Configuring a Linksys WAP11 wireless access point
by Don Bradner
The Linksys WAP11 is a popular wireless option for satellite networks because it is inexpensive, relatively easy to configure, and does not have bells and whistles which need to be disabled to make it work.|
This article is intended to provide specific configuration details, both for operation and for security. It is assumed that a host computer is already running with ICS (Windows Internet Connection Sharing), and that the host computer has an ethernet port. I'm also going to assume the host is running Win2K or XP, since those are current Datastorm requirements.
The WAP11 comes with a CD of configuration software. It did not work well for me, so the information presented here is for "manual" configuration.|
Important note: If, at any time, the configuration becomes so mangled that you cannot connect with the WAP11, use a toothpick or similar shape to reset the WAP11 to factory defaults, by poking into the reset hole in the back and holding for 10 seconds.
In order to configure the WAP11, you will have to get to it with a browser. Your ICS network will be 192.168.0.x, with the host as the .1 machine on that subnet. The Linksys comes with a default IP of 192.168.1.251. Conventional wisdom recommends that you temporarily set your host to 192.168.1.x in order to enter the WAP, then change the WAP to either dynamic addressing or to a 192.168.0.x address. I'm going to depart from that reasoning, because the WAP11 has trouble remembering where it is. If you change any setting and click "Apply," it will attempt to return to a page on the 192.168.1.251 setting. Fortunately, XP and Win2K do not have a problem with multiple addresses on the same network port, and there is no problem leaving the WAP11 at its default addressing.
|Open Start/Control Panel/Network Connections. Right-click your Local Area Connection and choose Properties. Click "Internet Protocol (TCP/IP) and click Properties.|
|On the properties page, click Advanced, then the Add button under IP addresses. Add a new address in the 192.168.1.x range (since the machine is .0.1, it may make sense to use .1.1), with a mask of 255.255.255.0. Click OK to each screen to back out of the dialogs.|
|If you have not already done so, connect the host computer to the WAP11 using a crossover ethernet cable. This is important: a regular ethernet cable will not work unless you also use a hub or switch between the host and the WAP11. Crossover cables can be purchased just about anywhere that would also have regular cables (Radio Shack, CompUSA, etc.).|
|Open a browser, and type the WAP11's address in: 192.168.1.251. You should immediately get this password dialog; if not, you are not connecting, and something above is not right, or it could be a proxy issue. If you have a proxy configured, it will stop you from reaching the WAP. You can turn the proxy off, but another way is to click the Advanced button in Tools/Internet Options/Connections/Lan Settings. In the Exceptions box, put 192.168.* and that will allow you to reach the WAP and other local machines. The WAP11 does not care what you put in the User Name, and the default password is "admin". You will be changing that as part of your security settings, so leave the "remember" box empty. Enter admin and click OK. That will bring you to the main setup screen, below:|
Starting from the top: You can change the AP name if you wish. The only place that shows is in the password logon screen. If you've chosen my method of having the host use two IP addresses, you can leave all of the IP, Mask, and Gateway settings at default.|
The first item of security is to change the SSID. The default is "Linksys" and you can put anything you want here. Maximum 32 characters, any character on your keyboard including spaces. If you intend to share your wireless with fellow campers, you could use something like: "Free access - ask at blue Safari" and that's what people will see with a broadcast SSID (more on that later). Channel numbers are used to avoid interference. Default is 6, but you may find that another one will work better. You can play with this as often as you want - your wirelessly connected computers will adjust automatically to the WAP setting.
Now we come to one of the more important aspects of security, the WEP (Wireless encryption protocol) setting. Setting a WEP key enforces security in two ways. First, it keeps all but the most dedicated hackers out of your system, and secondly it keeps them from capturing and decoding your data stream which might have sensitive information. Change from the default Disable to Mandatory, then click the Wep Key Setting button, which will produce the dialog below. You want the highest security possible, so change 64bit to 128bit. The default mode will be Hex, but that is harder to use, so change it to ASCII. Enter a phrase of your choosing and click Generate. Before you click Apply, copy/paste the Key(1) to notepad and save it. You will need it when you configure your client computers, and it is hard to be sure of some characters - for example, the character that looks like a 1 or lower case L is actually an I. In Notepad that will be obvious in most fonts. Now click Apply. That will take you back to the setup screen, where the only thing remaining is to make sure the AP Mode is the default of Access Point.
Click Apply on the setup screen to save what you've done so far, then click the Password Tab. Enter a password that you will remember to get back into the configuration in the future.
Click Apply. Now click the Advanced tab, then the Wireless Tab:
On the wireless tab there are three things of interest. The first is Authentication type, where "Open System" is correct for best security. It is counter-inuitive, but correct. Do a Google search on "Open Shared Authentication Wireless" and read some of the articles if you want more information on why you should not use shared keys. The second is SSID Broadcast. If you have no desire to share your connection, select Disable. If you want to broadcast the fact that you have a shareable connection, select Enable. Potential users will have to come to you to get the WEP key in order to connect. Unless you have very old wireless adapters in your clients that can't use a Short Preamble you should change from Long to Short. Click Apply
As a final measure of security if you do not want to be shareable, you can filter on MAC addresses of specific network adapters, which will usually be on the adapter itself or can be discovered with various tools. That setting is done on the Filter tab:
Click Apply after you have entered any MAC addresses. Now close your browser and reopen it. Enter 192.168.1.251 again, and when the password dialog comes up, enter the password you chose so that you can test it. If you want to use the Remember box you will also need to make up a user name (can be anything). You are now ready to connect with a wireless-enabled device, which is a different topic!
|There is one other thing you can add to a WAP11. If you find that you do not have sufficient range when you are outside your coach, Linksys makes the WSB24 signal amplifier. It stacks on top of the WAP11 and attaches with two cables to the WAP11's antenna jacks. The antennas themselves are moved to the WSB24.|