If you are considering installing or buying a wireless router, please Submit a request first to see if RPI wireless can be made available.
Student run wireless routers or extenders are no longer allowed in residence halls as of June 2012. ResNET wireless policy
Before you Start
Before you start using a wireless access point, there are some facts you need to be aware of:
- Everyone can see your traffic unless you take protective measures.
- You can provide network access only to people associated with RPI.
- Access to the network cannot be less secure than what RPI provides.
- When you provide wireless service to others, you become responsible for everything they do.
- DotCIO has the final authority over channel selection and SSID assignments for the campus. If your unit causes a problem to campus services, we may require you to
- Change channel
- Change SSID
- Adjust the signal strength
- Discontinue service
If you need help completing any of the following steps, please contact the Help Desk by submitting a request. They are located in the central lobby of the VCC.
Before you start configuring the AirPort unit, make certain you connect it to the network correctly. There are two ways to do it:
- The cable that goes directly to the wall should be plugged into the WAN port. The LAN port would connect to a switch or hub to feed other wired connections in the room. NEVER connect the LAN port to the wall port. If you do, your wall port will be turned off. You will have to contact the Help Desk to have it restored which will take 2 to 3 business days normally.
- The cable from the wall port connects to a switch in your room. Then, connect the AirPort unit to the switch via the WAN port only. If you use the LAN, port your wall port will be turned off.
Start the configuration software. On an Apple or Windows machine, it is called "AirPort Admin Utility". Choose your base station to configure, then press "Configure". You may see multiple units to choose from. To figure out which is yours, compare the MAC address located on the bottom of the unit to those listed.
It may prompt you for a password. You will want to use the default password for your model. Try the following: "public" or "default" without the quotation marks. If neither works, check your documentation or the Apple website. When you connect, you should see the summary screen.
[Configuration screen for the Base Station showing the summary tab with the Public IP Address, how it is connected via Wireless]
There are several steps you will need to take to use the access point in a responsible fashion. Choose the AirPort tab to get started. In this example, we are going to assume your RCS userID is smithj2 and you live in Bray 107.
In the "Identity" box, there are 4 things to enter:
- Give the system a name. This name is what appears in the configuration utility.
- Provide a contact. Your email address is a good choice.
- Provide a location. This should include building and room
- Select ?Change Password?? It is not unheard of for students to takeover access points that don?t belong to them. So choose a good one.
In the WAN Privacy box, you can leave them all unchecked. If you have static IP for your AirPort, you would check the "Enable WAN Port. Configuration". Unless you are monitoring the unit from another location, there is no good reason to check "Enable SNMP Access". If you plug a printer into the USB port on the AirPort, you would check "Enable Remote Printer Access".
[Configure Base station screen with Identify completed with RCS username, RPI email address and location along with WAN Privacy and AirPort Network sections of the Configure Base Station menu]
In the "AirPort Network" box, there are several changes you should make. Choose a channel at random. Most systems choose 1 or 6 by default. Avoiding those may improve your performance.
Security Button: Encryption
Choose "Security". We require you to choose WPA2 Personal (AES). This is how you protect your privacy. If you don't enable some form of encryption, all your traffic goes in the clear. Given today's computer environment, someone will read your email, or raid your bank account. It is just be a matter of time. Cyber criminals are like car thieves, they will first steal the car that is unlocked or has the keys in it. Using encryption is like locking your car - it's not perfect, but it helps.
If you are providing wireless to several people, you can share the keys with them.
Create Closed Network Button
Another way to discourage the cyber criminal is to check the box "Create a closed network". This makes it harder to find your wireless network unless you know its name.
Network Name: a.k.a SSID
The network name in this case was "Apple Network 7d8704". We recommend changing it to something meaningful. The network name is also known as the SSID. If you don't use the closed network setting, this is what everyone sees as your wireless network. We recommend either your RCS userID or the building and room.
Mode: B, G or B/G
The "Mode:" will depend on your hardware. Whichever your wireless device supports is the one you should choose. B is slower than G.
[Configure Base Station screen showing the different options you can choose from the drop down for "Mode"]
Transmitter Power: Lower Is Better
The last thing on this screen to consider is the "Transmitter Power". If you only intend to cover your room, use a lower power setting. This will accomplish two things. First, your signal will not cause as much interference to other wireless users in the area. Second, people trying to listen to your traffic will have to get much closer.
[Configure Base Station screen showing a range of 10% - 100% you can choose from for the Transmitter Power]
Under the "Internet" tab is where you configure the WAN port. There are two basic cases. First is to let RPI's DHCP server give the unit all the information. That is what this screen shot shows.
[Configure Base Station screen showing under the Internet tab that Ethernet is selected for the connection and configured for DHCP}
In the second case, you have requested a static IP address from the RPI hostmaster. In that case, choose static ip in the "Configure" field. You will then need to fill in all the fields with the information the hostmaster sends you.
In both cases, the "WAN Ethernet Speed" should be set to auto or 10 half. Having the wrong speed set will reduce your performance drastically.
The "Network" tab is where you configure the address range used behind the AirPort unit. We recommend choosing a "Custom" setting. This makes tracking and solving problems much easier.
[Configure Base Station screen showing the drop down menu where you can choose "Custom" for your IP address under the "Network" tab]
The 10.X.X.X and 192.168.X.X range of addresses tend to be used by everyone. Using the 172.X.X.X range tends to makes you unique. Being unique makes problem solving easier. Try choosing your room number as a subnet number.
The "Maximum DHCP Clients" field shouldn't be large. If you only plan to allow 5 or 6 people to use your wireless, choose a number a little larger. The smaller the number, the better your performance.
DHCP Lease Field
The field "DHCP Lease" is how often the system refreshes the IP address you use. There are lots of theories over how to choose this number. If your machines move around a lot, shorter leases are better. If the machines never move, longer leases are better. One hour is a good compromise. If you find yourself running out of leases, try reducing the lease time before increasing the number of leases.
Port Mapping Tab
You should leave the "Port Mapping" tab empty.
If you are going to be running a web server or some other server, this is where you will need to make changes. When you run a server, you need to request a static IP from the hostmaster. You give that IP to the AirPort unit. Then you forward the ports used by the service to the server behind the AirPort. The server behind the AirPort must be configured with a static IP in the private IP space you choose earlier. Ask the Help Desk for assistance, if this doesn't make sense to you.
Access Control Tab: MAC Filtering
The "Access Control" tab is where you further secure your wireless network. Every computer that talks on a network has a unique number. This is called the Media Access Code (MAC). It is also called the Physical Adapter Address on some systems. By adding the MACs of the wireless computers you want on your network to this page, everyone else is blocked from using it.
You might ask why you need this, if you have already enabled encryption. There are two reasons. It is a good way to keep track of who is using your network. By adding a person's MAC and a description, you will know who is using your wireless. This way, if we ever contact you with a problem, you can figure out who is causing it. The second reason is so you can control access easily. Let's pretend your friend gives out the WEP key to his friends. If you only use encryption to control access, then they will now have access as well. With the MAC access enabled, all your friend's friends still couldn't use your wireless. The other choice would be to change the encryption keys for everyone.
[Configure Base Station screen showing Access Control tab where you can Add or remove specific clients you want to have access to your network]
When you click on the "Add..." button, it will ask you for the MAC and description you wish to add. The MAC address consists of 12 characters. They are zero thru nine and the letters "a" thru "f". In this example, we added Ken's desktop. If you need help finding the MAC of a device, call the Help Desk.
[Example shows MAC address as 0006257f83ec and the Description is "Ken's desktop"]
Here is what it should look like after adding two computers:
[Configure Base Station screen showing two clients Mac addresses and their description]
Leave the Authentication tab with the default value of "Not used".
[Configure Base Station screen showing Authentication Tab with the Radios field filled in as "Not used"]
Leave the WDS tab with the default values. You are not allowed to build a network between two locations. If you do, you are very likely to cause a network outage. If you need network in a different location, contact Network & Telecommunications. We will work with you to get networking to new locations.
You have only two steps left. Click on the "Update" button, so that the changes will take effect. Once the AirPort reboots, test whether it is working.
If you have problems connecting with wireless after the change, don't panic. You can still connect to the unit directly to try and figure out what is wrong. Assuming you are using a laptop with wireless, disable the wireless. Plug the AirPort unit into a switch using the LAN port. Your switch needs to be disconnected from RPI's network first. Now, plug the laptop into the switch using its wired port. The AirPort should give you an address. You can now use the configuration software over the wired connection.
Things to try now that you can configure the AirPort again.
- WPa-2 keys - are they the same on the laptop and AirPort
- The Network Name - watch out for spaces and typos
- The MACs you are filtering.
Disable each feature (encryption, closed network, MAC filtering) one at time and retest. You can always contact the Help Desk. They may ask you for the WAN and LAN MAC of the AirPort. Remember that they are located on the bottom of the unit.