Introduction
A router that is part of a full broadband service
One task that you will need to know how to do when you set up a small network for your home or business is to set up an Internet router. This may be done when you upgrade to a newer and better router, replace one that has failed or simply set up your new Internet service. You may also have to do this if you move premises and have to deal with a new Internet service provider or want to make sure that the Wi-Fi wireless network works properly.
In a lot of cases where you have a modem-router provided by your Internet Service Provider, you may find that the router is already setup for you or you may face a “wizard-driven” setup interface to help you through the setup routine.
Router Types
Broadband Router
This common type of router has an Ethernet connection and is designed to be connected to a broadband modem, typically provided by your broadband Internet service provider.
It is the type that will become increasingly relevant as more areas enable next-generation broadband and deliver the appropriate modems for the next-generation broadband technology because these will implement an Ethernet connection.
Modem Router
A modem router has an integrated broadband modem and connects directly to the broadband Internet service. This typically describes most equipment that is connected to an ADSL service or is supplied by an increasing number of residential Internet service providers.
Newer high-end modem routers may also have the ability to be connected to an external broadband modem. This is typically to cater for people who switch over to a cable Internet service or upgrade to next-generation broadband or businesses who want a highly-resilient broadband service.
Wireless Router
A router may be referred to as a “wireless router” if it is equipped with an integrated Wi-Fi wireless access point, which most of the routers sold to a lot of households are. These units may be a broadband router or a modem router as described above.
Login Parameters
A home network will typically have up to three sets of login credentials to take care of: the Device Management Password, the Internet Service credentials and the Wi-Fi Network parameters. Most consumer ISPs who supply the router for your network will prepare a card or other aide-memoire document which has these parameters on it and it is a good idea to write out a document that has these details when you set up your home network whether you were supplied with one of these cards in the first place or not.
Device Management Password
This set of credentials contains a device-determined user name and a password as the “keys” to the Web-based setup/management user interface for your router.
Internet Service credentials
This may be of importance to most ADSL services and some cable services, but they are the credentials that are determined by your Internet Service Provider when they provision (set up) your Internet service. They are not needed with most cable, mobile-broadband and next-generation Internet services.
These credentials, where applicable, are usually the same for the duration of your business relationship with your Internet service. Even if you relocate to another location serviced by the same Internet provider, these credentials will stay with you.
Wi-Fi network parameters
They represent the “Service Set ID” (SSID) which is your Wi-Fi network’s “call-sign”, and the WPA2-Personal passphrase for your home network’s Wi-Fi wireless segment if the network has one. They can be determined randomly when you first purchase your router or as part of an initial “WPS” setup routine.
Here, I would prefer to keep these credentials, especially the SSID and the WPA2-Personal passphrase constant even if you upgrade your router or set up a multiple-access-point “Extended Service Set”. If you relocate, you may choose to maintain these credentials or create new credentials for your new location.
The reason is that you avoid having to re-establish Wi-Fi connectivity to all of your portable devices if you upgrade or replace your router.
Primary Connection Classes
WAN connection
This connection, looked after by an integrated broadband modem and/or an Ethernet port that is marked “WAN” or “Internet” provides the link to a larger network that is typically your Internet service.
Multiple WAN connections
An increasing number of high-end routers, especially high-end ADSL modem routers provide two or three WAN connections. One is typically the ADSL modem or an Ethernet port while the other may be another Ethernet port for another modem or a USB peripheral port that allows you to connect a wireless-broadband modem. A lot of the routers that implement this feature will allow you to determine one of the four Ethernet ports as being a LAN port for the local network or an extra WAN connection.
Typically this is either to provide connection to a different medium like next-generation broadband, or you can use it to “gang” two or more Internet services together for increased bandwidth, load-balancing where certain data-transfer activities are sent one broadband connection while others are sent through the other broadband connection; or a fault-tolerant Internet connection where if one of the connections fails, the other connections come in to play.
LAN Connection
These connections represent the logical network or “subnet” that represents all the devices in the home network that want to benefit from the Internet connection and other network resources offered in this network.
This is represented by up to four Ethernet connections and, in most cases, a Wi-Fi wireless segment working at best to the 802.11n standard on either or both the 2.4GHz and 5GHz bands. Some newer high-performance units will work at best to the 802.11ac Wi-Fi standard on the 5GHz band.
Other LAN connections that some of the devices will offer include a USB network interface adaptor for a regular computer that doesn’t have network ability, or a HomePlug AV powerline network segment. The latter may be offered in the form of a power-supply module that integrates the HomePlug-Ethernet adaptor and is what most of the French ISPs are using for their triple-play Internet services.
Setting up your connection
Make sure your Internet access works first
When you set up your home network, use one device, preferably a regular desktop or laptop computer for the setup routine. Preferably the device should be connected to the router via a LAN Ethernet connection or Wi-Fi with “out-of-the-box” default parameters. Then you connect your broadband connection to the router, whether this involves connecting it to your broadband modem or connecting it to the DSL, cable or other service in the case of a modem router. Resist the temptation to tweak your router’s settings beyond what is actually required to achieve connection such as to harden security or improve network performance.
If your setup is based around a separate modem, switch on that modem and make sure that the SYNC and LINK lights are steady. The SYNC light or similar light indicates that the modem has effectively made a connection with the “head-end” of your service on a media level, while the LINK or INTERNET light indicates that it has established service with the provider on a logical level. Then switch on your router.
Log in to your router and visit the “WAN” or “Internet Connection” menu on the user interface. Here, set up the Internet service connections according to your service requirements. Most cable, fixed-wireless and next-generation broadband connections typically just require you to choose a DHCP connection as your connection type for residential services.
In the case of an ADSL service or other service that has login requirements, select the login or authentication method that your service uses and enter the Internet Service credentials that were determined as part of provisioning your Internet service.
You should see the “Internet” light glow steady and the “WAN” or “Internet Connection” details update with information like an IP address. This is the point of success and, to prove it, open a Webpage like a news portal in another tab or session (window) of your Web browser.
Wi-Fi wireless for best-case performance
Here, you need to set up your wireless-network segment for best-case performance.
If your router implements external antennas (aerials) such as the typical “rabbit’s ears”, make sure these are upright so they are not obfuscated by the unit itself or other computer equipment or metal furniture and fixtures. It may also be a better practice to place the router on top of a piece of furniture to assure proper Wi-Fi performance although this may not be aesthetically appealing.
The 2.4GHz band should be set for 802.11g/n or 802.11b/g/n operating mode so as to preserve compatibility with 802.11g devices but allow best performance with 802.11n devices using this band. This is because a lot of older and cheaper consumer-electronics devices use the 802.11g technology and this technology may be still used with portable devices like smartphones and tablets in order to economise on battery life.
The 5GHz band should be set for 802.11n operation because most of the devices that can work to the 5GHz band can work on the 802.11n standard.
Establishing a two-band wireless network
This leads me to talk about the dual-band wireless network which would be facilitated by most high-end performance-grade routers.
Here, I would use a separate SSID for each band. An easy way to go about this to have one band have the standard SSID while the other band has that SSID plus a band-specific prefix or suffix like BIGPOND2346 for the 2.4GHz band and BIGPOND2346-54G for the 5GHz band. This means that you can be sure which band to select from your laptop or other client device for better performance.
Choosing vacant Wi-Fi channels
You may have to select a vacant channel for your wireless network so as to avoid interfering with your neighbours’ wireless networks and to assure best performance for your network. Some routers may make this easy by implementing an auto-setup routine which looks for the channel with the least activity and tuning to that.
But you may have to use one of the many free Wi-Fi site survey tools like WiFi Analyzer for Android or MetaGeek’s inSSIDer for Windows to determine which channels are effectively vacant in your area. These programs provide a graphical view of SSIDs with relative signal strength on the 2.4GHz or 5GHz band so you can know which channels will offer greater performance.
Setting up for security
New passwords
The first job I would do with a new router after I have got the Internet connection going would be to change the device management password away from the default. This is important if manufacturers don’t assign device-management passwords that are unique to each device they sell. Here, I would determine a password that is easy to remember but hard for outsiders to guess and use some numbers and punctuation marks in the password.
As well, change the Wi-Fi network’s SSID away from the default SSID especially if it betrays the device’s brand like LINKSYS. It is important because if a device’s brand is guessed easily, hackers can take advantage of that brand’s or model’s security weaknesses to target your network.
If you are dealing with carrier-supplied equipment, you may find that the SSID may be something like the Internet service’s brand plus an apparently random number such as BIGPOND2346.
This may be a good time to personalise your Wi-Fi network such as to have it represent your business’s brand or the purpose of the network.
Most carrier-provided routers and some retail-provided routers will have a random WPA2-PSK passphrase that is unique to each unit and this will be stuck on a label attached to the underneath or back of the unit.
If your router implements WPS where it can determine the passphrase automatically, set the passphrase using the WPS push-button setup method by enrolling a Windows 7/8 laptop or Android mobile device to the network using this method. Then log in to your router’s Web user interface and go to the WPS option to set the option that “keeps” the WPS parameters the same when you use the WPS push-button setup method subsequently, then go to the wireless-network security parameters screen to record the randomly-determined passphrase for your network. This is important if you have to enroll Apple devices or other devices that don’t implement this setup method.
If you are dealing with a router that doesn’t implement WPS functionality, make up a WPA-PSK passphrase yourself and use some numbers and punctuation in that passphrase to make a secure passphrase. Record this on paper or a computer text file and transcribe it in to the router to keep a secure network.
As you change these passwords and Wi-Fi network parameters, keep a record of these details on paper in a secure place on your premises. This is useful if you have to reset your router due to network problems and reinstate network settings, you change Internet service or are setting up new Wi-Fi-capable equipment on your network.
Making sure UPnP works from the inside only
Most consumer and some small-business routers implement UPnP Internet Gateway Device functionality by default to simplify application-specific port-forwarding requirements. This is important especially for Skype, cloud-based device features and online gaming but some poorly-executed implementations have caused it to be deemed a security risk.
The main risk here is for UPnP IGD functionality to be accessible from the Internet rather than just the LAN (home network) side. This was aggravated due to Wi-Fi networks operating on manufacturer-default settings such as no passphrase or a manufacturer-default SSID and passphrase.
The risk has been mitigated through routers that are running firmware issued over the past few years as well as Wi-Fi segments that use “random-default” passphrases made easier with WPS and “random-default” SSIDs in the case of carrier-supplied hardware. But a good test to do is to visit the Rapid7 Website at this location: http://upnp-check.rapid7.com/results/91ca51deb4effcf7dcdda7f1b02571ef to make sure that you can’t use UPnP IGD functionality from the outside. If this test fails, it may be a good idea to update the firmware and/or disable UPnP functionality on the router if you aren’t using Skype, online games or similar applications.
Even if UPnP functionality is OK, it is a good idea to run a desktop firewall on your regular computers and the recent iterations of the Windows platform have this functionality integrated. This function is also integrated in to many newer desktop-security software packages which are infact worth installing on these computers. As for mobile and, increasingly, regular-computer platforms, read this article about app stores before you head on that app-store shopping spree.
IPv6
Some of you who are on an Internet Service Provider that supports IPv6 as well as having a recent high-end consumer router or small-business router equipped for IPv6 will find that you want to go to this path. This is supported in a dual-stack mode by the latest iterations of most regular and mobile operating systems and is being supported by most small-business network-capable printers.
To engage this operating mode if you know your ISP provides the functionality is a simple task. Here, you just select a checkbox on most IPv6-capable routers to enable the dual-stack IPv6 operation. This means that you have two logical networks on the same physical bearers – one with IPv6 operation and one with legacy IPv4 operation. Some of these ISPs also offer the routing between the networks so that data can reach the legacy single-stack IPv4 equipment.
What credentials you can keep constant
|
Upgrade or replace router,
Change Internet service – different connection type and hardware |
Change Internet service – same connection type and hardware |
Relocate premises
– same device |
| Device Management Password |
Optional |
Yes |
Yes |
| Internet Service Credentials |
Yes |
No |
Yes if taking same service with you |
| Wireless Network SSID |
Yes |
Yes |
Optional |
| WPA2-Personal Passphrase |
Yes |
Yes |
Yes |
I have prepared a “download-to-print” A4 sheet which you can print out and fill in with your router password and Wi-Fi network details. Here, you then keep this with your paper files as a reference if you need to modify your router’s settings or add equipment to your network’s wireless segment.
Conclusion
Once you have your router set up in an optimum manner, you can expect many years out of this device working as an “edge” to your network. Here, you could expect your router to last around three to five years serving as this “edge”.
