This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.
This lab shows you one method of configuring a wireless router. The actual steps will be different for different devices, but these steps give you an idea of what to look for and what you might see on your access point.
Requirements: This exercise assumes you’re running a wireless network with a wireless access point or wireless router that is accessible via HTTP. You’ll also need access to a computer browser such as Microsoft Edge or Chrome.
1. Open your web browser and type in the IP address of your wireless access point or wireless router into the URL section. It is often 192.168.0.1 or 192.168.1.1.
2. When prompted, enter the administrator username and the password. If you don’t know these, you’ll need to check the documentation. You can often find the manual online with a Google search. For example, if you have an M20 router, search on “wireless router M20 Manual.”
3. Click Log In. This will typically take you to a setup page similar to the following graphic:
4. Click on Wireless to see the options. The following graphic shows you what you might see.
- Network Mode refers to the wireless protocol such as 802.11b, 802.11g, 802.11n, and 802.11ac that you’d use for this device.
- Here is where you’d change the SSID from the default. However, many APs force you to change the SSID during initial setup.
- If necessary, you can change the Channel to avoid interference on a channel.
- Last, you can disable the SSID broadcast to hide the SSID from casual users. Remember though, attackers can easily discover your SSID even if you disable SSID broadcast.
- For this lab, don’t save any changes. However, if you need to make any changes, ensure you save them before moving to the next page.
5. Click on Wireless Security. You’ll see a display similar to the following graphic.
- Security Mode typically includes options such as WEP (don’t use it), WPA Personal, WPA2 Personal, WPA Enterprise, and WPA2 Enterprise.
- When using WPA Personal or WPA2 Personal, you enter a passphrase (also known as a preshared key or PSK) here.
- You enter the same passphrase or PSK on all wireless devices that will connect to this wireless device.
6. Select one of the Enterprise modes such as WPA2 Enterprise. You’ll see a display similar to the following graphic.
- Enterprise mode uses an 802.1x server typically implemented as a RADIUS server.
- Enter the IP address of the RADIUS server in the RADIUS server block.
- RADIUS servers typically use port 1812 but they can use other ports. If the server is using a different port, enter its port number.
- The shared secret is similar to a password. You enter the same password here that the RADIUS server is using.
(Note that the shared secret is completely different from a PSK. WPA2 Personal uses a PSK and all users enter the same PSK. The shared secret is entered on on the RADIUS server and on access points that use the RADIUS server, but users don’t use it. Instead, users must log on with their own unique credentials.)
In a production environment, you will likely have to ask the RADIUS server administrator for some of these details. Also, the RADIUS server administrator would configure the RADIUS server with a database of accounts, such as an Active Directory domain.
7. Select Wireless MAC Filter. You’ll see a display similar to the following graphic.
- The MAC filter is disabled by default, but you can enable it by clicking on Enabled
- After enabling it, you need to decide if you want to block specific devices from accessing the network by using the Prevent setting, or allow specific devices to access the network by using the Permit setting.
As an example, if you neighbors are using your wireless network, you can enter the MAC addresses of their devices to block them.
Or, if you want to ensure devices used in your home or business are allowed, you can enter their MAC addresses.
- Next, add the MAC addresses of devices you want to allow or block.
8. The Wireless Client List is a cool feature in the M20 wireless router and available in many other wireless routers. Click “Wireless Client List” button and a display will pop up based on the devices that are currently connected. It might look similar to the following graphic. For this device, you have several options:
- Click Add and the software will add the MAC addresses of all the devices to your MAC filter list. (You can also use this to discover the MAC addresses of your neighbor’s devices, if your neighbor is connected).
- If you only want to add some of them, click the check box at the right and click Add.
- Click Refresh and it will add or remove devices based on what devices are connected.
- Click Close to close the window.
- Don’t save these changes for the lab. However, if you were implementing a MAC filter, you should save the changes.
9. For the lab, ensure you click Cancel Changes so that none of your changes are saved.
Note that this (and other) wireless routers have many more features. Feel free to look around to see what features are available on yours.