To connect your access point to the Internet, use a straight-through Ethernet cable to plug the access point's WAN port into your cable modem, DSL modem, router, or whatever piece of equipment in your home or office that is responsible for providing Internet access. After you plug it in, turn on the access point's switch (assuming it has one ? some access points can only be powered down by unplugging them), and it will power up, perform its initialization, and then request a DHCP address from the cable or DSL modem or router.
To configure the wireless router, connect your computer to one of the wireless router's LAN ports using a straight-through Ethernet cable (if your computer has an autosensing Ethernet port, you can use either a straight-through or crossover cable). For the Linksys BEFW11S4, load the following URL in your web browser: http://192.168.1.1/. For the D-Link DI-714P+, use http://192.168.0.1/. When prompted for a username and password, use "admin" as your username and leave the password field empty.
Bypassing a Proxy Server
If you use a proxy server to connect to the Web, ensure that you bypass the router's IP address or you may not be able to connect to the web-based configuration utility.
To do so, go to Internet Explorer and follow these steps:
Figure 5-19 shows the web-based configuration utility of the BEFW11S4.
Figure 5-20 shows the web-based configuration utility of the DI-714P+. There are several tabs displayed horizontally: Home, Advanced, Tools, Status, and Help. Corresponding to each tab are various functions displayed vertically. For example, in the Home tab there are five functions: Wizard, Wireless, WAN, LAN, and DHCP.
To quickly set up the DI-714P+, I suggest you run the wizard. Click on the Run Wizard button and take the following steps:
Change the password of the DI-714P+ (see Figure 5-21). Failing to change the default empty password will allow unauthorized users to access the router and make modifications that compromise the security of the network.
Choose the time zone settings for your router.
Select the Internet connection type (see Figure 5-22). Choose Dynamic IP Address if your wired network supports DHCP. In a case where you are allocated a fixed IP address, choose Static IP Address. Most ADSL/DSL users will choose "PPP over Ethernet".
Depending on the connection type you have selected in Step 3, you will be asked to enter information pertaining to the selected connection type. Figure 5-23 shows the window displayed if you select Dynamic IP Address in Step 3. You can clone your network card's MAC address here.
Enter an SSID for your network. You can also set a channel to use here (see Figure 5-24). If you have multiple access points in a network, set them to use nonoverlapping channels (see Chapter 2 for more information on nonoverlapping channels). For WEP encryption, you have three choices: 64 bits, 128 bits, or 256 bits. Depending on the strength of the encryption, you would need to enter 10, 26, or 58 hexadecimal (0 to 9, A to F, or a to f) characters.
That's it! Restart (switch off and switch on the router) the DI-714P+ for the new settings to take effect. Now, use an Ethernet cable and connect the WAN port of the DI-714P+ to the switch (or directly to the customer premise equipment supplied by your ISP, in case the DI-714P+ is the only switch you plan to use). You should now be able to use your computer with a wireless card (see Chapter 2) to connect to the Internet through the DI-714P+.
The configuration screen for different access point models, as well as access points from other manufacturers, will vary somewhat. The remaining sections explain how to accomplish common tasks with the web-based configuration.
The SSID (Service Set Identifier) gives your access point a name (see Section 2.2.2 in Chapter 2). If you intend to let strangers connect to your access point, I suggest you give your SSID a friendly name such as "welcome." (If you don't, be sure to see Section 5.4.4 and Section 5.4.11 in this chapter).
To change the SSID of the BEFW11S4, click on the Setup tab, enter the new SSID, and select the appropriate channel number. To change the SSID of the DI-714P+, click on the Home tab and select the Wireless option.
If you have multiple access points in close proximity to one another, you should set them to broadcast on different channels. To change the channel number of the BEFW11S4, click on the Setup tab, enter the new SSID, and select the appropriate channel number. To change the SSID of the DI-714P+, click on the Home tab and select the Wireless option.
You can also enable WEP encryption to secure your wireless network. If you use WEP, users will not be able to connect to your network unless they know (or can obtain) the WEP key. Chapter 4 goes into more detail about using WEP (and stronger systems) to secure your wireless network.
To enable WEP on the BEFW11S4 (64- and 128-bit keys are supported), click on the WEP Key Setting button. You can specify up to four keys for WEP. You can also enter a passphrase to get the router to generate the four keys required. To enable WEP on the DI-714P+ (64-, 128-, and 256-bit WEP keys are supported), click the Home tab and select the Wireless option. As with the BEFW11S4, you can specify up to four keys.
By default, when a wireless client connects to the access point, it is assigned an IP address by the access point. The default LAN IP address for the BEFW11S4 itself is 192.168.1.1. The default IP address for the DI-714P+ is 192.168.0.1.
You can modify the default LAN IP address of the BEFW11S4 by clicking the Setup tab and selecting the LAN IP Address option. You can modify the default IP address of the DI-714P+ by clicking on the Home tab and selecting the LAN option.
When the default IP address is changed, the range of allocatable IP addresses also changes. To learn how to change the range, see Section 5.4.7.
Forgotten the IP Address of Your Wireless Router?
Suppose you have changed the LAN IP address of your wireless router and a month later you need to configure the router again. But, what is the IP address of the router? If you've forgotten, there are two ways to solve this problem:
But what if you have forgotten your password to the router? Well, then the first option is the only solution!
The BEFW11S4 supports five ways to obtain a WAN IP address:
Under this configuration, your ISP assigns you a different IP address periodically using DHCP.
With this configuration, your ISP gives you a static IP address. This is often found with commercial and hobbyist accounts where there's a need to run servers (such as a web or gaming server).
This is a protocol used by many ADSL providers to encapsulate the Point-to-Point Protocol (PPP) within Ethernet. Among other things, it allows multiple users to be serviced through a single DSL modem.
This is a protocol used by Windows for remote access. SingTel, a large ISP in Singapore, uses this.
This is a protocol used for Virtual Private Networks (VPN), and is commonly used to establish a secure connection to a corporate network.
If your ISP allocates an IP address to you automatically, choose "Obtain an IP address automatically". If you use a static IP address, choose "Static IP". For most ADSL/DSL modem users, choose "PPPoE".
The DI-714P+ also supports Dynamic IP Address, Static IP Address, PPPoE, and PPTP.
DHCP automatically assigns IP addresses to machines that connect to your access point (for more information, see the earlier DHCP and NAT).
To enable or disable the DHCP server on the BEFW11S4, click on the DHCP tab. For the DI-714P+, click on the Home tab and then click on the DHCP option.
The BEFW11S4 assigns IP addresses (if the DHCP server is enabled on the router) to all its wireless clients from a default range of 192.168.1.100 to 192.168.1.149 (50 users). The DI-714P+ assigns IP addresses to its clients from a default range of 192.168.0.100 to 192.168.0.199 (customizable).
Disabling the DHCP server on the access point requires all clients that connect to the router to have their own static IP addresses. This makes it slightly harder for unwanted users to connect to your network.
A hacker who knows the default password on your access point and who can manage to connect to your network will have full control over your network, and all the other security precautions that you have taken (such as using WEP and disabling DHCP) could come to naught.
To change the Administrator password on the BEFW11S4, click the Password tab. To change it on the DI-714P+, click the Tools tab. I suggest you change the Administrator password frequently.
By default, the access point will broadcast its SSID to all wireless clients. Anyone in the vicinity with a wireless-enabled computer now knows that you have a wireless network. In order to minimize the chances of allowing uninvited people to connect to your wireless network, it is advisable that you disable the SSID broadcast feature.
To disable the SSID broadcast on the BEFW11S4, select the Setup tab and choose "No" in the "Allow `Broadcast' SSID to associate?" option.
As of this writing, the DI-714P+ does not have the option to turn off the SSID broadcast.
If you need to check on the status of the BEFW11S4, click the Status tab. The Status tab will display information on the following options: LAN and WAN Information such as IP addresses and subnet mask will also be displayed. This is a useful option to troubleshoot network problems that may sometimes occur when you connect the BEFW11S4 to the network.
You can also renew your IP address and see the IP addresses in use by computers on your network (these are assigned by the BEFW11S4's built-in DHCP server) in the Status tab.
If you need to check on the status of the DI-714P+, click the Status tab. The Status tab will display information on the following options: LAN, WAN, Wireless, and Peripheral. Information such as IP addresses and subnet mask will be displayed. This is a useful option to troubleshoot network problems that may sometimes occur when you connect the DI-714P+ to the network.
SNMP (Simple Network Management Protocol) is a protocol used to monitor network devices. Some access points, such as the DI-714P+, will send SNMP messages (known as traps) across the network. You can configure the DI-714P+ to send SNMP messages by clicking Tools and then clicking SNMP.
To receive SNMP messages, you'll need an SNMP monitoring program such as SNMP Trap Watcher (a freeware SNMP trap receiver available from http://www.bttsoftware.co.uk/snmptrap.html). For a comprehensive list of SNMP tools as well as more information about SNMP, see http://www.snmplink.org/.
One of the security measures you can take for your wireless network is to enable MAC address filtering. MAC address filtering ensures that only computers with the specified MAC addresses are allowed (or denied) access to the network. This can prevent wandering users from accessing the network.
You can use the ipconfig /all command to check for the MAC address of your wireless card. Most wireless cards have the MAC address directly printed on it. Figure 5-25 shows the MAC address printed on my Cisco Aironet 350.
To enable MAC address filtering on the BEFW11S4:
Click on the Advanced tab and then the Wireless tab.
Choose the Enable option in the Station Mac Filter section.
Click on Edit MAC Filter Setting.
Enter the MAC addresses of the wireless card/adapter to which you would like to grant access. If you want to prevent a particular device from connecting, check the Filter checkbox (see Figure 5-26). You can enter up to 32 MAC addresses. (Other routers from Linksys and other vendors may have a different limit.)
To enable MAC address filtering on the DI-714P+ (see Figure 5-27):
Click on the Advanced tab and then the Filter tab.
Choose the MAC Filter option.
Choose "Only allow computers with MAC address listed below to access the network".
Enter the MAC address of each computer to which you want to allow access and turn on the Enable checkbox.
Click the Apply button.
In some cases, you may want to punch a hole in your firewall to let users on the Internet access a service on one of your computers. For example, you may want to run a public web server on your network. However, when a remote user tries to connect to your public IP address, she'll be stopped dead in her tracks by your access point's firewall.
You can configure the access point to accept connections on a particular port and let one of your computers inside your network handle it. For this to be effective, you should configure that computer with a fixed IP address (otherwise, the access point's DHCP server may assign a different IP address each time). If you do this, make sure the fixed IP address is outside the range of DHCP addresses used by your router (see Section 5.4.7 earlier in this chapter), or you could end up with two computers on your LAN with the same IP address.
To open a port on the BEFW11S4:
Click the Advanced tab and select Forwarding.
Specify the port or port range, IP address, and whether the port should be open for TCP, UDP, or Both. If in doubt, select Both.
Click the Apply button.
To open a port on the DI-714P+:
Click the Advanced tab and select Virtual Server.
Specify the port or port range (for example, 80-81) and the IP address of the machine running the service, and turn on the Enable checkbox.
Click the Apply button.