Information & News: Wireless in the residences: What to buy and how to configure it

If you do not have wireless access in your residence and would like to add it yourself, you can purchase and install your own wireless access point (WAP) to act as a bridge between the wired and wireless networks. Included below are some general purchasing recommendations as well as configuration instructions for proper installation of your WAP so that it happily coexists with the rest of the residential network and adheres to the Acceptable Use Policy. Note: these are general recommendations and configuration instructions for installation of any WAP in the residences. However, they are intended for residents who are looking to install WAPs in their rooms. If you and/or your house would like to install a WAP in the common areas of your residence (the lounge, cluster, etc.) for communal use, you should contact your RCC. What to buy We recommend that your purchase an 802.11b or 802.11g wireless access point (WAP) to act as a bridge between the wired and wireless networks. Nowadays, you can buy a 802.11b/g WAP of any brand for around $100 or less from any major vendor. When purchasing a WAP, you should consider two important points: Access point versus router. Many wireless access points available include routers. A router is a device that connects at least two networks together (such as your residence's local network and the larger University network) and decides where data packets should be sent-- "routing." While this may be useful for some people who are running wireless LANs in their own homes or offices, you do not need this feature in your WAP. WAPs with routers are actually more expensive and in the end, can be quite problematic for the residence network (more on this in the configuration instructions below). Better would be to buy something actually sold as a "Wireless Access Point" or a "Wireless Bridge." b versus g. The residence wireless pilot project as well as wireless access provided by ITSS uses the most common implementation of wireless LAN technology, the IEEE 802.11b standard. The newer IEEE 802.11g standard was ratified in June 2003 and delivers faster network speed (54 mbps versus 11 mbps with 802.11b). If you are interested in investing in this newer technology, you can pay a little bit more and purchase a 802.11g access point. 802.11g is compliant with the 802.11b standard, allowing 802.11b cards to be used on 802.11g networks and vice versa. Regardless of which type you purchase, be sure to follow the configuration instructions below. While any 802.11b/g WAP should work, we have had the most success with NetGear and Cisco (although the latter is more expensive). Return to top How to configure it Here are some basic instructions on how to correctly configure your WAP. Not all of these options are available on all WAPs and you should consult your manual to see what features are available on your WAP and how to configure its settings in general. Registering your WAP Make sure you check "Yes" when registering your computer when asked if you have a wireless access point/router. Although most do not, if your WAP needs its own IP address, you can include its hardware Ethernet address in your registration. (Either include this information when registering your computer or return to the registration forms and update your existing registration.) SSID The SSID (service set identifier) is the name of the wireless network created by a WAP and is broadcast to everyone within range. You can set your SSID to whatever you want, but please do NOT begin your SSID with "Stanford" (without the quotes). That is the default prefix for the official University network. Using such a SSID can cause confusion as your neighbors might try to connect to your WAP, and expect a certain standard of performance and oversight. If you choose to set up your WAP as a bridge without restrictions so your neighbors can use it as well, please choose a SSID beginning with "Student" (without the quotes and obviously not in bold). If you restrict access to your WAP, please choose a SSID starting with something else. Most wireless network connection software is capable of regularly checking for a number of different SSIDs in a particular order to gain a connection. Playing nice with the network Your WAP may come out of the box with NAT and DHCP turned on. Turn off NAT and DHCP immediately. Routers, DHCP servers and NAT servers are not allowed on the network because they violate numerous points in the acceptable use policy and when misconfigured, can bring down the network for entire buildings. Securing your WAP All WAPs have a default password that allows you to access the configuration program. You should reset this password as soon as possible-- default passwords are often well-known and someone could easily reset your configuration, including your password (locking you out of your own WAP). Securing your data The wireless network is less secure since it is not a switched environment (as opposed to the wired network). On the wired network, only traffic meant for your computer goes to your computer. On the wireless network, traffic is broadcast into the air and your computer has to pick off traffic meant for itself, making the nature of the network less secure. WEP (wired equivalent privacy) is the standard way to encrypt your wireless data. When enabling WEP, you should use 128-bit encryption if available-- in general, the higher the better. Unfortunately, while some WEP is better than no WEP, it is not foolproof and somebody monitoring your traffic long enough can figure out your key and decrypt your data. For the best security when sending sensitive data over the network, you should continue to rely on encryption methods that are equally secure on and used on both the wired and wireless networks, such as SSL or how MacLeland, PCLeland or Web authentication encrypts your username and password when you login. Unfortunately all wireless encryption schemes currently rely upon passwords, so if you plan set up your WAP as a bridge so your neighbors can use it as well, you will need to forgo encryption. You will not be alone however - the main university provided wireless networks do not use encryption, as most sensitive traffic is already encrypted by the application. Restricting who can use/connect to the wireless network. If you are setting up a WAP in your room, you might want to restrict who can use/connect to it, such as your roommate(s), friends, etc. There are two ways you can do this: WEP. As explained above, WEP is the standard way to encrypt your wireless data. In addition to this, only people with the correct WEP key can connect to your WAP. This method of access restriction is available on all WAPs. MAC (Ethernet) address filtering. When you request an in-room network connection on the wired network, you provide us with your MAC (Ethernet or hardware) address. Only known MAC addresses are allowed to connect to the network. In the same way, some WAPs have an additional feature that only let a predefined list of MAC addresses connect. If you do not know your MAC address, you can use the instructions provided in the In-Room Connections Step-by-Step Guide. Return to top

Setting up your own WAP: What to buy and how to configure it Useful links: Wireless Locations at Stanford Wireless Access in SULAIR In-Room Connection Forms ITSS Wireless Website IEEE Standards Wireless Zone Partners: Academic Computing Networking Systems Donors: 3Com Cisco Questions? Comments? Email wireless@rescomp.stanford.edu.