHCP (dynamic host configuration protocol). Double-click this connection and select the Support tab. Remember or record the Default Gateway IP address. (It's most likely to be either 192.168.1.1 or 192.168.0.1.)

Open a Web browser and enter your router's IP address into the address field. You'll be prompted for a user name and a password. Consult your printed router documentation to obtain these details.

Once inside, you can control all of the router's settings. First, change the router's admin password, since anyone could currently access your router (and network) simply by entering a series of commonly known default log-ins. Check for an Administration tab, where you'll make the change. Enter the new password and then click the appropriate button to save your changes. Afterward, you'll be dumped out of the log-in screen; log back in with the new password.

Next, change the router's internal subnet and IP address. This will provide a mild layer of security, but more important it will help you avoid conflicting IP addresses on complicated networks. Go to the basic settings area and change the IP address to 192.168.x.1, where x is any new number between 1 and 254. Write this number down, save the changes, and log back into the router, using the new IP address as the URL. (You might need to wait a moment while the router restarts, now and each subsequent time you save changes.)

Now change the SSID and enable Wi-Fi encryption for your first significant layer of security. Nothing looks quite so inviting to hackers as a default-named network. Look first for a wireless configuration area and basic settings; disable Wi-Fi Protected Setup if needed. Change the network name to something unique. In addition, I like to disable the SSID Broadcast; adds only a very thin layer of extra security, since savvy users can easily find hidden networks, but at least your network won't appear to most other computers by default. If you're using 802.11n hardware on the PCs and router, enable the 40MHz, wideband broadcast. (Disable it or set it to 'auto' if you notice network problems; these are most likely to be due to interference from neighbors' networks.) Click the Save button to save the changes.

Wi-Fi traffic without a password is unencrypted, which means that someone in the vicinity of your network could easily intercept and read your data. Block this hole by enabling WPA2 Personal security, usually in a Wireless Security tab. Enter a long password with a mix of numbers and letters. Save the changes.

If your router -- or client device -- supports only WPA or WEP, you can use one of those standards instead. Be aware, though, that they are significantly less secure than WPA2. A better alternative is to use multiple access points or a single one that can broadcast to multiple SSIDs, and then to put the at-risk hardware on its own separate network

[dhilipkumar]

Connect client devices
Wireless PC clients often include configuration software from the Wi-Fi hardware company as well as the Windows Control Panel app. You can connect clients with either program, but I'll focus on the built-in Windows tool. Just make sure that you look through the extra software for an option to let Windows control the network settings.
Open the Network Connections Control Panel, and right-click the Wireless Network Connection. Select Properties. Then select the Wireless Networks tab, and click Add. Enter the SSID for the network, and click the box labeled Connect even if this network is not broadcasting. Choose WPA2 for Network Authentication. Set Data encryption to AES, and click OK twice. Again double-click the Wireless Network Connection in the Control Panel, and choose the wireless network. Click Connect. Enter the network password, and click Connect. The PC will save the password, and in the future it will reconnect automatically.

Control client connections with MAC address filtering
An optional additional layer of wireless security known as "address filtering" checks connected devices against your own list of approved items; then, even if someone has your network password, the router won't let unapproved hardware gain access to the network. The list relies on the unique MAC (media access control) address assigned to each piece of hardware at the factory. Like the other layers of security, this one isn't impregnable. Theoretically, hackers could change their MAC address to match one of your friendly IDs, if they knew what it was. But such an attack is pretty unlikely to succeed (or occur), especially when you combine MAC address filtering with the previous security steps.
Address filtering does introduce an extra step to the process of connecting new devices to your network, but in return you get a little more peace of mind. Don't imagine that address filtering is equivalent to encryption, however: It doesn't prevent interlopers from intercepting your transmissions as WPA2 does.

To get started, connect all of your wireless clients to the network, using your WPA2 password. Remember to include PCs, smart phones, wireless game systems, media-streaming hardware, and other linked devices.

Revisit the configuration page for your wireless router, and enter your administrative password to log in. Look for an option to configure MAC address filtering (sometimes called "network filtering"), most likely inside the router's wireless settings area. Enable the filter, and set it so that it permits only identified MAC addresses to gain access to the network. Many routers have a button that shows all connected devices and lets you add them automatically. If not, before you enable the filter, copy the MAC address form the DHCP client table; it is often listed there under a Status (or Wireless Status) heading. Save the changes and wait for the router to restart if necessary.

In the future, you'll have to type the MAC addresses for any new device you wish to add to your network. You can quickly look up a laptop's MAC address by clicking Start, Run, typing cmd and pressing OK. Then type ipconfig /all and press Enter. Look for the set of six pairs of numbers and letters in the ethernet adapter Wireless Network Configuration area.


Firewall security

Your router likely includes a firewall consisting of two parts: network address translation (NAT) and stateful packet inspection (SPI). In most instances, NAT is turned on by default. This method of routing lets Internet traffic connect to the router with a single, external IP address; the router controls which internal computers send and receive information. SPI takes this a step further, ensuring that incoming data is arriving in response to requests from your internal PCs. Turn on the SPI firewall in your router's configuration page (most likely under a security tab). With SPI enabled, the router will ignore traffic that you didn't request.

Sometimes, these settings block traffic -- such as a game or other application--that you want. If you're having trouble with certain programs, change the port-forwarding settings. Essentially, this amounts to adding the external port for a program that the router is blocking, and entering the internal IP address for that PC. (Many common port numbers can be found online.)

[dhilipkumar]

Use a switch to add more ports

Few home networks need more Ethernet ports than the four built into a typical router. But small-office networks can quickly outgrow those four ports as additional PCs and network-equipped printers come aboard. Instead of buying more routers, try adding a simple, inexpensive switch. Technically, you could use hubs to split off more ports, but they're clumsy with traffic: They can't simultaneously transmit and receive packets, and that data gets broadcast everywhere. As a result of these traits, packets collide and have to be resent, which slows down your network. Instead, use a switch.
Switches can send and receive data at the same time. Try to buy one that includes enough ports for your needs. But if you run out of room on it, just add another switch. It is best to pick one that uses gigabit ethernet. Even if you currently use 100Base-T hardware, you can grow into the faster speed with new devices in the future. Avoid 10Base-T switches. Installation is simple: Just connect an ethernet cable between the router and the switch, and then connect new devices to the switch's free ports.

Extend a wireless network to a wired device

If you have Ethernet-only devices that you would rather connect to your network wirelessly, use a network bridge instead of stringing cables. The wireless bridge method can work very nicely with an Xbox 360, a TiVo, or other wired devices. Though I prefer the simplicity and speed of a wired network, wireless sure looks more attractive. Here's how to get started.

The process mirrors the wireless router setup. First connect a PC directly to the bridge via Ethernet. (Temporarily disable the PC's Wi-Fi if necessary.) Since the bridge won't be broadcasting a DHCP address, though, you'll have to configure your PC's Ethernet details manually. Open the Network Connections Control Panel and right-click the Local Area Connection. Select Properties. Double-click Internet Protocol (TCP/IP), and click the radio button for Use the following IP address.

Consult the bridge documentation to see which address it uses by default. Enter an IP address with the same first three sets of numbers but with a different fourth. For example, the Netgear 5GHz Wireless-N adapter (WNHDE111) defaults to 192.168.0.241, so I set the PC IP address to 192.168.0.2. (Pick any number between 2 and 254.) Leave the Subnet mask as 255.255.255.0, unless Windows assigned it a new number. Click OK twice.

Enter the bridge IP address into a Web browser, and connect to its configuration page. Configure its wireless settings to match those of your wireless network, applying the same SSID and encryption details. Leave the bridge set to receive DHCP details from your router.

Restart the bridge, and switch your PC back to DHCP by opening the Local Area Connection again in the Network Connections Control Panel. Double click Internet Protocol (TCP/IP), and click the button to Obtain an IP address automatically. If the PC can get online, unplug the ethernet cable, and attach the bridge to your wired-only device. If you run out of ports, add a switch, just as you would on a wired segment of the network
computerworld.com