Method

Description

Plan access point placement and configuration

The first step in implementing a wireless solution is to plan the wireless network. Consider the following:

• Draw a sketch of the building or location where wireless access is required. Identify possible access point locations, taking into consideration signal strength and maximum signal distances.
• Place access points in central locations. Radio waves are broadcast in each direction, so the access point should be located in the middle of the area that needs network access.
• Devices often get better reception from access points that are above or below. In general, place access points higher up to avoid interference problems caused by going through building foundations.
• For security reasons, do not place access points near outside walls where the signal can be intercepted by non-authorized devices. Placing the access point in the center of the building decreases the range of the signals available outside of the building.
• Select the SSID for the wireless network. If the network has multiple access points, identify which channel each access point will use. Make sure that neighboring access points use non-overlapping channels.

Click here for a diagram of a sample wireless network with multiple access points.

Connect the wireless access point to the wired network

Most access points require that you make a connection to the access point through the wired network in order to complete access point configuration tasks.

• Before connecting the access point, you can verify that the wired connection is valid by connecting a laptop to the network port.
• Connect the access point to the existing network with a straight-through Ethernet cable. Optionally, you could use a cross-over cable and connect a laptop or desktop computer directly to the Ethernet port on the access point.
• Most access points come configured with a static IP address and a subnet mask. On a host on the wired network, change the host's subnet to the same subnet of the access point.
• Most access points use a Web-based program for configuration. Use your browser to connect to the default IP address of the access point, then enter the default administrator name and password to connect to the configuration utility.

Configure basic access point settings

Once connected to the access point configuration utility, configure the necessary settings:

• Configure a static IP address (with subnet mask, default gateway, and DNS settings), or configure the access point to use DHCP. Because the access point acts much like a switch, an IP address is not required. However, configuring the IP settings allows you to connect to the access point to make configuration changes. After changing the IP address, you will need to change the IP address of the client that is connected to the access point.
• Configure the wireless standards to use (802.11a/b/g/n) and the operating mode (mixed, legacy, greenfield, etc.).
• Configure the SSID. If the access point is part of an ESS, all of the access points should share the same SSID.
• Configure the channel. To avoid interference between multiple access points, each access point should have a different, non-overlapping channel. On a small network with a single access point, you can set the channel to Automatic. The access point then senses other access points nearby, and (if possible) selects a channel that is not in use.

Configure a client

Install and configure a wireless client, such as a laptop with an enabled radio. When you install the wireless adapter, you use a wireless connection manager to view and connect with wireless networks.

• Windows XP and later comes with a built-in wireless connection manager. This connection manager uses the Wireless Zero Configuration (WZC) service. When roaming between access points, WZC automatically connects to the access point with the strongest signal.
• Many wireless adapters come with their own connection manager that might provide additional functionality.

With most connection managers, you can view wireless networks in range that are broadcasting the SSID. Simply select the wireless network and establish the connection. A successful connection verifies that the client can communicate with the access point.

Configure security on the access point

If the access point is left connected to the network without security implementations, attackers may connect to the network, potentially circumventing all security on the wired portion of the network.

When configuring the authentication method:

• Use Open authentication to allow anyone to connect to the wireless network. This option is typically used by businesses that provide free Internet access to customers.
• Use Shared Key authentication on small, private networks. With Shared Key authentication, all access points and all clients use the same authentication key. Shared Key authentication can be configured using one of three settings:
  • A simple Shared Key setting uses the WEP key for authentication. When using this option, you should disable encryption.
  • WPA-PSK (WPA Personal) uses WPA with a shared key.
  • WPA2-PSK (WPA2 Personal) uses WPA2 with a shared key.
• Use 802.1x authentication on large, private networks. 802.1x requires a RADIUS server on the network. Users authenticate with unique usernames and passwords.

When configuring encryption, select the strongest method supported by all devices:

• AES is used with WPA2. When using AES, all devices must be WPA2 capable.
• TKIP is used with WPA. Most existing devices can use WPA. If not, check to see if a firmware update is available to add WPA capabilities to the device.
• Use WEP only if no other encryption is supported. Note: Do not use WEP together with Shared Key authentication.
• Public networks typically require no encryption.

Configure client security settings

After configuring security on the access point, you will need to add security to the wireless client. Manually configure the security settings that correspond to the wireless network.

• When using WEP or Shared Key authentication, enter the same shared key configured on the access point.
• If using 802.1x authentication, enable 802.1x and configure any necessary settings. Depending on the implementation, you might be prompted for a username and password when you try to connect.
• Select the encryption method used on the wireless access point.

After the security configurations are set, verify that the wireless client can still connect to the wireless network.

Conduct a site survey

A site survey is an evaluation of your wireless network configuration. The site survey looks for advantages and problems with the wireless network and its surroundings. When conducting the site survey:

• Verify that the SSID broadcast and security settings are correctly configured on each access point.
• Assess the signal strength and direction of wireless access points. For example, make sure that access points are not placed near outside walls where the signals will be strong outside of the building where you do not have physical control.
• Check for obstructions that could affect the availability of the wireless signal in various locations.
• Check for other wireless networks in the area, and choose a channel that does not conflict with other networks.
• Perform cell-shaping. Cell-shaping uses directional antennae and shielding methods to locate the wireless access points in secured areas in order to adjust their transmittal power.

If you find something of concern during the site survey such as a strong signal strength outside of the building, troubleshoot the issue and then conduct another site survey to confirm that the issue is resolved.