Wireless Group Policy WLAN Radius Part 3 WLAN Radius Config WLAN Client Config Linksys BEFSR41 Firmware Linksys BEFSR41 101 Linksys WAP54G config More Linksys BEFSR config Security how-to Writing DNS Zonefiles Is ZoneAlarm Spyware? Linksys Wishlist Sendmail spamblock Bind

[netmenu.html]

Privacy Feedback

Linksys Router configuration 101

KISS. Keep it simple, stupid. What a great principle, and one which should be used when setting up the Linksys router. Or any other router for that matter. Another question to keep in mind is: "How do you eat an elephant?". The answer to that is: One piece at a time. That's how you'll need to look at setting up your router as well. Get one thing working, then move on to the next.

Getting started.

The first step is to get your computer connected to the router. To do this, use a standard CAT5 cable and connect your computer to one of the 4 LAN ports on the back of the router. Make sure you don't plug it into the uplink port (right next to the power). If you power up the router and your computer is on, you should get a link light on the port you plugged the cable into. If you don't, then your cable is either bad, or it's not properly seated.

Write down your network settings.

Take a good look at your current network settings. You want to make sure that you write down all the settings that were put in there by your ISP (if any), so you know what will be needed later. Some ISPs require hostnames and specific domain names entered in the DNS configurations, others don't. Make sure to check what is there, and copy it down on a piece of paper. It'll come in handy later and/or if you need to restore your configuration.

DHCP

Dynamic Host Configuration Protocol. By using DHCP, clients (your computer) will request IP configuration from a DHCP server. The good thing about this is if your configuration is correct on the server, it will be correct on the clients, and you don't really have to care what the information is at all. Normally, you wouldn't care what the IP address is for your name server or default gateway or any of that. The Linksys router is configured to act as a DHCP server, and will hand out IP configuration to any client connected to the LAN side of the router. This is by far the easiest way to go. Do your self a favor and use DHCP. Simply select the "Obtain an IP address automatically" option on the IP address tab of the TCP/IP properties page (Control panel -> Network, double click on TCP/IP). Basically, you would do the opposite of what I have done on the right (do as I say, not as I do).

If your computer was already set up to obtain an IP address, you should either have one already, or you should be able to get one real quick. To find out, run "winipcfg" (Start ->Run, type "winipcfg"). Note that if you have a dialup modem, it is possible that it will show your PPP IP configuration by default, so make sure your network card is listed on the top. If the IP address is 192.168.1.100, then the Linksys router have already given you an IP address. If it is anything else, press the "Release" button. The IP address should vanish. Next click "Renew". Assuming everything is fine, you should get a new IP address of 192.168.1.100. This is the first address in the DHCP range of the router. If you don't get an IP address, check your cabling, the link lights on both your router and NIC. Try rebooting the computer to make sure any configuration updates takes effect.

Configuring router for use.

To configure the router, launch your favorite web browser. If your home page doesn't load, it's probably because you may not be connected to the internet just yet. Enter 192.168.1.1 as the address, and you should be asked for a password. The default password is "admin". Let's start at the top. As I mentioned earlier, some ISPs require a host and domain name. Hope you wrote it down, because now you'll have to type it in... Skipping firmware for now, the LAN IP address is the IP address of the router. WAN IP address is one of the more important issues. Most broadband ISPs use DHCP to give out IP addresses to their customers. If the computer you had previously hooked up to your cable or DSL modem was set up for DHCP, then you are practically done. DSL users may have to deal with PPPoE; that's something you'll need to talk to your ISP about. You have a username and password, which you can enter on this screen (cut out of this image, sorry). Other ISPs (like RR/AT&T here in the Northeast) require the MAC address of the network card to assign an IP address to. The MAC address of the outside interface of the router is listed directly to the right of "WAN IP Address:". You might have to call your ISP and give them this number.

Note: If you are using DHCP to obtain an IP address on the WAN interface, do NOT enter any information for DNS servers or default gateway! The router will obtain all this information automatically.

All Done.

That was easy, wasn't it? Technically, we are all done. Plug your cable/DSL modem into the WAN port on the router, and it should get an IP address from your ISP. There's a DHCP Release and DHCP renew button on the Status page of the router which would make sure you get a new IP address. This feature was added in one of the newer versions of the firmware, so if you can't find it, it is because your software is old... reboot the router to make sure it works fine. You will have to renew your IP address on your computer(s) as well to get the DNS server information. There are a few more steps in this 101 Configuration.

Change the password!

Change the password! "Admin" is the most insecure password. Everybody knows that it is the default password. #2 is "beer" followed closely by the name of your dog. These are all bad passwords. Pick something unique, and make it 8-12 characters long. Have it written down, or you might find yourself in trouble later.

Add a little security.

The #1 exploit on Windows computers are the file and printer sharing. Some advocate not using file and printer sharing using TCP/IP. I'm not one of those people. Regardless of what you want to do about sharing, I recommend putting a filter in place to block any NetBIOS traffic from getting out on the internet. In the top right corner of the Linksys Configuration screen, there is an orange tab titled "Advanced". Click it. You'll then end up in the advanced configuration section, and you'll be looking at filters. We'll skip IP filtering for now, and move down to "Filtered Private Port Range". In range 1, enter 135 and 139. That will filter out all the ports that Windows uses for all the things that Windows does, and prevents it from getting out on the Internet. Below that, there's another set of options. My recommendation is as shown in to the right. Generally, you wouldn't want Remote Upgrade or Remote Management, if you do, you'd better have a good password! PPTP and IPSec passthrough is for VPNs, and I will not cover this here. You'd want the Block WAN requests enabled --- that is essentially the firewall. When enabled, it will drop any TCP requests and ICMP packets.

Update - port filtering.

Since it appears that port filtering may contribute to the instability of the Linksys router, I'm withdrawing my recommendation of filtering any ports. Although that makes it possible for certain traffic to get onto the internet, this should not have any significant effect on the security of your LAN.

1999-2005 Lars M. Hansen