Setting Up A Personal Wireless Connnection
The main question to answer when shopping for wireless networking equipment is, “Do I need an access point or a router?” For most residents who need personal wireless access, a wireless access point is best. Access points are great because, when properly configured, they enable secure access to the network port. This means wireless access can be safely shared with friends: if one of them uses their wireless access to violate university policy or break a law, you won't be responsible.
For those with multiple wireless devices - for example, iPhones and gaming consoles - a router may be a more convenient option because it gives you the convenience of registering the hardware address of just the router instead of all the attaching wireless devices. Just remember that routers hide the identity of anyone connecting to them, so exercise caution if you decide to share your access with others.
Below is an overview of the necessary steps set up a WAP or router. We will first talk about the steps common to both routers and access points, and then outline additional requirements for each type. For more detailed instructions consult your product’s documentation. While these devices may differ from your own, for illustrative purposes please see the sample instructions for a D-Link Access Point (pdf) or LinkSys Router (pdf).
Common Setup Steps for Wireless Access Points and Routers
- Change the Default Password
All access points come with a default password that lets you get into the administrative program for the device. These default passwords are well known so it is important to change them, since otherwise, a hacker could easily gain access to your WAP and modify or turn off the security settings, or even lock you out of your own device! We recommend creating an alphanumeric password of at least 10 characters.
- Change the SSID
The SSID (Server Set ID) is the name of your wireless device, and it is broadcast for everyone to see. Change your SSID from the default to an alphanumeric name. Many access points and routers allow you to disable the broadcast of the SSID making them harder for hackers to find and locate.
- Enable Ethernet MAC Address Filtering
For added security, you can limit which wireless devices can talk to your access point. Enable MAC address filtering and now only the MAC addresses of devices you add to the allow list will be able to connect and authenticate with your access point. All others devices will be blocked out. Find the MAC address of your wireless Ethernet card in your computer, add it to the allow list, and you are good to go.
- Enable Encryption
By default, your WAP sends all of its transmissions without any encryption making it easy for hackers to listen in on your connection and also allowing them to connect to your access point or router. Since you are responsible for any traffic through your WAP, encryption is a primary means of limiting and protecting your network access. The newest standard is WPA2-PSK (Wi-Fi Protected Access Pre-Shared Key) and as long as you have newer equipment, this standard should be supported. If not, WPA-PSK is a good alternative. This should not be necessary, but as a last resort, use the now outdated WEP (Wired Equivalent Protection). While it can be easily hacked by those with the knowledge, it is still much better than having no encryption at all.
Additional Requirements for Wireless Access Points
If you are configuring a wireless access point, you now need to finish up by following these two steps.
- Disable the DHCP Server
Some access points come with a DHCP server. This service assigns network addresses to devices as they connect. If you turn this off, then anyone connecting to your access point or router will have to talk with the campus DHCP server and have their wireless Ethernet card registered with campus. Thus, when the campus DHCP server assigns them an IP address, there will be a record of who connected to through your wireless network and they then can be held accountable for anything they do through your wireless connection.
- Register your Wireless Ethernet Card with Campus
Along with Disabling the DHCP server in the step above, you will need to register your wireless card’s hardware address (AKA MAC or physical address) so that when you connect to your WAP, the campus DHCP server will know you are a valid user and assign you an IP address. Just go to computingaccounts.ucdavis.edu and Register your Ethernet Wireless Card just like you did for your Wired Ethernet connection before. If you are sharing your access with others, then they will also need to register their wireless card’s hardware address to gain access to your wireless network.
Additional Requirements for Routers
If you are configuring a wireless router, you have only one last step.
- Register the hardware address of your router
This MAC address is probably printed somewhere directly on the router. Just go to computingaccounts.ucdavis.edu and Register your router just like you did for your Wired Ethernet connection before for resnet.
If you have any questions about how to setup your wireless system or would like someone to help you so that you know you are secure, please come to our Residential Computing Assistants' office hours.