Configure Your Network
To use a Wi-Fi network, it has to be configured to connect on one side to the internet, and on the other side to the devices you want to have access to the internet. Outside of corporate networks, access points are embedded into home and small-office gateways. These almost always combine the functions of a Wi-Fi access point, an Ethernet switch, and a network router (which connects different kinds of networks and moves data among them).
When it comes to setting up a connection to an internet service provider (ISP) and creating a local network that devices use to connect through Wi-Fi and Ethernet, every router’s instructions are a bit different. In this chapter, I explain the typical choices you have to make to set up a gateway that combines a wireless access point and routing features. This includes advanced choices such as using static IP addresses and fixed private addresses as well as other less-frequent, but not unusual, options. I also discuss where to find specifics.
Let’s start with a little background about how network addresses work before we get into the wide world of the internet and local networks.
Learn About Dynamic Assignment and Private Addresses
Devices that use most network services need an Internet Protocol (IP) address. That’s true even for a local network devices that only use local resources if those resource use IP addresses, too.
IP addresses can be public or private. Public addresses are typically publicly routable, meaning that they are unique across the internet and can be reached from any other point on the internet. (A firewall or other tools can block access, but the IP address is still addressable from the internet even if nothing can connect to a device there.)
A private address, however, is unique only inside a Local Area Network (LAN). These addresses aren’t routable from the internet, and they let you control more parameters than public addresses. They also generally make your networked equipment less reachable. (You can read more about private addresses in Dynamic Private Addresses, later in this chapter.)
Devices on a LAN typically obtain an IP address from a DHCP server. DHCP stands for Dynamic Host Configuration Protocol (DHCP), a relatively old internet technology. DHCP assigns out addresses to devices that request them on a LAN.
DHCP typically pairs with NAT (Network Address Translation). NAT allows a single address used by a gateway to be used as a conduit. NAT takes a connection between a given internet request (incoming or outgoing) from a given device on the LAN and the gateway, and then creates a new connection from the gateway with the destination address elsewhere on the internet. This allows many machines to “share” a single public IP address on a gateway. (I discuss more about how NAT works in Reach Your Network Remotely.)
You’ll need to understand DHCP in particular when configuring your gateway to connect to a broadband modem or a larger network, as described next.
Get a WAN Address
To communicate with the rest of the world, you need to hook the wide area network (WAN) port of your gateway to the internet.
With most networks, especially those in homes, that means connecting to a broadband modem. However, you could also have a network router that provides network services over Ethernet and is already connected to your broadband modem. In that case, you connect your gateway to any port on the Ethernet network.
Start with an Ethernet cable and plug it into the WAN port on your gateway, which typically has a special label or icon, or is set apart from any Ethernet LAN ports. (Consult your manual or online support if it’s unclear.) Connect the other end of the cable to the LAN port of your broadband modem, or to an Ethernet switch for a larger network.
Now that you’ve made the physical connection, you can configure your gateway to handle the connection. The many different possible configurations can be broken down into two categories: those that use dynamic addressing and those that use static addressing.
If your internet connection is a home broadband connection, you’ll probably use dynamic addressing. You may need to ask your ISP for more information if you’re not sure whether they provide you with a dynamic address or not. For configuration details, read Dynamic Addressing, next.
A static address is more typical for small and large offices. For setup information, see Static or Fixed Addressing, a few pages ahead.
Dynamic Addressing
A dynamic address is an Internet Protocol (IP) address that is assigned through DHCP, as discussed earlier in this chapter. Dynamically assigned addresses over DHCP can be either public or private.
On a gateway’s WAN port, it requests an IP address from the DHCP server that’s either built into the broadband modem or that’s passed through to the modem or via a network router. (The gateway acts here as a DHCP client.)
By default, most gateways obtain an IP address as a DHCP client when they initially start up and are connecting to a broadband connection (Figure 26).
In some cases, you might need to enter the IP addresses for the DNS servers (Domain Name Service) manually, or you may choose to override ISP-provided values.
Static or Fixed Addressing
In some network configurations, your ISP may offer you a static address. This could be part of a private network that the company operates or it could be a public IP address.
If the address is from a private network, your gateway (and by extension, your network) may not be easily reachable from the rest of the internet. If it’s a public IP, the gateway typically becomes directly reachable by any other point on the internet.
In either case, this static (or “fixed”) address gets entered directly into the gateway’s WAN network configuration. You typically select either “manual” or “static” address from a popup menu that likely reads “DHCP” or “dynamic” by default (Figure 27).
To set up a static address, you’ll need to enter some information provided by your ISP or network operator:
The static IP address: This is the unique network address used by your gateway on the internet or the ISP’s network.
The subnet mask: A number full of mystery, the subnet mask merely defines the size of the local network that the static address comes from, with “size” expressed as the number of addresses in that local range.
The router address or gateway: This is the address to which any outgoing traffic that’s not bound for other machines on the local network is sent. It’s then routed to higher-level networks, such as a larger office LAN or the internet.
DNS server(s): You need the IP address for at least one DNS server, which handles turning domain names into IP addresses. Two is better; that avoids slowdowns if the first DNS server is unavailable or overloaded.
Hand Out LAN Addresses
With the WAN link connected, it’s time to look at your own network—the LAN. The LAN can be configured to assign IP addresses to client computers in one of four ways:
Dynamic private addresses: The gateway uses a single public or private IP address assigned by the ISP and shares that all the machines on the LAN. The gateway assigns addresses to computers on the LAN from a private range; you can almost always modify that range. These addresses rely on NAT for connections outside the LAN. See Dynamic Private Addresses.
Dynamic public addresses: With this setup, your gateway shares multiple, publicly routable internet addresses with devices on the LAN.
Reserved addresses: With this feature, you can assign specific private or public addresses to individual computers on the LAN. See Reserved Addresses.
Passthrough and bridging: You can set up a gateway to let another device on a larger network dynamically assign addresses or allow static addresses, which require no intermediate DHCP server to route traffic to and from the internet. With this set up, the access point doesn’t operate a DHCP server at all or manage addressing. See Passthrough and Bridging.
The first option is by far the most common, in which devices on the LAN receive addresses that can change from time to time—whether that’s every hour or every few weeks—and which exist solely to give the devices access to the internet. You’d typically use the other options when computers on the LAN side of the network are providing services to other devices on the same network or need to be reached by devices on the internet.
Let’s look through each of these in turn.
Dynamic Private Addresses
To use a dynamic private address on a LAN, you typically have to set up your gateway:
Find the “LAN,” “Network,” or “Local” configuration section in your gateway’s admin interface.
Most gateways enable DHCP and NAT by default. If those services aren’t turned on, select DHCP/NAT from a popup menu or check a box. (NAT may not be listed, but it’s implied.)
The DHCP server settings may offer lease options, such as the duration of time that a device can retain an IP address before requesting or being assigned a new one. On most networks, disable the lease period (if that’s an option), or set it to as long a duration as possible, like a few weeks.
The DHCP server settings may also let you choose a range of private addresses and how many addresses to assign dynamically. I explain those choices in detail next. You may wind up mixing dynamically assigned addresses with DHCP reservations, explained later in this chapter.
Why To Choose a Different Private Address Range
Some gateways offer the capability to control which private address range is used, sometimes with a lot of options. You might want to use this option if you have network conflicts in which multiple devices are handing out addresses, if you need more than 200 to 250 addresses, or if you just prefer to use something unique.
Private addresses are drawn from one of three reserved ranges: 10.0.*.*, 172.16.*.*, or 192.168.*.*. The * refers to a number between 1 and 254, although depending on the gateway, you may have a smaller subset available.
These prefixes are reserved by the global numbering authority, and they are guaranteed to not be in use on any public internet network. Depending on the gateway you may be obliged to use only one range. Most gateways default to 192.168.0.*, although Apple’s Wi-Fi base stations default to 10.0.1.*.
The only reason to change the range of numbers is if you want to create and assign private addresses that remain static. Otherwise when a computer or device requests an address via DHCP addresses are allotted arbitrarily from a large pool. These statically assigned addresses start with the first three numbers in the access point’s private network range, but you enter them manually on each computer. This used to be the only way to create a fixed private address, but now I suggest you avoid this method by using Reserved Addresses, discussed later in this chapter.
Dynamic Public Addresses
Some ISPs offer public addresses, usually for an extra fee, if you need them for your LAN computers or other devices. This allows each device to be reachable from the public internet without any intermediary address translation. This can be useful for certain kinds of servers and services, even though it enhances risk, because suddenly anyone, including any automated hacker bot, can reach those devices, too.
Most of the time when you want to use a public IP address, you also want that address to remain static for each computer or device. In that case, DHCP isn’t involved at all. However, some networks use public addresses for all connected devices and don’t require that each device have a static address. For that scenario, you configure an access point to hand out public addresses from a defined range using DHCP.
Reserved Addresses
Reservation allows a given device on a network to obtain the same IP address, whether public or private, each time it joins the network. This works whether or not you share the access point’s connection or distribute a range of addresses, but it does require DHCP service to be turned on.
The reserved address is never assigned to another computer, and if the computer in question restarts or shuts down, the next time it powers up and its network adapter is active, it receives its reserved address.
Reserved addresses work well if you want to connect from the WAN side of an access point to computers, printers, and other devices that are connected via the LAN side.
If your gateway supports DHCP reservation, you have to connect a device identifier with an IP address you’ve chosen from the pool of addresses used by the LAN. On some gateways, that IP address has to come from an unassigned range. On others, you can pick any address in the private range, and the gateway keeps it in reserve (Figure 28).
The device identifier is almost always the MAC (Media Access Control) address. This address has nothing to do with an IP address or Macintosh computers. Rather, it’s a unique, factory-assigned address attached to every distinct network adapter. If you have a computer with Ethernet and Wi-Fi, those two network adapters each have their own address. It’s a set of eight pairs of hexadecimal characters that looks like 81-4F-A1-25-5E-1E.
Some gateways may allow other information unique to a specific device or operating system. For instance, Apple’s macOS lets you specify a DHCP ID as a text identifier in System Preferences > Network under TCP/IP settings. Likewise, Apple’s Wi-Fi base stations can use that DHCP ID to reserve an address.
You may need to restart the access point after setting up DHCP reservations. After you restart, all devices you reserved addresses for receive those IP addresses from the DHCP server.
Passthrough and Bridging
For networks in which the access point is connected to a larger LAN or you rely on a broadband modem that has gateway features, you may already have a DHCP server running that handles address distribution. In many cases, you might be adding Wi-Fi gateways specifically because you want this access point feature.
In any case, you need to disable DHCP and NAT, and allow those messages to pass through. If you leave them enabled, you’ll get unpredictable results.
The term used in each gateway will vary for disabling DHCP and NAT. In some cases, you’ll be able to set “DHCP” to “off” via a radio button or button menu. In others, you’ll need to select an item that reads “Bridging” or “Passthrough.”
When you disable DHCP on the LAN side, gateways will be assigned a LAN network address that’s in the same range as the rest of the devices on the LAN.