Apple AirPort

Before you Start

Before you start using a wireless access point, there are some facts you need to be aware of:


If you need help completing any of the following steps, please contact the Help Desk. They can be reached at ext 7777 or via email to consult@rpi.edu. They are located in the central lobby of the VCC.


Cabling

Before you start configuring the AirPort unit, make certain you connect it to the network correctly. There are two ways to do it:

  1. The cable that goes directly to the wall should be plugged into the WAN port. The LAN port would connect to a switch or hub to feed other wired connections in the room. NEVER connect the LAN port to the wall port. If you do, your wall port will be turned off. You will have to contact the Help Desk to have it restored which will take 2 to3 business days normally.
  2. The cable from the wall port connects to a switch in your room. Then connect the AirPort unit to the switch via the WAN port only. If you use the LAN, port your wall port will be turned off.

Configuration Software

Start the configuration software. On an Apple or Windows machine, it is called “AirPort Admin Utility”. Choose your base station to configure, then press “Configure”. You may see multiple units to choose from. To figure out which is yours, compare the MAC address located on the bottom of the unit to those listed.

It may prompt you for a password. You will want to use the default password for your model. Try the following: “public” or “default” without the quotation marks. If neither works, check your documentation or the Apple website. When you connect, you should see the summary screen.

AirPort Tab

There are several steps you will need to take to use the access point in a responsible fashion. Choose the AirPort tab to get started. In this example, we are going to assume your RCS userID is smithj2 and you live in Bray 107.

In the “Identity” box, there are 4 things to enter:

In the WAN Privacy box, you can leave them all unchecked. If you have static IP for your AirPort, you would check the “Enable WAN Port. Configuration”. Unless you are monitoring the unit from another location, there is no good reason to check “Enable SNMP Access”. If you plug a printer into the USB port on the AirPort, you would check “Enable Remote Printer Access”.

In the “AirPort Network” box, there are several changes you should make. Choose a channel at random. Most systems choose 1 or 6 by default. Avoiding those may improve your performance.

Security Button: Encryption

Choose “Security…”. We recommend you choose “128 bit WEP” or “WPA for home/small office”. This is how you protect your privacy. If you don’t enable some form of encryption, all your traffic goes in the clear. Given today’s computer environment,  someone will read your email, or raid your bank account. It is just be a matter of time. Cyber criminals are like car thieves, they will first steal the car that is unlocked or has the keys in it. Using encryption is like locking your car - it’s not perfect, but it helps.

 

If you are providing wireless to several people, you can share the keys with them.

Create Closed Network Button

Another way to discourage the cyber criminal is to check the box “Create a closed network”. This makes it harder to find your wireless network unless you know its name.

Network Name: a.k.a SSID

The network name in this case was “Apple Network 7d8704”. We recommend changing it to something meaningful. The network name is also known as the SSID. If you don’t use the closed network setting, this is what everyone sees as your wireless network. We recommend either your RCS userID or the building and room.

Mode: B, G or B/G

The “Mode:” will depend on your hardware. Whichever your wireless device supports is the one you should choose. B is slower than G.

Transmitter Power: Lower Is Better

The last thing on this screen to consider is the “Transmitter Power”. If you only intend to cover your room, use a lower power setting. This will accomplish two things. First, your signal will not cause as much interference to other wireless users in the area. Second, people trying to listen to your traffic will have to get much closer.

Internet Tab

Under the “Internet” tab is where you configure the WAN port. There are two basic cases. First is to let RPI’s DHCP server give the unit all the information. That is what this screen shot shows.

In the second case, you have requested a static IP address from the RPI hostmaster. In that case, choose static ip in the “Configure” field. You will then need to fill in all the fields with the information the hostmaster sends you.

In both cases, the “WAN Ethernet Speed” should be set to auto or 10 half. Having the wrong speed set will reduce your performance drastically.

Network Tab

The “Network” tab is where you configure the address range used behind the AirPort unit. We recommend choosing a “Custom” setting. This makes tracking and solving problems much easier.

The 10.X.X.X and 192.168.X.X range of addresses tend to be used by everyone. Using the 172.X.X.X range tends to makes you unique. Being unique makes problem solving easier. Try choosing your room number as a subnet number.

The “Maximum DHCP Clients” field shouldn’t be large. If you only plan to allow 5 or 6 people to use your wireless, choose a number a little larger. The smaller the number, the better your performance.

DHCP Lease Field

The field “DHCP Lease” is how often the system refreshes the IP address you use. There are lots of theories over how to choose this number. If your machines move around a lot, shorter leases are better. If the machines never move, longer leases are better. One hour is a good compromise. If you find yourself running out of leases, try reducing the lease time before increasing the number of leases.

Port Mapping Tab

You should leave the “Port Mapping” tab empty.

If you are going to running a web server or some other server, this is where you will need to make changes. When you run a server, you need to request a static IP from the hostmaster. You give that IP to the AirPort unit. Then you forward the ports used by the service to the server behind the AirPort. The server behind the AirPort must be configured with a static IP in the private IP space you choose earlier. Ask the Help Desk for assistance, if this doesn’t make sense to you.

Access Control Tab: MAC Filtering

The “Access Control” tab is where you further secure your wireless network. Every computer that talks on a network has a unique number. This is called the Media Access Code (MAC). It is also called the Physical Adapter Address on some systems. By adding the MACs of the wireless computers you want on your network to this page everyone else is blocked from using it.

You might ask why you need this, if you have already enabled encryption. There are two reasons. It is a good way to keep track of who is using your network. By adding a person’s MAC and a description, you will know who is using your wireless. This way, if we ever contact you with a problem, you can figure out who is causing it. The second reason is so you can control access easily. Let’s pretend your friend gives out the WEP key to his friends. If you only use encryption to control access, then they will now have access as well. With the MAC access enabled, all your friend’s friends still couldn’t use your wireless. The other choice would be to change the encryption keys for everyone.

Add Button

When you click on the “Add…” button, it will ask you for the MAC and description you wish to add. The MAC address consists of 12 characters. They are zero thru nine and the letters “a” thru “f”. In this example, we added Ken’s desktop. If you need help finding the MAC of a device, call the Help Desk.

Here is what it should look like after adding two computers:

Authentication Tab

Leave the Authentication tab with the default value of “Not used”.

WDS Tab

Leave the WDS tab with the default values. You are not allowed to build a network between two locations. If you do, you are very likely to cause a network outage. If you need network in a different location, contact Network & Telecommunications. We will work with you to get networking to new locations.

Final Steps:

You have only two steps left. Click on the “Update” button so that the changes will take effect. Once the AirPort reboots, test whether it is working.

Troubleshooting

If you have problems connecting with wireless after the change, don’t panic. You can still connect to the unit directly to try and figure out what is wrong. Assuming you are using a laptop with wireless, disable the wireless. Plug the AirPort unit into a switch using the LAN port. Your switch needs to be disconnected from RPI’s network first. Now, plug the laptop into the switch using its wired port. The AirPort should give you an address. You can now use the configuration software over the wired connection.

Things to try now that you can configure the AirPort again.

Disable each feature (encryption, closed network, MAC filtering) one at time and retest. You can always contact the Help Desk. They may ask you for the WAN and LAN MAC of the AirPort. Remember that they are located on the bottom of the unit.