With all the talk about security and deployment problems with wireless access points (WAPs), the thought of adding a WAP to your network may send your blood pressure rising. WAPs are supposed to make it easier for users to get their work done, but they invariably add to the network administrator’s workload. Fortunately, deploying WAPs needn’t be stressful. SMC’s EZ Connect Wireless Access Point lets you quickly set up and secure a WAP on your network.
For the purposes of this Daily Feature, I’m going to discuss the SMC EZ Connect Wireless Access Point, model number SMC2655W. This is a basic 802.11b WAP that can connect users using any 802.11b compliant device. To test this WAP, I used ViewSonic’s V1000 Tablet PC with its integrated Intel 802.11b networking card.
Setting up the WAP
SMC has stripped the EZ Connect right down to the basics. There are no firewalls to worry about, nor any other switches or wired ports. This lack of additional features make the WAP easy to set up and administer, but it can raise the final cost if you need some of these features because you’ll have to buy them separately.
WAPs don’t get much easier to set up than SMC’s EZ Connect. All you have to do is plug the WAP in and connect it to your network. Like a workstation, the WAP can either connect directly to a wired switch or a patch panel, so long as the panel is patched to a hub or switch.
According to SMC’s specifications, the EZ Connect can connect users up to a distance of 1,800 ft. As with most things, your mileage will vary. The actual distance and speed you’ll get will depend on how you deploy the WAP.
During my testing, I couldn’t effectively connect the Tablet PC to the WAP at distances over 100 ft, but that’s because the WAP was set up on a desk, not placed in a high location like SMC recommends. In addition, the offices at my workplace use metal studs, which can block radio signals. Therefore, any distance problems weren’t the unit’s fault.
In addition to placing the WAP in a high location, SMC recommends that you orient the dual antennas for maximum coverage. One antenna should be vertical, while the other should be laid horizontally.
Using the EZ Connect Wireless AP Manager
Once you’ve plugged the WAP in, you can configure it by using SMC’s EZ Connect Wireless AP Manager. You’ll find the utility on the floppy disk that comes with the WAP. To install the Manager, open a command prompt on your administration workstation and run Setup from the Utility directory on the floppy.
Running Setup is just as easy as physically hooking up the WAP. You won’t find any surprises; Setup runs just like every other Windows installation wizard you’ve ever run. Follow the steps in the wizard, clicking Next and making your choices along the way.
After you’ve installed the Manager, you’re ready to configure the WAP. Click Start | Programs | EZ Connect Wireless AP Manager | EZ Connect Wireless AP Manager. When the Manager starts, it will start scanning your network for your EZ Connect WAP.
Don’t panic if the Manager doesn’t see your WAP initially. It’s also not a problem if you see the WAP in the Manager but get an error when you first connect to it. As you can see in the IP Address field, the WAP starts off with a default TCP/IP address of 22.214.171.124. If this addressing scheme conflicts with your network’s addressing scheme, your administration workstation can’t connect to the WAP.
To fix this problem, just temporarily readdress the administration workstation’s TCP/IP address to match the WAP’s scheme. For example, you may want to change the administration workstation’s address to 192.168.0.1. When you do, the Manager will successfully connect to the WAP.
To connect to the WAP, select it from the Manager and click the Connect button. You’ll then see the Input Password screen. Type the default password, MiniAP, in the password field. When the connection is successful, you’ll see Connected in the State column.
The first thing you should do is to change the default password (MiniAP). To do so, select Change Password from the Command menu. When the Password Configuration window appears, enter the new password and click OK.
The next thing you should do is to change the WAP’s TCP/IP addressing scheme to match your networks. To do so, select Change AP from the Command menu. You’ll then see the AP Setting menu.
The WAP can use DHCP if you have a DHCP server on your network. You can enable DHCP by selecting Enabled from the DHCP Client drop-down list box. Even if the list box shows Enabled, your WAP may still have the default 192.168.0.254 address. Select Disabled and set an address that matches your network’s scheme. Then click Save.
When you do, the WAP will reset with the new address. You’ll need to exit the Manager and reconfigure your administration workstation back to its old TCP/IP Address. You can then reconnect to the WAP using the Manager and complete your configuration. Don’t forget to enter your new password rather than the default one of MiniAP.
Securing the WAP
When you again connect to the WAP, you can configure it for security.
Secure your WLAN
For a complete understanding of how to secure your wireless network, see the Daily Drill Down “Design a secure wireless LAN.” You can use those tools to secure your WAP here.
Begin by setting an SSID for your WAP. All of the WAPs in your network should share the same SSID. Likewise, you’ll need to set this SSID on any devices that will connect to the WAP. To do so, enter a value in the SSID field. This can be any alphanumeric value. Along with setting an SSID, you should remove the check from the Accept Any SSID field. This will prevent the WAP from accepting devices that don’t have the proper SSID.
Next, set a unique channel for the WAP. In the U.S., the WAP can run off any of 11 different channels. To avoid interference, try to set one that’s different from any channels that already exist in your area.
An important part of security in a wireless network is WEP (Wired Equivalent Privacy). Even though WEP gets a lot of criticism for not being truly secure, it’s certainly better than nothing. To set WEP, click Encryption.
When the Encryption Setting screen appears, select 128 Bits from the Encryption (WEP) drop-down list box. However, you should only do this if your wireless devices can support 128-bit encryption, so check your devices first. You may be forced to use 64-bit encryption or, worse, no encryption at all.
To set the password, select Create With Passphrase and enter a passphrase in the Passphrase field. Manager will hash the passphrase and create a WEP key. You can then reuse this passphrase on wireless devices to rehash the matching key without having to write down the 26-character key.
If you have existing WAPs in your organization, you can manually enter the key by selecting Manual Entry and carefully typing in the key in the fields provided. As you may have noted when you used the passphrase, you’ll be temporarily able to see the resulting 26-character key in the Manual Entry fields. You may want to write this key down. Some wireless devices won’t properly hash the passphrase to create a matching key, so you’ll need to manually enter it on those devices. This was a particular problem on the ViewSonic Tablet PC.
After you’ve set WEP encryption and entered the other security information, you can close Manager. The WAP will reset, and you’ll be able to connect to it from your wireless devices.
Less wire, less hassle
Setting up a wireless access point for your network needn’t be a stressful event. Manufacturers are making it easy to deploy WAPs with units like the EZ Connect Wireless Access Point. Just make sure you take the time to properly configure and secure your access point, and you’ll have your users wandering around wirelessly with ease.