Setting up an AirPort base station is slightly different depending on the type of base station you use: the AirPort HAP or an AirPort-equipped Mac OS X machine that provides Internet sharing.
The benefit of using an AirPort HAP is that it doesn't place any processing load on an individual Mac and is intended to run at all times, so the AirPort network is always available. It also provides the ability to share an Internet connection with devices to which it is networked using an Ethernet connection. The disadvantage of this device is its cost (currently $199 without a modem and antenna port or $249 with modem and antenna port direct from Apple). If you are going to use an AirPort network regularly to serve more than one or two machines, an AirPort HAP is a good investment.
The benefit of using an AirPort-equipped Mac OS X machine as a base station is that you don't need to purchase any additional hardware (except for the AirPort card in the Mac that will act as the base station). You get most of the functionality of the AirPort HAP but don't have to support another dedicated device. Using this method does have several disadvantages, though. One is that it places additional processing load on the machine that acts as the base station. Another is that the network can be affected by the state of that machine. For example, if the machine is shut down or crashes, the network is taken down as well. Another is that a Mac acting as a base station doesn't support all the HAP's features, such as the option to add an antenna or to wirelessly link base stations together to increase the range of a network.
You can have multiple base stations operating in the same area at the same time to grow your AirPort network to be quite large.
Apple's AirPort Extreme hardware access point (also called the AirPort Extreme base station) is a relatively simple device. It contains a transmitter that broadcasts the signal over which the network is provided. It has two Ethernet ports. One is used to connect to a broadband Internet connection, such as a cable modem. The other is used to connect to a wired Ethernet network so the base station can also share its Internet connection with the machines connected to that network. Along with the power adapter port, if offers a USB port to which you can connect a USB printer to share that printer with an AirPort network.
The AirPort Extreme base station comes in two models. One offers only the ports described previously, but the other model also includes a 56K modem, enabling you to use it to connect to a dial-up Internet account, and an antenna port to which you can connect an external antenna to increase the range of a network.
The AirPort HAP also includes the software it needs to perform its functions.
The only reason I use the term HAP is to distinguish between a dedicated hardware device and using a Mac as a base station. In practice, these devices are called base stations.
Setting up an AirPort HAP consists of the following two tasks:
Install the AirPort HAP.
Configure the AirPort network, including the Internet connection the base station will use to connect to the Internet.
There is not much to installing the AirPort base station.
First, you locate the device in a central area so it provides the maximum amount of coverage where you install it. In most houses, the AirPort base station provides adequate signal strength even if you locate it at one end of the house and place machines you want to network at the other end. However, the closer the machines are to the base station, the stronger the signal is.
AirPort Extreme signals don't offer the range that AirPort Standard signals do. If you want to provide AirPort Extreme services over a large distance (such as greater than 150 feet depending on the environment), you should get the base station model that includes an antenna port and add an antenna to it.
Of course, a major consideration for the location of the base station is where your Internet connection will come from. If you use a cable modem, you need to locate the device so that you can connect the cable modem to it. If you use a DSL modem, you need to locate the base station relatively close to the phone line port to which the DSL modem is attached.
After you have placed the base station in its location, attach its power adapter to the station and plug it in to a wall outlet. Attach the base station's modem port to a phone jack if you will be connecting to the Internet via a dial-up account. If you will be using the AirPort HAP to connect to the Internet via a cable or other broadband connection, connect the Ethernet (WAN) port on the AirPort HAP to the broadband modem.
The first generation of HAPs included only one Ethernet port. This meant you could use the hub as an Internet sharing hub for a wired or a wireless network, but not both. Either you had to connect the access point to the broadband connection and use only AirPort-equipped Macs to share the account, or you had to connect the hub to a wired network that already had a hub providing sharing services and have the access point share the connection as well. Fortunately, all AirPort Extreme base stations offer two ports as do newer AirPort base stations.
If you are going to use the base station to act as a sharing hub for an Ethernet network, attach an Ethernet cable to the station's network Ethernet (LAN) port. If you want to use the base station to network your Mac with a single computer, you can connect the Ethernet port on the other computer to the base station with an Ethernet crossover cable. Otherwise, attach a standard Ethernet cable to your base station and to an Ethernet hub.
Some modern Macs, such as the PowerBook G4, don't require the use of an Ethernet crossover cable. The port automatically senses whether it is connected to another machine or to a hub and communicates appropriately.
To learn more about Ethernet, see "Ethernet," p. 705.
If you want to share a USB printer with all AirPort-equipped Macs that can access the network, connect the printer's USB cable to the USB port on the base station.
After you have installed the base station, you need to configure it. You can configure it manually through the AirPort Admin Utility, or you can use the AirPort Setup Assistant to configure it for you. With either method, you configure the base station from a machine with which it can communicate either via AirPort or through an Ethernet network.
The machine you use to configure a base station must have an AirPort card installed in it to use the AirPort Setup Assistant. It does not need to have an AirPort card if it is connected to the access point via Ethernet.
To learn how to install an AirPort card, see "Installing an AirPort Card," p. 318.
Use the following steps to configure the base station using the AirPort Setup Assistant:
Configure the Internet connection on the Mac from which you will be configuring the base station in the same way that the base station is going to be configured. For example, if the base station will be using a dial-up account, configure the Mac using that account.
To learn how to configure a Mac for the Internet, see Chapter 10, "Connecting Your Mac to the Internet," p. 263.
Open the AirPort Setup Assistant (Applications/Utilities) to see the first window in the Assistant (see Figure 11.1).
Click the "Set up an AirPort Base Station" radio button and click Continue. The Select an AirPort network dialog box opens.
If you are configuring an access point that has already been configured and is protected by a password, you have to enter that password before you can proceed.
If the base station you are configuring has outdated software installed on it, the Setup Assistant attempts to update it. To do so, you must be able to connect to the Internet, which is sort of a Catch-22 in that it assumes that it is already configured and you are reconfiguring it. You can download the update to the Mac you are going to use to configure the base station and then the base station can update its software from there.
Choose the base station you want to configure from the "Available AirPort networks" pop-up menu and click Continue. If you have only one base station in range, it is selected automatically.
Enter the password for the base station you selected in the previous step and click Continue. If you are configuring a new base station or one that has to be reset, the password is public.
Some base stations have two passwords. One is to join the network, and the other allows you to configure the base station itself. If you are prompted to enter a second password, do so.
Click the "I am using another Internet Service Provider" radio button and click Continue. The Internet Access window opens (see Figure 11.2).
You can also use an AirPort base station to connect to an AOL account. If so, select the "I am using America Online" radio button in the previous step and follow the onscreen instructions.
Choose the method by which the AirPort base station will connect to the Internet. Most of the options are the same as when you configure a Mac to access the Internet. For example, to configure the base station's dial-up modem, click Telephone Modem and then click Continue. You see the Internet configuration of the machine you are using to set up the base station. For example, if you are configuring the dial-up account, you see the Modem Access screen. The information for the dial-up account of the Mac you are using is shown. The one that is not the same as when you configure a Mac is the Local Area Network (LAN) option. You should choose this one when you are connecting the access point to a wired network that already has Internet sharing services on it; in this case, the access point uses the same DHCP services to connect to the Internet as the other machines on the wired network.
If you have more than one network port configured for the same type of access, you see information for the port that has the highest priority. For example, if you have two dial-up accounts configured on your machine, you see the information for the one higher on the list of network ports in the Network pane of the System Preferences utility.
Make any changes to the Access window that you need to. If the Mac you are using can connect to the Internet using the same settings, you shouldn't need to make many changes.
If you are using a dial-up account, check the "Automatically dial" check box to allow the base station to connect to the Internet automatically when it needs to. In some cases, this setting is not carried over from the PPP Options area of the Network pane of the System Preferences utility.
When you use an AirPort HAP with a dial-up account on your only phone line, it is especially important that you set the configuration to disconnect automatically after a specific amount of idle time passes. Because you don't deal directly with the AirPort HAP, it isn't easy to tell when it is connected and your phone line might be busy without your knowing about it.
To understand how to configure the access option you selected, see Chapter 10, "Connecting Your Mac to the Internet," p. 263.
When you are done configuring the access method, click Continue. The Network Name and Password dialog box opens.
Configure the network you are creating by entering the network's name and the network password. Users will identify the AirPort network you are creating by its name and will need to enter the password you give your network to connect to it. You have to type the password twice to verify it.
Use the WEP Key Length pop-up menu to choose how the base station should encrypt data over the network. The options are 40-bit and 128-bit. The larger value is more secure.
Wired Equivalent Privacy (WEP) is an encryption strategy that attempts to provide wireless networks with the same level of protection that wired networks have. WEP does provide improved security compared to nonencrypted transmissions, but be aware that it does have some flaws, as do almost all security measures.
Click Continue to see the Base Station Password dialog box. This dialog box enables you to set a separate administration password for the access point. The network password you create should be different from the base station's network password. If you make them the same, anyone who uses the network will also be able to administer it (which might not be a problem if you are the only person using the AirPort network). If you want to use the same password for the network and the base station, click the "Use the same password" radio button and skip the next two steps.
Click the "Assign a separate password" radio button and click Continue.
Enter the base station password in the Base Station Password box and in the Retype password box; then click Continue. You see the Conclusion screen.
In the Conclusion dialog box, click Continue. The base station configuration is updated and the base station is reset. A dialog box stating that the configuration was successful appears (see Figure 11.3).
Click Done. The AirPort Setup Assistant quits and the AirPort network becomes available to any AirPort-equipped Mac within the access point's range.
If you see an error message stating that the required AirPort hardware was not found when you started the AirPort Setup Assistant, see "No AirPort Hardware Is Found" in the "Troubleshooting" section at the end of this chapter.
If you can't access the base station because you don't know the password, see "I Don't Know the Base Station Password" in the "Troubleshooting" section at the end of this chapter.
You should also know how to manually configure the base station. Manual configuration can be a better and more complete way to configure it. If you want to change only one aspect of a base station's configuration, using the manual method is the way to go. And, it can also be a faster way to configure a base station. For example, you need to manually configure a base station when you want to share an Internet account with other machines on an Ethernet network or to use the AirPort base station as a bridge between the wireless network and a wired one (for example, to allow AirPort-equipped machines to use a printer connected to a wired network). You use the AirPort Admin Utility application to configure an access point manually. You can do so with the following steps:
The original Graphite base station did not include a LAN port that you could use to connect the station to a wired network at the same time you connected it to a broadband modem. Because of this, its configuration is slightly different from the newer Snow and AirPort Extreme base stations. The most significant difference is that you have to configure a Graphite base station to provide services to a wired network. This is explained in the "OS X to the Max" section at the end of this chapter.
Open the AirPort Admin Utility (Applications/Utilities). The Select Base Station window opens (see Figure 11.4).
Select the base station you want to configure and click Configure (if there is only one base station in range, it is selected automatically).
If you get an error message when trying to configure your base station manually, see "I Can't Configure My Base Station Manually" in the "Troubleshooting" section at the end of this chapter.
If the base station has been reset, you see a dialog box informing you that the base station has been reset and is not currently configured. (If the base station has not been reset, you won't have to do this step.) Click Automatic and then authenticate yourself using an administrator name and password. The software reconfigures the base station and restarts it. When it is complete, you return to the Select Base Station window. Click Configure again.
When you have problems with a base station, sometimes you must reset it so that it returns to its default settings (in effect, you start over).
You next see a window that has the base station name as its title (see Figure 11.5).
This window has the following controls:
Restart? This button causes the base station to restart. You must do this occasionally if you are experiencing problems.
Upload? This button enables you to upload revised software onto the base station to update it.
Default? This returns the base station to its defaults.
Password? Use this button to change the base station's password.
Show Summary? This presents the summary window for the base station, which is the default view. This view presents information about the base station at a summary level. This includes the station's name, its firmware version, the channel it is using, and so on.
Name and Password? This button enables you to change the name and password for the base station.
Internet Connection? This opens the tools you use to configure the base station's Internet connection.
Show All Settings? This button exposes a tabbed interface that enables you to access all the base station's configuration.
These steps assume the base station you are configuring has been configured previously. If not, the steps might be slightly different.
Click the Show All Settings button. This opens all the configuration areas for the base station and presents a tabbed interface (see Figure 11.6).
Select the AirPort tab if it isn't selected already. On this tab, you can change the identification information for the base station and configure how it serves its network.
Enter the base station name (this is the name of the hardware, not the name of the network it provides) in the Name field, the contact for the base station in the Contact field, and the station's location in the Location field (this information can help users contact you for help).
To change the base station's password (not the network's password), use the "Change password" button. In the resulting sheet, type and verify the new password and click OK.
If you want to configure various aspects of the base station's security settings, click the WAN Privacy button. Use the resulting sheet to select the security options you want to enable or disable. Generally, the more options you select, the less secure the network will be. Check the boxes for the options you want to enable and click OK. The available options are the following:
SNMP Access? The Simple Network Management Protocol network management service makes networks easier to manage, but it also makes them somewhat more vulnerable to denial-of-service attacks (where servers are overloaded because numerous, bogus requests for service are received). Generally, you should leave this option on.
Remote Configuration? This setting enables a base station to be configured over its WAN port. If you uncheck this box, you can configure the base station by connecting it to a LAN or by using an AirPort network.
Remote Printer Access? Use this option if you want printers to be accessible via the WAN port.
Default Host? If you want to be able to play network games over AirPort, check the Enable Default Host check box and enter the IP address of the machine that will act as the host for the game.
Enter the name of the network that will be provided in the Name field in the AirPort Network area of the window.
If the base station is already providing a network and you change the name or password of the network, people who use the network need to change the network they use. The new network name appears as an available network on the client machines, but you must provide the new password to those whom you want to use the network.
If you want to create a closed network, check the "Create a closed network" check box. A closed network does not appear on other users' AirPort menus. To join closed networks, users have to know the name and password for that network (because they can't see the network on a menu). Using a closed network is a good way to keep your network more secure.
Use the "Enable encryption (using WEP)" check box to encrypt data over the network. You should usually leave this check box enabled.
Wired Equivalent Privacy (WEP) is an encryption strategy that attempts to provide wireless networks with the same level of protection that wired networks have. WEP does provide improved security compared to nonencrypted transmissions, but be aware that it does have some flaws as do almost all security measures. If the information that is transmitted over your network is very sensitive, you should use WEP to provide at least some protection.
Use the "Change password" button to change the network password. In the resulting sheet, enter the password and verify it. Then choose the level of encryption you want to use on the WEP key length pop-up menu. Click OK to return to the Base Station window.
Use the Channel pop-up menu to select the channel over which the base station communicates. Generally, the default channel works fine, but if you are having trouble communicating with devices, you can try different channels to improve signal transmission and reception. If you have mulitple AirPort networks in the same area, you can use the Channel pop-up menu to have each network use a different channel so that they don't interfere with one another.
If you are configuring an AirPort Extreme base station, use the Mode pop-up menu to choose the wireless standard used on the network. Use 802.11b/g Compatible to make the network available to both 802.11b (AirPort) and 802.11g (AirPort Extreme) devices. You can also select 802.11g only or 802.11b only. You use one of these options if you want to restrict the network to one of these protocols for some reason.
Click the More button to see the More sheet (see Figure 11.7). These settings control the physical properties of the base station's signal. Generally, the default settings will work fine. However, if you have problems providing a network, you can adjust these settings, such as the multicast rate, to obtain better performance.
Use the "Multicast rate" pop-up menu to set the multicast rate. Choosing a higher value improves performance but also reduces range.
Use the "Enable interference robustness" check box to make the AirPort signal less sensitive to interference.
Use the Transmitter Power slider to change the strength of the base station's signal. If many base stations exist in the same physical area, reduce the signal strength to limit the interference of these stations with one another. You can also reduce the strength to limit the size of the AirPort network's coverage.
Click OK to return to the Base Station window.
Click the Internet tab and configure the base station for Internet access. This works similarly to configuring a Mac for Internet access. Choose the connection method from the Connect using pop-up menu and then enter the settings you want to use in the lower part of the window.
To learn how to configure a Mac for the Internet, see Chapter 10, "Connecting Your Mac to the Internet," p. 263.
One additional control available for a base station's Internet access that is not present for a Mac is the WAN Ethernet Speed pop-up menu. Use this to set the speed at which the base station communicates with a wired network over its LAN port. In most cases, the Automatic (Default) value is the best choice, but you can choose a specific speed.
Click the Network tab to control how the base station provides services to the network (see Figure 11.8).
The default settings enable all the machines connecting to the AirPort network to share the base station's Internet account. By default, the base station provides IP addresses to each machine dynamically and uses NAT protection to isolate the IP addresses of each machine from the connection to the Internet. To choose this option, click the "Share a single IP address (using DHCP and NAT)" radio button. Then select the range of addresses that should be assigned to each device on the network using the pop-up menu. In most cases, the "Use 10.0.1.1 addressing" option will work, but you can choose a different range if you want to.
If you want to use a specific set of IP addresses, check the "Share a range of IP addresses (using only DHCP)" check box and enter the starting and ending IP numbers you want to assign. As machines connect to your network, these IP addresses are assigned to each machine that connects (you have to have enough addresses in the range so one is available for each machine). Use the "DHCP lease" box and pop-up menu to set the number of hours for the DHCP lease on each machine. When this time passes, a new address is assigned to each machine. You can enter a DHCP lease message in the Message box.
To learn how to configure a Graphite base station so that all the machines on a network, including machines connected via Ethernet, can share the same Internet account, see "Using a Graphite AirPort Base Station to Share an Internet Connection with a Wired Network," p. 325.
Use the Port Mapping tab to add more ports to the network for other services, such as AppleShare, Web sharing, and so on. (Covering these options is beyond the scope of this chapter.)
Use the Access tab if you want to limit network access to machines with specific AirPort ID numbers (you find these numbers on the client machines, as you will see in a later section). Click Add, enter the AirPort ID of the machines to which you want to allow access to your network, enter a description of the machine, and click OK. Only the machines with AirPort IDs shown in the list can then access your network. (If the list is empty, any AirPort machines can connect by using the network's password.)
Use the Authentication tab to configure a RADIUS server for the AirPort network. This prevents AirPort machines without valid IDs from connecting to the network. Explaining the details of this is beyond the scope of this chapter.
Use the WDS tab to configure multiple base stations to provide a single network to extend its range.
To learn how to configure WDS, see "Making AirPort Go Farther," p. 326.
Click Update to transfer the settings to the base station. The base station is restarted after the settings have been transferred.
When the process is complete, click OK; you return to the Select Base Station window.
Quit the AirPort Admin utility.
If you see an error message stating that the required AirPort hardware was not found when you started the AirPort Admin Utility, see "No AirPort Hardware Is Found" in the "Troubleshooting" section at the end of this chapter.
For more detailed information on AirPort, visit Apple's Knowledge Base at http://kbase.info.apple.com/ and search for AirPort.
You can now access the Net from an AirPort-equipped Mac using the AirPort network. The base station also provides services to a wired network if it is connected to one.
As you learned earlier, you can use any AirPort-equipped Mac running Mac OS X to act as a base station. When you do this, the Mac OS X machine provides services similar to those that a HAP provides, but you don't have as much control over the AirPort network.
For a Mac to act as a base station, you must first disable its built-in firewall by using the Firewall tab of the Sharing pane of the System Preferences utility. If the Mac you use is connected directly to the Internet, such as through a cable modem, it is vulnerable to attack. You should use a Mac as a base station only if it is protected by some other means, such as a hardware firewall or an Internet sharing hub that offers NAT protection.
To learn how to enable or disable the Mac OS X firewall, see "Defending Your Mac Against Net Hackers," p. 911.
To configure a Mac as a base station, perform the following steps:
Install an AirPort card in the machine you are going to use as a base station.
To learn how to install an AirPort card, see "Installing an AirPort Card," p. 318.
Configure that machine so it can connect to the Internet, such as through DHCP services provided on an Ethernet network or over a dial-up account.
To learn how to configure a Mac for the Internet, see Chapter 10, "Connecting Your Mac to the Internet," p. 263.
Open the Network pane of the System Preferences utility.
Select AirPort on the Show menu.
Click the AirPort tab (see Figure 11.9).
Check the "Allow this computer to create networks" check box.
Open the Sharing pane of the System Preferences utility and click the Internet tab (see Figure 11.10).
Select the Internet connection you want to share with other machines on the "Share your connection from" pop-up menu. For example, if your computer gets its Internet connection from a wired network, select Built-in Ethernet.
You can choose to share a connection from a wired network to AirPort-equipped machines or from an AirPort-equipped machine to a wired network.
Select the type of connections with which you are going to share the machine's Internet connection by checking the appropriate "To computers using" check box. For example, if you want to share the connection with computers via AirPort, check AirPort, and if you want to share the connection via a wired network, check the Built-in Ethernet check box. You can choose more than one connection type with which to share the connection.
If you enabled AirPort sharing, select AirPort and click the AirPort Options button. The AirPort network configuration sheet appears (see Figure 11.11).
Edit the default name as needed. The default name is the name of your computer, but you can make it something more interesting if you want to.
Unless you have multiple AirPort networks active in the same area or you experience interference that prevents your network from operating properly, leave the Channel pop-up menu set to Automatic. If you want to choose a channel manually, select it on the pop-up menu.
For a more secure network, check the "Enable encryption (using WEP)" check box.
WEP is an encryption strategy that attempts to provide wireless networks with the same level of protection that wired networks have. WEP does provide improved security compared to nonencrypted transmissions, but be aware that it does have some flaws as do almost all security measures. If the information transmitted over your network is very sensitive, you should use WEP to provide at least some protection.
Enter the network password in the Password and Confirm Password fields. This is the password users will enter to connect to the network.
Select an encryption key length on the WEP Key Length pop-up menu. The options are 40-bit and 128-bit. If only newer Macs running Mac OS X will be connecting to the network, select 128-bit. If you aren't sure which level of encryption other machines can support, select 40-bit. If you don't want to use the encryption at all, uncheck the "Enable encryption (using WEP)" check box.
Click Start. The Internet connection is shared with other computers via AirPort or built-in Ethernet.
Use the Services pane to configure other services you will provide over the network, such as File and Printer Sharing. Your Mac then begins providing services over AirPort and its network becomes available to AirPort-equipped Macs.
To learn how to configure sharing services, see "Configuring the Services on a Network," p. 827.
If Printer Sharing is enabled, USB printers connected to the Mac acting as a base station are also available to the AirPort network. This is a great way to share USB printers with other Macs. Also, the AirPort menu on the menu bar on a Mac acting as a base station is different than the menu on a client machine. This menu also has different options than a client menu.
Using a Mac As a Base Station
One of the disadvantages of using a Mac as a base station is that the Mac must be on for the network to be available. If that Mac is turned off or crashes, the AirPort network is lost.
Another disadvantage of using a Mac as a base station is that you can't have Mac OS X's built-in firewall turned on. This means that if the Mac you are using to provide the network is connected directly to the Internet, such as through a cable modem, it is vulnerable to attack. (If it is protected by some other device, such as a sharing hub, it is okay to have its firewall turned off.)
If the Mac that is acting as the base station goes into Sleep mode, its services are also lost. Use the Energy Saver pane of the System Preferences utility to ensure that the software base station machine never sleeps while you want the AirPort network to be available. Also, if Sleep interrupts AirPort network services, client machines might have to quit and then restart Internet applications, such as Safari, to resume using the network.
To learn how to control sleep, see "Managing Your Mobile Mac's Power," p. 982.