How to build the ultimate wireless network

Wi-Fi standards can be a confusing, ever-changing subject, especially when manufacturers engage in a war of buzzwords regarding the latest frivolous features. You can safely ignore most of those marketing terms -- especially ones that are trademarked. With that out of the way, let's look what you do need to know to choose a wireless router, configure a network, and get started.

Select a wireless router

These days, you should buy a router that uses the 802.11n wireless standard. But there are a few caveats. This Wi-Fi protocol is backward-compatible with 802.11g and 802.11b; if you or a visitor uses a laptop based on one of those older technologies, the machine will work with your new router so long as you configure the router for backward compatibility. The 802.11n spec reaches farther and transfers data faster than the other two Wi-Fi methods; nevertheless, it has not yet received official approval as a standard.

The final 802.11n specifications are expected to appear in 2010, so technically you'll be buying a draft 802.11n router. There's a very small chance that current routers won't work with the final standard; but since the companies that sit on the 802.11n decision board have been selling their versions of those chips, they are unlikely to rock the boat much at this point. Instead, a free firmware release will likely update today's routers to the final approved specification.

It's a good idea to choose a dual-band router. Such routers divide traffic over two areas of the wireless spectrum, 2.4GHz and 5GHz. This arrangement basically opens up an extra lane for communications so the network can handle more data at once, and at faster speeds. Many routers, such as the Linksys Simultaneous Dual-N Band Wireless Router (WRT610N), can divide traffic over two SSIDs (service set identifiers--aka network names), letting you put slower or lower-security 802.11b devices on their own loop. Other routers, such as the Netgear Rangemax Dual Band Wireless-N Gigabit Router (WNDR3700) let you isolate traffic on the two wireless networks. This is ideal for leaving an open segment as a neighborly gesture, while closing off file sharing to your PCs.

You should base the remainder of your buying decision on the router's ports. Even though theoretically you could set up a wireless-only system, your network will likely consist of a mixture of wired and wireless devices. Wired connections are still optimal for speed, simplicity, reliability, and security.

Many wireless routers still include 100Base-T Ethernet, instead of the speedier gigabit (1000Base-T) standard. Look for a model that incorporates the higher gigabit speed so that your network can keep wired traffic blazing along. Even while streaming high-definition video around your home, you'll be able to share other files without a slowdown. For maximum benefit you'll have to use gigabit ethernet computers, but you could upgrade your 100Base-T clients subsequently, since they (and 10Base-T clients) still work with faster hardware. Routers commonly include about four Ethernet ports. Get more if you need them (and if you can) -- or see my instructions at "Use a Switch to Add More Ports," to increase the number later on.

Some routers include a USB port, too. Consult the documentation for the specific model you're considering purchasing for details of its use; typically, you can connect the USB port to a printer or hard drive to bring those devices onto the network. If those features match your needs, the extra cost is justified. If not, focus on the abilities discussed earlier.

If range is crucial in your setup, be sure to get a router that has an external antenna port, and don't naively rely on the broadcast distance advertised on the packaging. Many factors influence a router's range, including the structure of the surrounding building and interference from neighbors. If you're trying to blanket an entire house -- or backyard -- you may have to buy a second access point.

Click here for the PC World Test Center's top-rated wireless routers.

Configure your router

Most routers come packaged with an installation disc, but I suggest putting it aside and configuring your router manually through a Web browser. Installation CDs are convenient for novices, but you'll typically get better access to advanced setup options through the browser interface. In addition, you can access that interface from any of your connected computers without having to bother with a disc. Once you've learned how to configure the network through the browser interface, you'll be far better prepared if something goes wrong with your network later on. The exact process varies slightly with each brand and model, but the menu options on most of the leading brands are quite similar. Here's how to get started.

For maximum range, position the router on a high shelf or mount it near the top of a central wall. Connect an ethernet cable between your broadband modem (be it cable or DSL) and the router, so that it leads to the router's Internet port. To ensure high-quality throughput, stick with Cat-5e or better cables for all connections. Don't bother with bargain-basement cables. Connect a second ethernet cable between any of the router's LAN ports and your PC. If you use a laptop to configure your router, you'll unplug this cable at the end of the process, when you're ready to connect wirelessly.

The first detail you'll need to know about your router is its IP address. Sometimes this is printed on a sticker somewhere on the router itself. If not, you can locate it in the Windows Network Connections control panel. The Local Area Connection listing should read 'Connected', since your router will default to DHCP (dynamic host configuration protocol). Double-click this connection and select the Support tab. Remember or record the Default Gateway IP address. (It's most likely to be either 192.168.1.1 or 192.168.0.1.)

Open a Web browser and enter your router's IP address into the address field. You'll be prompted for a user name and a password. Consult your printed router documentation to obtain these details.

Once inside, you can control all of the router's settings. First, change the router's admin password, since anyone could currently access your router (and network) simply by entering a series of commonly known default log-ins. Check for an Administration tab, where you'll make the change. Enter the new password and then click the appropriate button to save your changes. Afterward, you'll be dumped out of the log-in screen; log back in with the new password.

Next, change the router's internal subnet and IP address. This will provide a mild layer of security, but more important it will help you avoid conflicting IP addresses on complicated networks. Go to the basic settings area and change the IP address to 192.168.x.1, where x is any new number between 1 and 254. Write this number down, save the changes, and log back into the router, using the new IP address as the URL. (You might need to wait a moment while the router restarts, now and each subsequent time you save changes.)

Now change the SSID and enable Wi-Fi encryption for your first significant layer of security. Nothing looks quite so inviting to hackers as a default-named network. Look first for a wireless configuration area and basic settings; disable Wi-Fi Protected Setup if needed. Change the network name to something unique. In addition, I like to disable the SSID Broadcast; adds only a very thin layer of extra security, since savvy users can easily find hidden networks, but at least your network won't appear to most other computers by default. If you're using 802.11n hardware on the PCs and router, enable the 40MHz, wideband broadcast. (Disable it or set it to 'auto' if you notice network problems; these are most likely to be due to interference from neighbors' networks.) Click the Save button to save the changes.

Wi-Fi traffic without a password is unencrypted, which means that someone in the vicinity of your network could easily intercept and read your data. Block this hole by enabling WPA2 Personal security, usually in a Wireless Security tab. Enter a long password with a mix of numbers and letters. Save the changes.

If your router -- or client device -- supports only WPA or WEP, you can use one of those standards instead. Be aware, though, that they are significantly less secure than WPA2. A better alternative is to use multiple access points or a single one that can broadcast to multiple SSIDs, and then to put the at-risk hardware on its own separate network.

Connect client devices

Wireless PC clients often include configuration software from the Wi-Fi hardware company as well as the Windows Control Panel app. You can connect clients with either program, but I'll focus on the built-in Windows tool. Just make sure that you look through the extra software for an option to let Windows control the network settings.

Open the Network Connections Control Panel, and right-click the Wireless Network Connection. Select Properties. Then select the Wireless Networks tab, and click Add. Enter the SSID for the network, and click the box labeled Connect even if this network is not broadcasting. Choose WPA2 for Network Authentication. Set Data encryption to AES, and click OK twice. Again double-click the Wireless Network Connection in the Control Panel, and choose the wireless network. Click Connect. Enter the network password, and click Connect. The PC will save the password, and in the future it will reconnect automatically.

Control client connections with MAC address filtering

An optional additional layer of wireless security known as "address filtering" checks connected devices against your own list of approved items; then, even if someone has your network password, the router won't let unapproved hardware gain access to the network. The list relies on the unique MAC (media access control) address assigned to each piece of hardware at the factory. Like the other layers of security, this one isn't impregnable. Theoretically, hackers could change their MAC address to match one of your friendly IDs, if they knew what it was. But such an attack is pretty unlikely to succeed (or occur), especially when you combine MAC address filtering with the previous security steps.

Address filtering does introduce an extra step to the process of connecting new devices to your network, but in return you get a little more peace of mind. Don't imagine that address filtering is equivalent to encryption, however: It doesn't prevent interlopers from intercepting your transmissions as WPA2 does.

To get started, connect all of your wireless clients to the network, using your WPA2 password. Remember to include PCs, smart phones, wireless game systems, media-streaming hardware, and other linked devices.

Revisit the configuration page for your wireless router, and enter your administrative password to log in. Look for an option to configure MAC address filtering (sometimes called "network filtering"), most likely inside the router's wireless settings area. Enable the filter, and set it so that it permits only identified MAC addresses to gain access to the network. Many routers have a button that shows all connected devices and lets you add them automatically. If not, before you enable the filter, copy the MAC address form the DHCP client table; it is often listed there under a Status (or Wireless Status) heading. Save the changes and wait for the router to restart if necessary.

In the future, you'll have to type the MAC addresses for any new device you wish to add to your network. You can quickly look up a laptop's MAC address by clicking Start, Run, typing cmd and pressing OK. Then type ipconfig /all and press Enter. Look for the set of six pairs of numbers and letters in the ethernet adapter Wireless Network Configuration area.

Firewall security

Your router likely includes a firewall consisting of two parts: network address translation (NAT) and stateful packet inspection (SPI). In most instances, NAT is turned on by default. This method of routing lets Internet traffic connect to the router with a single, external IP address; the router controls which internal computers send and receive information. SPI takes this a step further, ensuring that incoming data is arriving in response to requests from your internal PCs. Turn on the SPI firewall in your router's configuration page (most likely under a security tab). With SPI enabled, the router will ignore traffic that you didn't request.

Sometimes, these settings block traffic -- such as a game or other application--that you want. If you're having trouble with certain programs, change the port-forwarding settings. Essentially, this amounts to adding the external port for a program that the router is blocking, and entering the internal IP address for that PC. (Many common port numbers can be found online.)

1 2 Page 1
Page 1 of 2
8 highly useful Slack bots for teams
  
Shop Tech Products at Amazon