Installing Wireless Access Points in Windows

We talk about both types of WPA2 in much greater detail in Chapter 9.
WPA2 Enterprise is, frankly, overkill for the home environment and much
more difficult to set up. We recommend that you use WPA2 Personal
instead — it gets you 99 percent of the way there in terms of security
and is much easier to set up and configure.
WEP keys: You should always use some security on your wireless network,
and if your network cannot support WPA, you should use, at minimum,
Wired Equivalent Privacy (WEP) encryption. Only a determined
hacker with the proper equipment and software can crack the key. If you
don’t use WEP or some other form of security, any nosy neighbor with a
laptop, wireless PC Card, and range-extender antenna may be able to see
and access your wireless home network. Whenever you use encryption,
all wireless stations in your house attached to the wireless home network
must use the same key. Sometimes the AP manufacturer assigns a
default WEP key. Always assign a new key to avoid a security breach.
Read Chapter 9 for great background info on WEP and WPA2.
WPS: Wi-Fi Protected Security works with WPA2 and makes it considerably
easier to set up WPA2 security on your network by automating the
process. As we discuss in Chapter 9, you can implement WPS in two
ways:
• PIN code: You can turn on WPA2 by simply entering a PIN code
printed on your Wi-Fi hardware (usually on a label).
• Pushbutton: You can press a button on your Wi-Fi router (a physical
button or a virtual button on a screen on the router). When the
button is pushed, your devices can automatically connect to the
router and automatically configure WPA2 in 2 minutes. Simply push
the button(s) and let things set themselves up with no further
intervention.
Username and password: Configuration software may require that you
enter a password to make changes to the AP setup. The manufacturer
may provide a default username and password (see the user documentation).
Use the default password when you first open the configuration
pages, and then immediately change the password to avoid a security
breach. (Note: This isn’t the same as the WPA2 shared key, which is also
called a password by some user interfaces.) Make sure that you use a
password you can remember and that you don’t have to write down.
Writing down a password is the same as putting a sign on the equipment
that says “Here’s how you hack into me.” If you ever lose the password,
you can always reset a device to its factory configuration and get back
to the point where you took it out of the box.
MAC address: The Media Access Control (MAC) address is the physical
address of the radio in the AP. This number is printed on a label attached
to the device. You may need to know this value for troubleshooting, so
write it down. The AP’s Ethernet (RJ-45) connection to the wired network
also has a MAC address that’s different from the MAC address of the AP’s
radio.
Dynamic or static wide area network (WAN) IP address: If your network
is connected to the Internet, it must have an IP address assigned
by your ISP. Most often, your ISP dynamically assigns this address. Your
router or Internet gateway should be configured to accept an IP address
dynamically assigned by a DHCP server. It’s possible, but unlikely, that
your ISP will require a set (static) IP address.
Local IP address: In addition to a physical address (the MAC address),
the AP also has its own network (IP) address. You need to know this IP
address to access the configuration pages by using a Web browser. Refer
to the product documentation to determine this IP address. In most cases,
the IP address is 192.168.xxx.xxx, where xxx is between 1 and 254. It’s also
possible that an AP could choose a default IP that’s in use by your cable
or DSL router (or a computer that got its IP from the cable or DSL
router’s DHCP server). Either way, if an IP conflict arises, you may have
to keep the AP and cable or DSL routers on separate networks while
configuring the AP
Subnet mask: In most cases, this value is set at the factory to
255.255.255.0. If you’re using an IP addressing scheme of the type
described in the preceding paragraph, 255.255.255.0 is the correct
number to use. This number, together with the IP address, establishes
the subnet on which this AP will reside. Network devices with addresses
on the same subnet can communicate directly without the aid of a
router. You really don’t need to understand how the numbering scheme
works except to know that the AP and all the wireless devices that will
access your wireless network must have the same subnet mask.
PPPoE: Many DSL ISPs still use Point-to-Point Protocol over Ethernet
(PPPoE). The values you need to record are the username (or user ID)
and password. The DSL provider uses PPPoE as a means of identifying and
authorizing users.