In the first lesson of our networking night school, we looked at the basics of router hardware. Today we're going to start setting things up.
The goal here is to get the most important things set up and then explain all the other details you ought to know. You may not use every section in your router's admin page, but understanding the features will help. We're going to use the DD-WRT router firmware in our examples -- since it's a Lifehacker favourite available for many routers -- but we'll explain how each topic applies to whatever router you have. Your router may not have every feature we talk about today, but if you're still considering which router to buy you may want to take the contents of these lessons into consideration.
Note: In future lessons we'll cover some of the more exciting and complex things you can do with your router, but first this episode just focuses on the basics.
Naming Your Router
While it may seem trivial, there are actually a few things you need to know about naming your router. To start, the name of your router and wireless network are different. Naming your wireless network is really naming the service set identifier (SSID) that the router broadcasts and you select on your computer when you want to connect. The name of your router, however, is how it is identified to other devices on the network. In most cases, this name is much less important than what you choose for your SSID.
Choosing your SSID can be important, however. Leaving it as the default can lead to confusion with other networks, so it's important to pick something specific to you. You can even choose a name that's the first half of a phrase so it's easier for you to remember. This is, of course, somewhat less secure. Clever names can even discourage people from trying to use your network (e.g. "c:\virus.exe") or even communicate a message (e.g. "SexIsTooLoud"). Change it to whatever suits your purposes, but do make sure you change it.
Basic Wi-Fi Configuration and Security
There are a few things you need to do when configuring your Wi-Fi and there all very simple. First, you need to make a few basic setup decisions. Generally you'll find these settings in the Wireless tab on your router's admin page. This is the case in DD-WRT and on Linksys routers. For Dlink routers, it's generally in the Setup section under the Wireless Settings subheading. Netgear also calls it Wireless Settings, and Belkin tends to stick it under a Wireless header but label it Channel and SSID. There are a lot of router brands out there so we can't go over every naming convention, but as you can see they're pretty similar. You're basically looking for the word "wireless" and "setup" and/or "settings" in some combination.
Once you're there, the first thing you want to do is choose your SSID as we discussed in the section above. Choosing a wireless channel is also important, but we're going to talk about that in depth in the next lesson. The goal is to pick the channel with the least interference, and since the default channel is 6 for most routers you're likely to run into more interference on that channel. Feel free to pick another one for now, or just stick with the default and see how things run. If you're not getting the quality signal you'd hoped for, we'll talk about what you can do to about it in the next lesson.
Next you may need to choose a broadcast mode. In most cases you'll be working with a router that broadcasts both 802.11g and 802.11n, if not also others as well. As we discussed yesterday, mixed mode is going to reduce your speeds somewhat. If you really want to maximize throughput, broadcasting only 802.11n is your best bet. If you need backwards compatibility with 802.11g, however, you'll need to choose mixed mode.
Next, hop on over to the Security section of your wireless settings. Most routers will separate these settings from your basic channel and SSID setup, but some keep them together. If you look for a section with a label approximating "wireless security" you should find what you're looking for. When you do, this is where you can enter a password. Generally WEP is easier to crack, so using WPA2 (or WPA if WPA2 is not an option) is a better choice. You also can choose a more complex password when using WPA2. One thing to note is that some Wi-Fi cards (in your computers) will have trouble connecting to a WPA2-secured network via 802.11n when you don't support multiple WPA2 algorithms. If you find that you or visitors have difficulty connecting via 802.11n, be sure to set your WPA2 algorithms to both AES and TKIP. This is usually represented as "AES+TKIP" or something similar.
You don't need to mess around with much else beyond that to get your Wi-Fi up and running securely. While there are a few more advanced options worth looking at, too, we'll cover those in tomorrow's lesson.
Setting a Wi-Fi password isn't the only security you're going to have on your router, and generally various security settings will be split up into different sections. For example, password-protecting your router's admin page will generally be in the Administration section and some things like MAC Address Filtering like to find themselves in no consistant location between the various brands of routers. Often times you'll have to go looking around for what you want to find, but generally you'll also find a few things clumped together. They often deal with your router's firewall.
The firewall is the greatest challenge to any Hollywood actor playing a hacker in a film, but in reality it's not that big of a deal. Basically, you receive many network transmissions you're not aware of because your router's firewall is blocking them from getting through to you. It has a set of rules that allows certain kinds of data to reach you while blocking others that you presumably don't want. A semipermeable membrane is likely a better metaphor, but it's not quite as exciting or dramatic as firewall.
For the most part, the default firewall settings should be just fine for most people, but you should know that can less or more types of data if you choose. For example, you can filter out things like cookies and Java applets. You'll find that most routers are already filtering anonymous ping requests, which you may want to disable. It's also a good page to look at for troubleshooting purposes, as sometimes settings in your firewall will prevent certain applications from working properly as they require communicating outside of your local area network (LAN). If you're trying to debug a problem, temporarily disabling filters and/or features on your firewall can help you do so. Most of the time, however, you can just leave things as they are.
NAT and QoS
NAT stands for network address translation and QoS stands for quality of service. As NAT and port forwarding are related, you'll generally find them together. Sometimes port forwarding is also known as Virtual Servers in some routers. QoS is often paired with these features as well but not always.
So what do they do? Let's start with NAT and port forwarding. You're probably aware that you have local IP addresses that differ from the IP addresses out on the internet. On your local network, they usually look like 192.168.x.x or 10.0.x.x but they can essentially be anything because they're local. NAT is what translates the outside IP addresses to your local network so you can interact with people as far as the wide internet can take you. Port forwarding relates to this because, by default, nobody on the outside can access your local machines. You can use port forwarding, however, to open up certain ports for certain machines on the network. For example, if one computer has a web server and another has an FTP server, you could open up ports for both of those services so people could access them from outside of your local network. If this is new to you and a little confusing, don't worry -- we're going to cover this in a lot of depth in the next lesson.
QoS is designed to keep your network's bandwidth evenly distribute, and it's something we've previously covered. Basically, the idea is that certain users and/or applications may hog the bandwidth on your network and from your connection to the internet, but QoS will let you define rules to let you throttle users and services when they are using too much. This allows for the network to run more smoothly in general and can help the router from getting so bogged down that you need to manually restart it. QoS isn't available on all routers, but it's becoming more and more common. If you use custom firmware like DD-WRT it'll be there when you need it.
Administration and Status
Your router generally has two sections that go by the same name with pretty much every router on the market: Administration and Status. Administration is where you add a password to your router's admin section, choose whether or not the router admin pages can be accessed outside of your local network, and also accomplish tasks like settings backup and firmware upgrades. The Status section will give you information about your router, such as its current wide area network (WAN) IP address, the computers that are connected to it, and more. This is also where you can check your router's logs. Generally you won't need to spend much time in either of these sections, but knowing what they do and what's inside can be particularly helpful.
Various Router Services
Your router may have a section called Services, Tools, Advanced, or something that isn't particularly descriptive. This section will often let you set up things like a VPN, turn on advanced options like SSH, and enable or disable the system log (although you'll usually find that in the Status section, too). We'll cover these items more later, but if you're looking for anything that doesn't seem to fit in the available categories you'll generally find it in your Services/Tools/Advanced tab.
That's all for today. Our next lesson will concentrate on improving your network speed -- both wired and wireless -- and router performance, so be sure to check back tomorrow night for the next article!