In today’s world of wireless routers, 802.11g is the new standard, but 802.11n is poised to take over in the near future, if they can ever ratify the standard. J Of course, manufacturers have focused on making router setup really easy. Router security is a whole different ball game all together…
If your house is like mine, you have your high speed internet modem and the main wireless router setup somewhere in the house. For most people, the coverage a standard 802.11g router provides, and their usage model, makes it a very acceptable solution. Of course, I’m not most people… and my needs and setup isn’t standard either.
OK, some history first. My main router is setup in my server room in the basement. It worked well at first, at least for most things. See, I’m a Madden gamer and playing Madden with my friends require the fastest possible connection. Because of the fall off in signal strength and quality over distance, I was only getting about a 20 megabit connection with 40% signal strength. As any Madden baller will tell you, that makes for a really jerky and unenjoyable game. So, for a long time I was stuck trekking down to the basement when I wanted to play.
Then I got my Replay TV‘s. Of course I had to soup up my Replay TV‘s before using them, but the point just being that I had to find a way to stream my shows between the 2 Replay TV’s I had as well as the DVArchive I had running on my data server.
At first I tried the wireless route but no matter what I did, I simply could not get the wireless access points to work with the wireless extender which I needed to get a strong signal from the back of the basement to the front of the living room which, of course, are on exact opposite sides of the house.
In the end, I returned the extender and access points and went the old fashioned way by running a hard wire CAT6 cable all the way through.
So now I had my DVArchive server in the server room in the back of the basement, my Replay TV in the media room in the front of the basement and my Replay TV in the living room on the main level all connected together.
Then it dawned on me… I have a connection (to the Replay TV) right there in the living room where we spend most of our time. If I simply hooked up a wireless router and then connected the Replay TV via hard line to the router, I would have the best signal strength and quality possible, given the 10 feet to the couch.
Of course, it was easier said than done. There were a couple of snags I had to work through first, most notably the fact that Linksys had changed the firmware on the WRT54G wireless routers to a proprietary format, as opposed to the Linux based firmware which allowed users to flash their routers with all kinds of cool firmware updates.
Fortunately, hearing the outcry from the community, Linksys released the WRT54GL which was again Linux based. OK, enough background, let’s actually get this thing working by following these steps…
- Our starting point assumes that the first wireless router is already setup on the network.
- Connect the second wireless router to the network.
- Power up the second wireless router.
On your laptop, go to the Wireless Network List and ensure the new router is picked up in the list.
- The new router should show up as “linksys”.
- Select the router and click the “Connect” button.
- You will get a warning dialog window stating that the network is unsecured.
Click the “Connect Anyway” button.
Your system should now connect to the router and start pulling an IP address.
Once your system has successfully acquired an IP address, the status should change to Connected.
- Open a command window.
- Do an ipconfig.
All things being equal, the router would have assigned you the default IP address of 192.168.1.100.
- Open Internet Explorer.
- Navigate to which is the IP address of the router itself.
You will be presented with a logon dialog window.
- The default UserID/Password combo for the Linksys WRT54GL is used to logon.
- Leave the User name field blank.
- Enter “admin” into the Password field.
- Click OK to logon.
- On the /Upgrade.asp page, click the “Administration” menu tab.
Click the “Firmware Upgrade” sub menu option.
- Click the Browse button to locate your choice of firmware and conduct the upgrade. My preference has been the Tarifa version b009. You can get your firmware of choice from the Linksys Info site.
Once the firmware upgrade is complete, click Continue to proceed to the next step.
You will notice in the top right hand corner that the firmware version has been updated.
- Now that we have updated the firmware, it is time to secure the router. Click on the Administration tab again.
It should default to the Management sub tab, but if not, click the Management sub menu option to navigate to the desired page.
- Start by entering a new Router Password.
- Enter the same password in the Re-Enter to Confirm box.
- For added security, you should not allow the router’s admin pages to be accessed over standard HTTP so select the HTTPS check box and ensure that the HTTP check box is unselected.
- Ensure that Wireless Access Web is enabled.
- Ensure that Remote Management is disabled.
- Select Enable for the UPnP option.
- Select Disable for the Telnet option.
- Before you save your changes, remember that you are currently logged into the router via HTTP. Once you save your changes, the router will no longer recognize your session. Save your changes.
- You should end with a Page Cannot be Displayed page.
- Change the URL of the page from to https://192.168.1.1.
You will be prompted to logon again.
- The User Name field now becomes “admin”.
- Enter the password you used in the Password field and click OK to logon.
Because you are now accessing this router via SSL, it will attempt to give you a certificate. You will receive a warning dialog window.
- Click the View Certificate button.
In order to avoid having to deal with the SSL certificate issue each time you logon to the router, click the Install Certificate button.
The Certificate Import Wizard will open.
- Click the Next button.
You will be prompted to select a certificate store.
- This is Greek to most people, so just ensure that the Automatically option is selected.
- On the final screen, click the Finish button to complete the import.
You should be presented with a confirmation dialog stating the import succeeded.
- You will be returned back to the logon screen.
- Enter “admin” in the User Name field.
- Enter the password you previously selected in the Password field.
Click OK to logon.
You may now be presented with the following page.
As you can see, the page did not render properly. The reason for this is because IE treats the same page over SSL as a unique version so you have to reset your security settings in IE again.
- In IE, click the Tools menu option.
- On the dropdown menu that pops up, select the Internet Options item.
You will be presented with IE’s Internet Options dialog window.
- Click on the Security tab at the top.
- Select the Local Intranet icon.
- Click the Sites button.
You will be presented with the window to add sites.
- If the router URL is not automatically entered into the first edit box, enter the full value of “https://192.168.1.1” into the edit box.
- Click the Add button.
- The site should now be listed in the Web Sites list below.
- Click Close to close the dialog window.
- Click OK to close the Internet Options window.
- Now click the refresh button to reload your router admin page.
You should now see the normal page loaded successfully.
- You should notice the security zone indicator in the bottom right of the page indicating “Local Intranet”.
- The next step in securing your router is to turn on MAC address filtering. The MAC address is a unique serial number that is given to each wireless network card. No two in the world are identical.
- In order to get your MAC address, return to your command window. If you had closed it, open another command window.
Use the “ipconfig /all” command.
- You will notice some hex numbers for the Physical Address.
- Write down this value.
- Go back to your router admin page.
- Click the Wireless tab.
Click the Wireless MAC Filter sub tab.
- Select Enabled for the Wireless MAC Filter option.
- Select the Permit Only option. This option will only permit computers with the MAC addresses you specify to access the network.
- Click the Edit MAC Filter List button.
The Add MAC Address Filter List window will open.
- Enter your MAC address that you had previously written down in one of the open edit boxes.
- NOTE: Replace the “–” characters in the value with “:” characters instead i.e. 13-57-90-AB-CD-EF would be entered as 13:57:90:AB:CD:EF instead.
- Save and close the window.
Next we need to configure wireless security. Click on the Wireless Security sub tab under the Security tab.
- Select WPA Personal for the Security Mode field.
- Select TKIP for the WPA Algorithms field.
- Now enter a WPA Shared Key value. This is essentially your password for the wireless network.
- Click the Save Settings button.
- Once you save the settings, you will once again be disconnected from the network.
- Go back to your wireless network list.
- Your router should be listed.
- Select your router and click the Connect button.
You will be presented with a logon dialog window.
- Enter the value you used for the WPA Shared Key in step 90 into the Network Key edit box.
- Re-enter the same value in the Confirm Network Key edit box.
- Click the Connect button.
- Now that your router is secured, we need to hide it for extra security.
Click the Basic Wireless Settings sub tab under the Wireless tab.
- Select a Wireless Network Mode. I prefer G-Only as it forces the fastest connection and will generally not connect me if I’m too far away and the signal is too weak.
- Now the important setting is to change the Wireless Network Name(SSID) value, which defaults to WRT54GL to something that makes sense to you. This is important when you have multiple routers so you can distinguish which router you’re logged onto and administering e.g. you might use “ComputerRoom” and “LivingRoom”.
- Select the Wireless Channel you wish to use. I would just let it default to the 6-2.437 GHz value.
- Ensure that your Wireless SSID Broadcast option is still set to Enabled. We will need this in order to logon to the new network SSID.
- Save your settings and click OK.
Because you just changed the SSID of the network, you will now be disconnected from the network again. Go back to your Wireless Network List. Your new SSID should be listed.
- Select your new network and click the Connect button.
- When presented with the logon dialog, use the credentials you used earlier to logon again.
Click the Basic Wireless Settings sub tab under the Wireless tab.
- Here’s the important part, change the Wireless SSID Broadcast setting from Enable to Disable. This is important because it keeps snoops at bay. By already changing the SSID you not only identify your router better, but it also makes it harder for someone to attempt to logo to your network because they have to know your SSID to do so. By turning the SSID broadcast option off, nobody can see your network. That’s OK because you’ve already configured your computer for it. It just keeps war drivers and nosy neighbors from trying to use your network.
- You can leave the other options as is and save your settings.
- Your network will now no longer show up in the available network list of other computers in the vicinity. It will still show up in yours because your computer has been configured to access it.
- Now that we have the router configured, we need to make it work with the original router. The problem using this router at this point is that you can get an IP address, but you cannot get any internet connectivity.
- Click the Setup tab.
It should default to the Basic Setup sub tab, but if not, just click the Basic Setup sub tab.
- I’m going to assume that your original router does not operate on the default 192.168.1.x range because changing the second and third nodes adds yet another layer of security, this time security through obscurity. Anyway, let’s assume the original router has it’s IP set to 188.8.131.52. It would be configured to hand out IP addresses starting at 100 i.e. the first computer connecting to it would get 184.108.40.206 as an IP address. That makes the range below 100 safe. If you have configured it to start handing out IP’s starting at 2, you need to change it to 3 or more.
- Change the Local IP Address of the second router to 220.127.116.11.
- Ensure that you select the Disable option for the DHCP Server setting. This will allow the second router to serve as the slave to the first router. It will pass your computer’s IP request over to the first router who will return an IP which the second router will give your computer. In this way, the second router acts as a relay between your computer and the first router. The advantage to this is that it will relay internet URL requests to the first router which is connected to the outside and will process the request sucessfully.
- Save your settings.
Comparing these settings with the first router:
- You will notice that that IP is different and that the first router is set as the DHCP Server.
And that’s all there is to that. Quite a lengthy walk through, but it covers EVERYTHING!
Anyway, with my new setup I can play Madden at full speed, 54 megabit @ 100% signal strength!