Securing new wireless connection

Soldato
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
Currently got two machines connected via a wired router, have now added a wireless access point to allow a laptop to join the network.

At the moment it's open, and I assume anyone within range can sneak in so I need to do something about it. Using the laptop, I've found the Network Authentication settings which are set to Open at the mo. Further options are Shared, WPA or WPA-PSK. Which of these would be best to use? Can I set it so the laptop user just needs to enter a password to get on the network, and the two wired computers connect as normal?

This networking stuff usually goes over my head pretty quickly so keep it simple if you can, thanks!
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
Big Chris said:
Can I set it so the laptop user just needs to enter a password to get on the network, and the two wired computers connect as normal?

The WPA PSK is about as close to a password as you're going to get, though the laptop should store it once it's been entered (for one, because it should ideally be close to the maximum size you can use).
The wired machines don't see any difference, it's purely between the wireless device(s).
 
Soldato
OP
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
Hmmmm... having a little trouble.

I went to the wireless connection settings on the laptop, and under Network Authentication selected WPA-PSK, which then gave two options for encryption: TKIP and AES. I entered and confirmed an alpha-numeric password (13 characters total) and OK'd the settings. This knocked the laptop offline immediately and the status said that it was unable to connect to the wireless network, and IE would not load. A box appeared offering to troubleshoot, then gave the option to connect again which I did, but it told me the connection was unsecured.

I rebooted the machine to see what would happen and it connected straight away to the network, allowing IE to load web pages. I checked the settings again and everything had reverted, back to Open with no encryption. I went through the whole process again and exactly the same happened.

Any idea where I'm going wrong?
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
Big Chris said:
I went to the wireless connection settings on the laptop, and under Network Authentication selected WPA-PSK, which then gave two options for encryption: TKIP and AES. I entered and confirmed an alpha-numeric password (13 characters total) and OK'd the settings. This knocked the laptop offline immediately and the status said that it was unable to connect to the wireless network

That's normal. You should've been required to enter the PSK on the laptop though.

I rebooted the machine to see what would happen and it connected straight away to the network, allowing IE to load web pages. I checked the settings again and everything had reverted, back to Open with no encryption. I went through the whole process again and exactly the same happened.

The settings weren't saved?
 
Soldato
OP
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
There was no option to save/apply any changes within the network settings, which I did think was a little odd, but when I OK'd it knocked the laptop offline so I assumed it had worked. No password was requested when trying to reconnect either.
 
Soldato
OP
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
Ok, I'm getting a little lost here.

I thought I was supposed to be making these changes on the wirelessly connected laptop, and not in the wired router config page? I only want the wireless laptop to have to enter a password, the two machines connected via the wired router should continue as normal.

I'm looking in the network connection properties on the laptop, which is where it mentions the methods of Network Authentication. Is there anywhere else I should be looking to set a password? I thought it was pretty straight forward but it doesn't give me the option to apply any changes I made, and the laptop is still not prompted for a password at any stage having rebooted.

I'm using:

Linksys BEFSR41 wired cable router (two machines connect through this)
Linksys WAP54G wireless access point (one machine connects through this)
 
Last edited:
Soldato
Joined
7 May 2003
Posts
4,247
Location
Away from here
You need to make the changes on the WAP54G and to the laptop. Just changing the laptop will (as you've seen), not work. The reason you're not being prompted for the PSK on the laptop is that the WAP54G isn't set to require one to allow clients to connect.

Easiest way is to open the web management page for the WAP54G on one of the wired machines, go to the wireless settings, enable WPA-PSK and enter a nice long preshared key. Apply the changes. The laptop will drop the wireless connection at this point as it doesn't have the PSK yet.

Tell the laptop to scan for networks, it should find your network and prompt you for the encryption key, enter the PSK you entered into the WAP54G and you should be back up and running. I think you can either save the PSK or be asked for it each time the laptop tries to connect.

This won't affect the wired PCs in the slighest.
 
Soldato
OP
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
Thanks a lot Burbleflop, you and Tolien have been very helpful (and patient!).

What does preshared key (PSK?) mean though, just a password?

And lastly, will the WAP54G have it's own IP address, I just use 192.168.1.1 to get into the wired router config, not sure about the wireless one though?

Thanks again guys, I owe a few beers at least when all this is done :).
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
Big Chris said:
What does preshared key (PSK?) mean though, just a password?

Loosely, yes.

And lastly, will the WAP54G have it's own IP address, I just use 192.168.1.1 to get into the wired router config, not sure about the wireless one though?

They should be the same, but it's completely transparent.
 
Soldato
Joined
7 May 2003
Posts
4,247
Location
Away from here
tolien said:
They should be the same, but it's completely transparent.

I don't think so. The first post says:

Big Chris said:
Currently got two machines connected via a wired router, have now added a wireless access point to allow a laptop to join the network.

If you don't know the IP address of the AP, then I would assume it is getting one from DHCP. Check the 'Connected Devices' (or whatever it is called on the wired router) and you may see the IP address and MAC address of the AP listed there.
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
burbleflop said:
I don't think so. The first post says:

What about it? :confused:
Neither machine needs to be aware of the AP's IP address, other than to access the web interface. Ergo, it's "completely transparent".

The addresses on the LAN and wireless sides should be the same as well.

If you don't know the IP address of the AP, then I would assume it is getting one from DHCP.

It is known though :p

I just use 192.168.1.1 to get into the wired router config,
 
Soldato
Joined
7 May 2003
Posts
4,247
Location
Away from here
Unless I'm a bit confused, the OP is using a seperate router and AP. In that case the AP will have a seperate IP address to the router.

I didn't say that the PC's needed to know the IP of the AP, but the OP (too many abbreviations!) said he accessed the wired router using 192.168.1.1 - that isn't the AP so he'll need to IP of the AP to get into the web management of it to enable WPA.
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
burbleflop said:
Unless I'm a bit confused, the OP is using a seperate router and AP. In that case the AP will have a seperate IP address to the router.

Ah, yep :o

I didn't say that the PC's needed to know the IP of the AP, but the OP (too many abbreviations!) said he accessed the wired router using 192.168.1.1 - that isn't the AP so he'll need to IP of the AP to get into the web management of it to enable WPA.

Yup. The answer is in the manual (192.168.1.245).
 
Soldato
OP
Joined
5 Apr 2004
Posts
5,445
Location
Bloxham
Thanks again fellas, sorry for any confusion!

Just to clarify, I have a wired router (Linksys BEFSR41) and a wireless access point (Linksys WAP54G) plugged into it.

I access the wired router with 192.168.1.1 and you're saying I need 192.168.1.245 to access the wireless AP config? (don't have the manual to check). Is it best to make these changes from one of the wired machines and not the laptop?

Once there, I set up WPA-PSK then get the laptop to search for networks at which point it should find ours and be prompted for the password? Do I need to run through the same settings again on the laptop in Network Properties > Network Authentication?

Apologies for the n00bness here, I don't like playing with network stuff as it always goes wrong unless I'm under direction. This results in me taking grief from the other guys on the network, then having to call on mates to come and fix it who I have to pay in beer and food.
 
Soldato
Joined
7 May 2003
Posts
4,247
Location
Away from here
What you've said is all correct. You won't need to add the same settings in Network Properties > Network Authentication on the laptop though, when you scan for networks and enter the PSK, it'll do the necessary for you.
 
Caporegime
Joined
16 May 2003
Posts
25,368
Location
::1
Big Chris said:
and you're saying I need 192.168.1.245 to access the wireless AP config? (don't have the manual to check).

a) the manual's on the Linksys site, and b) yes, that's what it says the default IP is.

Is it best to make these changes from one of the wired machines and not the laptop?

Yup.
 
Back
Top Bottom