Nội dung

Creating a SOHO Wireless Network Figure 13.5 231 The LinkSys router password security configuration page. be given private, nonroutable IP addresses—from either the 10.x.x.x, 169.254.x.x, or 192.168.x.x address ranges. The LinkSys by default comes configured to use the 192.168.1.x address range, giving us a place to start. Using default settings is OK in a private/home network, but at work, with several other users tinkering about, you probably want to select a different address range and change the default password for the router to reduce the chances of tampering. The Host Name and Domain Name options are optional and I have never found them, as suggested, to be required by some ISPs, 232 Chapter 13 unless you have fixed IP addressing and they are changing their DNS servers to suit your installation (not likely). I address my network into what I call the 10-net range, if only because it is easier to type 10.10.10.x than 192.168.x.x when configuring fixed addresses into workstations. Thus, 10.10.10.1 becomes the router’s new IP address. This IP address is then used as the gateway address on client workstations that do not use DHCP automatic client configuration values. The subnet mask numbers tell the router if connections between specific hosts’ addresses need to go through the router to the WAN port (DSL line), or remain on the LAN side. Since we do not have a big network (over 255 clients), we can use a Class C (or smaller) mask value. If we had multiple 10.10.10.x subnets, we could narrow the last octet of the mask down to typically .224, .192, .128, or other values defining how many host addresses live within each subnet of our address range. The 255.255.255.0 Class C value is the easiest. If we had a situation to support more subnets, we could as easily make them use 10.10.11.x, 10.10.12.x, etc., network ranges. Next, we have to configure how the router will work with the DSL service—see Figure 13.6—for the WAN connection type values. If you have business DSL service with fixed IP addresses and your DSL equipment does not include a router, you would make the selection of Static IP, and then assign one of your fixed IP addresses to the WAN side of this router. For residential dial-up or PPPoE DSL services, select PPPoE and then enter the log-on name and password you used for the workstation DSL software configuration above. The next two values determine how your DSL connection is maintained. The Connect on Demand value defines how long the connection will remain active before it is dropped at your end for inactivity and has to be redialed, (because you were not surfing the web or collecting or sending e-mail, etc.), which leads to the perception of slow service. The default value of 20 minutes is fine. This selection is fine for the occasional user and someone who is not running a mail, Web, FTP, or game server on his DSL line. The alternative Keep Alive: Redial Period value sets the router to never allow the modem to disconnect from the ISP side of the connection. The default value of every 30 seconds works OK, defining how often the connection is pulsed or redialed to ensure that it stays alive to prevent disconnection from the ISP. This selection is preferred if Creating a SOHO Wireless Network Figure 13.6 233 PPPoE selection to use the router to dial-up and log-on to establish your DSL connection. you have a server running that needs to be accessible from the Internet, and thus needs to maintain an IP address at a DNS server. Keeping the connection alive can and will also be assisted by a couple of applications you can run on an always-on workstation or your web/mail/FTP server—the automatic DNS update utility program and the time correction service. Click the Apply button to save these values in the router. At this point, your browser still thinks the IP address of the router is the original 192.168.1.1 address, but the router will be using the new 234 Chapter 13 address you just set it for, and your workstation is using some randomly or previously assigned IP address that has nothing to do with your new router configuration. After the router has reset itself, you will need to type its new IP address into your web browser to access it, log into the router, and access the remaining configuration items. Select the DHCP tab at the top of the page to get the screen shown in Figure 13.7. This screen is where we define the values for DHCP, allowing client PCs Figure 13.7 The DHCP configuration page of the Linksys router. Creating a SOHO Wireless Network 235 and Macs to obtain IP addressing, routing, and DNS information automatically so that you do not have to configure each and every workstation. (Using DHCP is the default value for most PC and Mac network settings.) First, select the Enable button following the DHCP Server label. The first portion of the address range your workstations will use is determined by the IP address you set for the router in the first page. The range used for the last octet of the IP address is up to you. Determine which address you want the automatic configuration process to assign to the first workstation that requests DHCP configuration. Subsequent workstation requests will get subsequent sequential addresses. Since some devices you put on your network will need to have fixed, preset IP addresses, do not start at 1. A starting address of 16 or 32 seems reasonable under most conditions, allowing plenty of addresses for servers, network printers, etc. How many clients you need to support with DHCP is set next. Most of us do not have more than a few PCs, some may have a small handful, others may have dozens. The Client Lease Time sets how long a DHCP-assigned IP address stays assigned to a specific system before the address is expired and a new one must be issued. The value of 0 (zero) for an entire day seems adequate in most cases. Put in the IP addresses for DNS servers given to you by your ISP—these are then dispensed to workstations in response to their DHCP requests. Typically you are given only two addresses, which is adequate; a third is optional. If you are running an internal Windows server and will be using its network naming services, you can also include that server’s address for distribution via DHCP. You may now click Apply to make the new settings take effect. If you want to verify your new DHCP settings using your workstation—to see if it gets a fresh IP address and the various settings from the router—log off your workstation and restart it. Provided the workstation’s networking parameters are set to get new IP information automatically (using DHCP), it will get this information from the router, which you can verify easily. For Windows 95, 98, 98SE, and Me users, go to Start, select Run, type-in “winipcfg,” then click OK to bring up a dialog box showing your current IP address information. For Windows NT, 2000, and XP users, go to Start, Run, type in “cmd,” then click OK to open a Command Prompt box. At the command prompt, type in “ipconfig,” then press Enter. In either case, if the address information comes up in the 169.254.x.x range (and that’s not 236 Chapter 13 the address range you put into the router), then the workstation did not get a new assignment via DHCP from the router. If you get a fresh 10.10.10.x subnet address, it would appear that DHCP works fine. If you will be running an Internet-accessible mail, web, or FTP server, or using special application services such as pcAnywhere, web-cam services, etc., you will have to select the Advanced tab at the upper right, then the Forwarding tab at the top of the page to reveal Port Range Forwarding values—see Figure 13.8—to define which ports need to pass through to which specific hosts, according to their fixed IP addresses. Figure 13.8 Setting up the router to pass web and e-mail services to an internal server. Creating a SOHO Wireless Network 237 On this page, you enter the specific transmission control protocol (TCP) and/or user datagram protocol (UDP) port numbers for the services that will pass through, and the specific IP address for the PC, Mac, or server host device to which you want those services to be directed. In this case, we have Web, mail, and DNS services running on a single PC with the internal IP address of 10.10.10.55. Any request for either of these Internet services that comes into the IP address assigned by our ISP will be directed to this server. As mentioned previously, these services could be running on separate PCs, or on the same PC. But that PC could be given multiple IP addresses—one for each service type, for possible separation later. We also allow Port 5100, for a special web camera, to pass through to a PC with the IP address of 10.10.10.12. Click the Apply button for any changes to take effect, and you should be ready to test your DSL connectivity through the router. To test your new configuration beyond connecting to the router, at your workstation, the one you are using to configure the router, type in the web address for any external Web site you would like— www.yahoo.com or similar. This should cause the router to sense that it needs to find this host somewhere external to your internal network (not a host on your new 10.10.10.x network), out on the Internet, and cause the PPPoE dial-up process to start, activate the DSL or equivalent status light on your DSL, then give you access to the desired web page. If this process succeeds, you are quite ready to begin adding other fixed/wired workstations and devices as necessary and verify that they work at accessing the Internet, that network printers can be used, servers and file shares can be accessed, etc. Then begin adding your wireless access point and wireless clients to your newly configured network. Access Point Installation The LinkSys WAP11 comes in two models—the earliest provides a universal serial bus (USB) port for configuration purposes; the later models have only an Ethernet port that uses simple network management protocol (SNMP) software for configuration. I recommend finding an earlier model unit with the USB port, because it is easier 238 Chapter 13 to gain access to configure the unit if you were to lose control of it via SNMP over the Ethernet connection. Connect the power source for the access point and run a straightthrough Ethernet cable from the access point LAN connection to an available port on your router. To control the WAP11, you must install the configuration utility software that comes on the CD-ROM with the product or is available by download from its Web site—www.linksys.com. Once installed, the software tells you that you must reboot your PC before using the configuration utility software—which is not the case for the SNMP version. Simply cancel the message that pops up and double-click the WAP11 SNMP Configuration Utility icon that appears on the Windows desktop. The first screen that will appear is the log-on screen for the access point, including the default IP address the unit is programmed for and a password entry area. The default password is “admin.” Type it in, then click OK to begin the connection to the access point. If successful, you will see the first screen of the program, as shown in Figure 13.9. This screen will tell you the version number of the access point firmware, the media access control (MAC) or hardware address of its Ethernet port, the mode it is operating in (typically Access Point), the extended service set identifier (ESSID), the current operating channel, and whether or not wired equivalent privacy (WEP) encryption is enabled (it is not by default). To set up the WAP11 properly to add it to our existing wired network configuration, we need to: ■ ■ ■ ■ Set the access point service set identifier (ESSID). Predetermine and set a channel to use (optional). Set a fixed IP address for the access point to use (optional, but preferred). Set the WEP encryption level and encryption key (highly desirable). These steps take about five minutes to accomplish and then we can move on to installing the wireless clients. First, click the Basic Setting tab to reveal the ESSID and access point name settings— Figure 13.10. Change the ESSID to something familiar to you, but perhaps not identifying your business, family, or location. This name will allow you to (as uniquely as possible) identify your access point from others nearby. Once you remember your ESSID, which you Creating a SOHO Wireless Network 239 Figure 13.9 The main status page for the Linksys WAP11 wireless access point. must do or make note of to configure your clients, you can disable broadcasting it in the Advanced setting screen to make it harder (but not impossible) for people to find your wireless network. In my location, I typically choose one of three nonoverlapping channels, 1, 6, or 11. If one or all of those channels turn out to be busy and potentially slow your network because of collisions with others, you may have to choose a channel from other wireless LANs that has less signal strength than the others, and hope you can override their signals close to you with yours. The Access Point Name value is not that critical, but I usually make it the same as the ESSID. I typically click the Apply button after making changes to any one screen to preserve the work I have done so far. After you click Apply, wait for the access point and display to refresh back to the first screen. The next set of settings you need to change is on the IP Setting screen—Figure 13.11. This is where we will apply a static IP address to the wireless access point—an address outside the DHCP range we set in the router—avoiding 10.10.10.32 to 10.10.10.82. 10.10.10.99 will work, or pick an address lower than 32 if you like to group your network equipment together by address. The IP Mask value should 240 Chapter 13 Figure 13.10 The WAP11 Basic Setting dialog with entries and selections for SSID, channel, and access point name values. reflect that of the local network Class C range we set up earlier in the router—255.255.255.0. You could let the access point obtain an IP address automatically, from the DHCP server in the router, but it is customary to use fixed addresses for all network equipment, to make troubleshooting easier. Click the Apply button and wait for the access point and display to refresh back to the first screen. Moving along to the Security tab—shown in Figure 13.12—we will set up the encryption level and key value to be used by our clients to connect through this access point. You have the option of using no encryption at all, but why make it easy for your neighbors to tap into your local network and use your services? Select the encryption level—either 40/64-bit or 104/128-bit—you would like to have protecting your network. Be sure that the level you choose is supported by the wireless card you will be using at your client PCs, as many do not support 128-bit WEP keys. Depending on the encryption level selected, pick a 5 or 13 character word or phrase you would like to use and type it into the Passphrase box; then click the Done button. Clicking Done causes the hexadecimal value of your word/phrase to appear for each key