Wi-Fi Superguide: How to Build the Ultimate Wireless Network

Configure Your Router

Leave the channels at their default settings, or use a utility such as NetStumbler to identify neighbors' networks and set your channels differently.
Most routers come packaged with an installation disc, but I suggest putting it aside and configuring your router manually through a Web browser. Installation CDs are convenient for novices, but you'll typically get better access to advanced setup options through the browser interface. In addition, you can access that interface from any of your connected computers without having to bother with a disc. Once you've learned how to configure the network through the browser interface, you'll be far better prepared if something goes wrong with your network later on. The exact process varies slightly with each brand and model, but the menu options on most of the leading brands are quite similar. Here's how to get started.

For maximum range, position the router on a high shelf or mount it near the top of a central wall. Connect an ethernet cable between your broadband modem (be it cable or DSL) and the router, so that it leads to the router's Internet port. To ensure high-quality throughput, stick with Cat-5e or better cables for all connections. Don’t bother with bargain-basement cables. Connect a second ethernet cable between any of the router's LAN ports and your PC. If you use a laptop to configure your router, you'll unplug this cable at the end of the process, when you're ready to connect wirelessly.

The first detail you'll need to know about your router is its IP address. Sometimes this is printed on a sticker somewhere on the router itself. If not, you can locate it in the Windows Network Connections control panel. The Local Area Connection listing should read 'Connected', since your router will default to DHCP (dynamic host configuration protocol). Double-click this connection and select the Support tab. Remember or record the Default Gateway IP address. (It's most likely to be either 192.168.1.1 or 192.168.0.1.)

Open a Web browser and enter your router's IP address into the address field. You'll be prompted for a user name and a password. Consult your printed router documentation to obtain these details.

Once inside, you can control all of the router's settings. First, change the router's admin password, since anyone could currently access your router (and network) simply by entering a series of commonly known default log-ins. Check for an Administration tab, where you'll make the change. Enter the new password and then click the appropriate button to save your changes. Afterward, you'll be dumped out of the log-in screen; log back in with the new password.

Next, change the router's internal subnet and IP address. This will provide a mild layer of security, but more important it will help you avoid conflicting IP addresses on complicated networks. Go to the basic settings area and change the IP address to 192.168.x.1, where x is any new number between 1 and 254. Write this number down, save the changes, and log back into the router, using the new IP address as the URL. (You might need to wait a moment while the router restarts, now and each subsequent time you save changes.)

Now change the SSID and enable Wi-Fi encryption for your first significant layer of security. Nothing looks quite so inviting to hackers as a default-named network. Look first for a wireless configuration area and basic settings; disable Wi-Fi Protected Setup if needed. Change the network name to something unique. In addition, I like to disable the SSID Broadcast; adds only a very thin layer of extra security, since savvy users can easily find hidden networks, but at least your network won't appear to most other computers by default. If you're using 802.11n hardware on the PCs and router, enable the 40MHz, wideband broadcast. (Disable it or set it to 'auto' if you notice network problems; these are most likely to be due to interference from neighbors' networks.) Click the Save button to save the changes.

Wi-Fi traffic without a password is unencrypted, which means that someone in the vicinity of your network could easily intercept and read your data. Block this hole by enabling WPA2 Personal security, usually in a Wireless Security tab. Enter a long password with a mix of numbers and letters. Save the changes.

If your router--or client device--supports only WPA or WEP, you can use one of those standards instead. Be aware, though, that they are significantly less secure than WPA2. A better alternative is to use multiple access points or a single one that can broadcast to multiple SSIDs, and then to put the at-risk hardware on its own separate network.

Subscribe to the Business Brief Newsletter

Comments