WLAN Configuration
Remote Site WLAN Configuration
The Wireless Router
Small Branch offices, home networks, and sometimes small offices usually use what we know as the home router. Such routers are sometimes called “Integrated Routers” since they include a switch for wired clients, a WAN port, and Wireless antennas and components for wireless access.
These Routers typically provide WLAN Security, DHCP Services, NAT Translation, QoS, and many other features depending of course on the make and model of the Router being used.
Login to the Wireless Router
When you buy a Wireless Router they are usually pre-configured to work out of the box, like for example they will have a pre-configured wireless DHCP Server to automatically provide addressing to connected client devices.
That being said, such devices will come pre-configured with default usernames and passwords which can easily be discovered by browsing the internet. Usually the default credentials will be “admin”/”admin” or “cisco”/”cisco” for official Cisco devices. The first priority when purchasing one of these routers should be to change these defaults for obvious security reasons, in fact some devices won’t let you configure anything else prior to changing these details/credentials.
Most of these routers as mentioned before can be accessed via GUI, which is usually a browser-based web page allowing you to interactively configure the device. To access such a page, open up a web browser (ex. Google Chrome or Edge Browser) and navigate to the default IP Address which is usually 192.168.0.1 or 192.168.1.1. You can find the default IP Address in the documentation of your newly purchased device or sometimes even printed on a label on the underneath of the device.
Basic Network Setup
Basic network setup is covered through the following 6 steps:
- Log in to the router via a web browser
- Change the default administrative credentials
- Log in with the newly configured credentials
- Change the default DHCP IPv4 address
- Apply and renew the IPv4 address
- Log in to the router with the new IPv4 address
Basic Wireless Setup
Basic wireless setup is covered through the following 6 steps:
- View the WLAN default configuration
- Change the network mode
- Configure the SSID to be used
- Configure the channel/s to be used
- Configure the security mode to be used
- Configure the passphrase to be used
Configure a Wireless Mesh Network
When in a small environment (ex. small office / home) a single Wireless Router may be enough to cover the entire area and provide wireless access to all the connected clients.
The very same Wireless Router won’t suffice if you wish to extend the range beyond approx. 45 meters indoors and 90 meters outdoors, and you will need to add wireless access points to the setup.
It’s important to choose the proper channels (ex. 1/6/11) so that the newly installed Access Points do not interfere with each other.
Nowadays WMNs (Wireless Mesh Networks) are widely used and can even be controlled and configured simply through smartphone apps.
NAT for IPv4
When you load the GUI of a Wireless Router, it will usually load the Status/Statistics page by default which will show the IPv4 addressing information that the Router is using to transfer data to/from the internet.
The public IP assigned to the Router is publicly routable on the internet but all the local devices connected to the Router’s LAN will be assigned private IP Addresses ex (192.168.x.x) thus they cannot be routed on the internet. The Router’s job is to use the process known as NAT (Network Address Translation) to convert these private IPv4 Addresses to internet-routable IPv4 addresses. When using NAT, a private (local) IPv4 address will be translated into a public (global) IPv4 address for outgoing packets and reversed for incoming packets.
Some ISPs also tend to use private IPv4 addressing to hook up to customer’s devices, however, eventually, the client’s traffic will still leave the ISP‘s network and be routed on the internet at some point.
If IPv6 Addressing is being used, a unique IPv6 address will be shown for each connected device since no NAT is needed for IPv6 due to the massive range available.
QoS (Quality of Service)
A good majority of such Wireless Routers will also have an option for QoS configuration. By configuring QoS, you will be able to guarantee priority for traffic types like for example Real-Time Streaming Video and Audio/Voice over other less time-sensitive traffic such as web-browsing and emails. QoS can also be applied to ports.
These settings can be listed within the GUI either as “QoS” or other names such as “Bandwidth Control” or similar depending on the make and model of the Router.
Port Forwarding
Wireless Routers do normally block TCP and UDP ports to prevent threat actors from accessing the LAN. However, at times specific ports must be opened for specific software and apps to communicate with the devices on different networks. Port Forwarding, is a rule-based method of forwarding traffic between devices on separate networks.
When traffic reaches the Router, the Router will determine whether the traffic should be forwarded to a certain device based on the port number. Like for example, a router can be configured to forward port 80 and 443, which are associated with HTTP and HTTPs. If this is the case, the router will forward the traffic to the server inside the network which serves a web page on those same ports.
Another methodology known as Port Triggering allows a Router to temporarily forward data through inbound ports for a specific device. Usually Port Triggering is used to forward traffic to a device only when a designated port range is used to make an outbound request.
An example of this would be when for example a Video Chat application requires port range 1560 – 1565 to be in forwarding state. If there is Video Chat traffic on either of the outbound ports within the mentioned range, inbound traffic on those ports is forwarded to the connected device and will be no longer allowed to forward traffic when the Video Chat is over.