Router Basics

by on Mar 31, 2005 | 10 comments

Wireless (WLAN)


This section lets you configure the wireless part of the router. This usually includes the SSID, channel, and encryption settings.


Channel and SSID


The SSID sets the name for your wireless router. Pick a fairly unique SSID. When you’re traveling, you’ll see many “linksys” “default” “smc” and other router names where the owners didn’t change the SSID. This draws people who believe the network may be easily accessible. SO CHANGE IT. :)


Even though you’ll see several options for channels (1-11 in US/Canada and 1-13 in Europe/Australia). The channels overlap so most people only end up using the 3 non-overlapping channels: 1, 6, and 11. Overlapping channels might work, but it’s generally best to stick to the non-overlapping channels.


Encryption


With encryption disabled, everything is transferred wirelessly in plaintext. This means that anyone that is within range of your access point can view all traffic to and from the access point. This includes email and forum logins and passwords. HTTPS/SSL traffic (online stores, credit cards, and banks) is pretty well encrypted and pretty tough to break, but everything else is wide open.


The advantages of having encryption disabled are 1) It’s usually a little faster than with encryption enabled and 2) It’s easier to configure because you don’t have to worry about typing the key perfectly into every client computer. Nearly all public wireless access points are unencrypted for this reason.


It is generally best to enable encryption. However, it is not perfect solution because current wireless encryption is weak. It is estimated that encryption can be broken on the order of a few days to a month or so. So if someone really wants into your access point, they’ll probably be able to get it without too much effort.


Current encryption has two levels: WEP and WPA. WEP is the original form of encryption, and WPA makes WEP more difficult to crack and also adds user authentication. You can also use WPA in a standalone form.


WEP


WEP Encryption is the standard for wireless encryption. The two most common levels of encryption are 64-bit and 128-bit. 192-bit and 256-bit are also out there, but many routers and wireless cards don’t support them, so they aren’t commonly used. However, if both your router and wireless cards support stronger encryption, such as 256-bit WEP, then by all means use it.


The key is important to be as random as possible. Many routers have programs in their control panel to assist with creating a random key. Others require you to type in the key. The key is longer if the encryption is stronger. Once you’ve created the key, it’s best to write it down so you always have it available. It might be a good idea to tape the key to the bottom of the wireless router, unless someone who you don’t want to have wireless access might have physical access to the router.


You’ll need to enter this key into each wireless computer’s setup so that computer can connect to the router.


WPA


WPA’s two main advantages are that it uses the Temporal Key Integrity Protocol (TKIP) and 802.1x user authentication. This means that in order to connect to your wireless network, a user will have to enter their user ID and password, and it’s more secure because the keys are temporary. That makes it more challenging for an attacker to break. To have 802.1x authentication, you do need to have a RADIUS server installed on your network. Setting up a RADIUS server is well beyond the scope because you’ll need a computer dedicated to authentication for your wireless network.


Microsoft does a good job discussing wireless network security options.


802.1x authentication


If you do have a RADIUS server on your wired network, you’ll need to configure the router to use it. The re-authentication period sets the amount of time until you require a user to log in again. The shorter this time is, the more secure it is but also the more annoying it is. I’d recommend leaving the setting at at least an hour or two.


The rest of the config is simply to set up the IP, port, and key for the RADIUS server. The key is a text string that must be the same on both the RADIUS server and the router. The NAS ID defines the request identifier for the Network Access Server (NAS).

Pages: 1 2 3

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • Randolph Johnson

    i thank u :D

  • http://http:www.cmro.net Angela

    that was helpful i was lost before i read this easy to understand information

  • Aymen

    Hi,
    I have this problem can any body help me?

    •When setting up a private network of 5 PCs behind an Internet Router, what IP address ranges have been reserved for such use. Which would you pick, and why?
    Thanks

    • Dhwani Alex

      better use a DHCP server.it will dynamically assign ip address to your system

  • Joel

    http://www.pku.edu.cn/academic/research/computer-center/tc/html/TC0305.html

    You can pick from those ranges. I typically select 192.168.0 or 192.168.1. The exact numbers don’t matter, and you can just let DHCP handle that.

  • NewMC

    Your router’s ip address by default is going to be 192.168.1.1 for most brands so I would probably set my conncetions to start at 192.168.1.100 and limit your connections to 10 or so, maybe less depending on the number of items you have connecting (i.e. – pda’s, xbox 360, work laptop, whatever). That should work for you unless you are in a “high traffic” area where someone might be trying to jump off of your router. Then you will have to probably look at static ip’s and such, the bad thing is then if you have a laptop or whatever and connect to another network you will probably have to reset the ip’s on your laptop each time you get home.

  • Pingback: How do I enable DHCP on my network adapter? | keyongtech

    • http://deleted Dhwani Alex

      it’s not inbuilt with the operating system what u are using now.it’s advisable to set a windows server operating system,latest is windows server 2008.after doing all ur initial configurations u can easily enable your DHCP,so that other DHCP servers in the network will respond u with dynamic ip address for ur session.

  • Arjun

    how to get PPPOE username and password?, on your Router, plss Help!

    Thanks!
    excellion17@yahoo.com

  • http://visa-express-shanghai.com/ George

    Thanx

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: