Simple Wireless Setup
You need the following Microsoft Broadband Networking products to set up a wireless network:
•
Microsoft Wireless Base Station MN-500 (Microsoft calls their router or gateway a base station)
•
Wireless USB Adapter MN-510 for desktop computers
•
Wireless Notebook Adapter MN-520 for laptops
The setup software included with the Microsoft Broadband Networking products takes the pain out of creating a wireless network from scratch. You'll use the Microsoft Broadband Networking Setup Wizard to make the transition from a single computer connected to the Internet to a functional and secure network. There is one important rule you need to follow: Don't set up, plug in, or connect any of the hardware before you run the software CD. Let the installation and configuration software do the driving and the following steps will be performed:
1.
Insert the CD, which will automatically install the Broadband Networking Utility, and then start the Setup Wizard.
2.
Select Base Station as the first device, and follow the prompts while the wizard analyzes and transfers your current settings.
3.
Configure security.
4.
Set up client computers.
As outlined above, the next step after installing the Broadband Networking utility software will be to connect and configure the base station using the wired Ethernet connection on your computer. This is extremely smart software. You'll then be prompted to specify a password, and then the software reads your existing connection information and uses it to specify settings on the base station. You'll be prompted to supply additional information as necessary. A series of wizard screens performs the configuration of the wireless station name, which is called Service Set Identifier (SSID), and Wired Equivalent Privacy (WEP) settings.
When the base station setup is complete, you'll be prompted to insert a floppy disk (conveniently supplied as part of the package) and the settings will be saved to it. You can optionally elect to write down the settings as an alternative to using the disk. Next, you'll set up your wireless adapters, using the same software wizard. It's fast and convenient and if you've used the disk, it's really effortless to get a wireless network up and running.
Note: The Microsoft Wireless Base Station MN-500 includes many powerful features that can be customized to suit your needs. Parents can limit Internet browsing times for children. You can specify a computer to place in the Virtual Demilitarized Zone (DMZ) required for some games, view the Base Station log, and more. I've found it very handy to download and keep an electronic PDF version of the Base Station User Guide for quick reference.
Top of pageTop of page
Using the Broadband Networking Utility
The Broadband Networking Utility allows fast access to multiple management functions. After you've installed it, the utility starts when you start Windows XP and places an icon in the Windows taskbar. Place your mouse over the BBN icon and a tool tip gives you a mini-view of your network status, displaying the wireless network name, signal strength, connection speed, and workgroup name, as shown in Figure 1.
Figure 1
Figure 1
•
Right-click the icon in the notification area, and then click Options. Here you can choose to hide or show the icon on the taskbar and automatically check for software updates. You can also change the frequency at which the Internet connection status is updated (every 15 minutes by default).
•
Right-click the BBN icon again, and then click Open Broadband Network Utility. The Network Status is automatically displayed, showing a complete map of your network, all connected devices, and the health of the internal LAN connection and the external Internet connection.
I've got a large home network by residential standards. While I can browse My Network Places in Windows XP to see and access shared drives and printers, I often want an overview of my network to see what's up and running. A wealth of information is displayed for me when I access Network Status. If your network isn't working, the BBN utility will graphically show you what part of the connection is not functioning.
My network includes two Windows XP-based computers, a Macintosh PowerBook with an 802.11b Airport card, a wireless security camera (that I discussed in Adding a Wireless Internet Camera), and a wireless print server. The Mac and the camera are compatible with the MN-500 wireless base station because they are 802.11b certified. Depending on where in my home I use my Xbox, I either wire it to one of the Ethernet ports or I connect a DLink 802.11b DWL-810 Wireless to Ethernet bridge, which works extremely well with my MN-500 base station. Figure 2 shows my network status.
Figure 2
Figure 2
•
TESTXP shows the connection status of the computer I'm using and the IP assigned to the computer with an indicator confirming that file sharing is enabled.
•
Home gives me an overview of my wireless network. The workgroup name, the wireless SSID, the channel currently in use, and the status of encryption are listed. The Gateway address is the IP address assigned to the router. (The MN-500 ships with 192.168.2.1 as the default, but I changed this to 192.168.1.1, because I was replacing an older router that was configured with this address.)
•
Your Internet Connection shows the status of the connection to the Internet.
•
Other Network Devices lists connected devices whether wired or wireless. If a large number of devices are connected, you can scroll to view details. Note that you cannot access the listed computers or devices by clicking their icons.
You can make changes to your network settings by using the Tools menu. From the Tools menu, click Computer Settings. In the Computer Settings dialog box, the Network Adapter tab displays the address type, the current IP address of the computer you're using, and the IP of the default gateway. (The default gateway is the internal IP address of your MS Wireless Base Station).
Figure 3
Figure 3
Note:If you decide to modify settings, the Wireless tab and the Wireless Security tab of the Network Utility should not be used if you're running Windows XP. These tabs are available for computers running other supported operating systems. All versions of Windows XP ship with powerful wireless configuration tools. You need to use the built-in Windows XP Wireless Zero Configuration when making changes to your wireless configuration. To do this, right-click the network connection icon in the taskbar notification area (not the BBN icon), and then click View Available Wireless Networks. The Wireless Network Connection dialog box opens, as shown in Figure 4.
Figure 4
Figure 4
All in-range wireless networks will be displayed in the Wireless Network Connection dialog box. Select your network, then enter and confirm the network key (WEP key). Do not enable IEEE 802.1x authentication.
From the Tools menu, click Base Station Management Tool to open the Web interface built into the MN-500 Wireless Base Station. Using a simplified Web page displayed in Internet Explorer, you log on with the password you specified during setup and view and configure additional features or changes to your base station. You can access this Web interface in an alternative way by typing the address of the base station into your browser. The default address is http://192.168.2.1.
The Help menu has a convenient feature that lets you check for updates to your firmware, drivers, and software. By default, the utility is configured to check for updates automatically. If you elect to turn off automatic updating (not recommended), this feature provides an alternative method to check for updates.
Top of pageTop of page
Wi-Fi Certified for Interoperability
Microsoft Broadband Networking hardware is certified to be Wi-Fi compliant by the Wi-Fi Alliance board (previously called WECA), which warrants that it will be interoperable with Wi-Fi certified products from other vendors. This means that the Microsoft Broadband Networking hardware will work automatically with similarly certified equipment from all other vendors, including 802.11b wireless adapters built into many new laptops, including Apple Airport-enabled Macintosh computers. You'll also be able to use your Microsoft Wireless Notebook Adapter on the road at airports and hotels that offer wireless connectivity.
Top of pageTop of page
UPnP Certified Hardware
I've previously written about Windows Messenger voice and video capabilities on Windows XP operating systems and highlighted the requirement for UPnP behind a router that performs network address translation (NAT). Microsoft's new Wireless Base Station is also fully Universal Plug and Play (UPnP) certified.
Using Windows Messenger voice and video with the MN-500 wireless base station is a breeze. You'll need to manually forward ports to use file transfer with the MN-500 (as with any router) If you're using the new MSN Messenger 5 (a different product that can co-exist with Windows Messenger on Windows XP), file transfers are UPnP-enabled as well. The wireless base station will dynamically open a port and redirect the file transfer to the proper computer when MSN Messenger 5 is used.
If you're an Xbox Live user (or about to become one), the MN-500 Wireless Base Station should be on your shopping list. It's one of the few residential gateway devices tested and certified to work with the new Xbox Live service.
Top of pageTop of page
How to Make Wireless Networks More Secure
It's amazing how many unprotected access points can be found in the United States. And this number grows as more consumers purchase and install wireless equipment. I wrote about Securing Residential and SOHO Wireless LANS over a year ago. The reasons for security and the solutions I documented there are still valid. And it's much simpler to employ these measures now because Microsoft's smart software walks you through the proper steps during initial setup.
The Microsoft Broadband Networking Setup Wizard enforces the use of WEP for wireless security. This is not the case at present with equipment available from other vendors. This is a great feature because most people do not understand the need for security and conclude that the other vendors don't turn it on by default because it is an extra feature.
Although the Wi-Fi Alliance recently announced a new security protocol called Wi-Fi Protected Access (WPA) that has been ratified as the replacement for WEP, the truth is that 128-bit WEP still provides strong protection for the residential user. Microsoft offers security reinforcement by adding additional types of protection such as a built-in hardware firewall that offers stateful packet inspection (SPI), in additional to the native protection offered by NAT, protects your network from Internet attacks. Here is a list of some of the attacks that are handled by this type of firewall:
•
IP spoofing
•
Land attack
•
Ping of death
•
IP with zero length
•
Smurf attack
•
UDP port loopback
•
Snork attack
•
TSP null scan
•
TCP SYN flooding
Top of pageTop of page
Replacing a Router for Power Users
If you're experienced in the world of routers and wireless security, and you don't want to run software wizards, the Microsoft MN-500 can be setup manually. I do recommend installing the Broadband Networking Utility. (As you view these steps, it should become extremely clear why a wizard setup was so desperately needed for those new to the world of networking and wireless.)
First, you'll need the settings from your existing router. Rather than write down the settings or use Notepad, I've discovered that a great way to do this:
1.
Open the management page on the existing router.
2.
Press Alt + PrtScn to copy to the Clipboard.
3.
Open Windows Paint, and on the Edit menu, click Paste, and save the image to your desktop, as shown in Figure 5.
Figure 5
Figure 5
4.
If the existing router works with your provider, that information can be transferred to your new MN-500 base station.
After you've saved these important settings, unplug your computer from the existing router. If you are also installing a Microsoft Wireless Notebook or USB adapter, here's one version of a power user's setup:
1.
If your existing connection is not configured to use DHCP, re-configure your existing network adapter for DHCP.
2.
Insert the supplied CD in your CD driver, but press and hold the Shift key to prevent the CD from auto running.
3.
Use Windows Explorer to find MSBN.exe and double-click to start the install of the BBN utility. After the utility is installed, close the installer window. Leave the CD in the drive.
4.
Plug in the Base Station to a power source. Don't connect it to your cable or DSL modem yet.
5.
Use the supplied blue cable and connect your computer to Port #2 on the router.
6.
Open Internet Explorer and navigate to http://192.168.2.1 and use the password admin if needed. Click the Management tab, and then change the password to a strong password that you can remember.
7.
On the Local Area Network tab, change the IP address to match that of your existing router. Optionally specify the range of IP addresses that will be served to connected computers. I changed the least time to two weeks for computers connected to my MN-500.
8.
Reset or power cycle the base station and release and renew the adapter on the connected computer.
9.
Log on to the base station by using Internet Explorer and typing its new address, and use your new password.
10.
Click the Wide Area Network tab. You can now transfer the settings from your old router, including its MAC address, to the MN-500. Don't click the Clone Mac Address as this will pull the MAC address of your network card. If you're replacing an existing router, you need the MAC address of that router.
11.
Click the Wireless tab and specify a new name for the wireless network name. Don't leave this set on the default MSHOME name. The name is case sensitive. You can optionally specify a different channel: 1, 6, and 11 are non-overlapping channels. Normally, you only need to change channels if there are other wireless networks or 2.4 GHz devices that interfere with your wireless connectivity.
12.
On the Security tab, select Wireless Security. Click Enable Wireless Security.
13.
Select 128-bit security from the list and create a random key of 26 characters using the letters a through f and the numbers 0 through 9. (If you are also replacing an existing stand-alone wireless access point, you can use an existing key in Hex format.)
14.
Highlight the key you just created and copy it to the Clipboard. Open Notepad and paste the key into it. Click Apply, and on the Management tab, click Reset, then click the Reset button on the page that opens next.
Now you're ready to install the wireless adapter:
1.
Insert the wireless notebook card (or attach the wireless USB adapter).
2.
Windows will find and install the drivers needed for your wireless adapter.
3.
When installation is complete, the Windows XP View available wireless networks interface (see figure 4) will allow you to select your wireless network. Copy the WEP key from Notepad to the Network Key field and Confirm it.
All that remains is to swap the MN-500 for the router you are replacing. Because you've transferred the settings from an existing router to the new base station, everything should just work. You should power cycle your cable or DSL modem to complete the process.
For even more security, I've enabled MAC address filtering on the MN-500 for both the wired and wireless clients and specified the clients that can associate to the wireless network.
Top of pageTop of page
Persistent Port Forwarding
I often find that I need to access something on a computer on my home network when I'm many miles away. The combination of Port Forwarding and Windows XP lets me extend my network to almost any location.
I recently attended the official launch of Windows XP Media Center Edition in NYC and was able to work on the column you are now reading using the Remote Desktop feature in Windows XP. Before I left home, I set up the MN-500 to forward port 3389 (the default port used for the Remote Desktop Protocol or RDP) to a computer that I left running on my home network. From the Base Station Management Tool, I selected Security, Port Forwarding, and Persistent Port Forwarding and selected the Enable check box.
Note that in this case the setting for the inbound and outbound port are identical (3389). Many business networks block 3389, making it a little more difficult to use Remote Desktop. You'll need to find a different port (I use 8000) and enter that in the Inbound port field. Leave the private port as 3389. You'll need to configure this before you leave home and you'll need to set up the computer to allow incoming Remote Desktop connections. After proper configuration, from your remote location, you can access the home computer by starting remote desktop and specifying the IP address the ISP has served to your base station and the port number, in the format 111.222.333.444:8000.
Note: Because of security risks, the MN-500 does not have a built in remote management feature. While other vendors include a switch to turn on some form of direct remote management of the hardware using only password protection, Microsoft has not included this feature due to the security risk. The figure below shows how I set up the base station for Persistent Port Forwarding when I'm using Remote Desktop to manage my MN-500. By nature, the Remote Desktop Protocol in Windows XP is secure and encrypted, and it provides a safe way to mange the MN-500 remotely.
Figure 6