Linksys WRT54GX

Site menu:

This is a write-up that I did about a year and a half to two years ago. It's still valid, but I will make some points below to keep in mind when setting up your router.

Getting Started

Ihate to assume anything, so lets start off by getting into your router. The first thing to realize about your new router is that the router itself is not just some piece of hardware. Its actually a small embedded computer itself usually running some ROM based version of Linux or similar OS. It has its own web server running inside of it that you interface to for setting the particular parameters of the router.

To get started with the configuration process, you must know the IP address of the router. Typically, out of the box, most all home routers have an address of 192.168.1.1. Open your web browser and type 192.168.1.1 in the address bar and you will be presented with the dialog below. The username is blank and the default password is admin.

Main Setup Screen

Made it through the login? Good! This is where you end up right off the bat after successfully logging in. For the remainder of the sections that I am going to cover, I am going to show you a screen shot and then tell you a little about the important settngs in it. There are some screens that I am not going to cover being that they deal with other configurations and functions of the router itself. The goal here is to get you up and going securely!

For navigation of the router setup screens, note the Main Menu links outlined in RED below. The YELLOW selections are sub pages for the selected main section you are manipulating.

• The main thing here is to be a starting point for your router. Most of the settings here are self explanatory.
• For the router IP, I'd set this value to be something other than 192.168.1.1. Everyone knows this is standard out of the box for a Linksys router. Make it something different. Keep in mind that you must stick to a Class C address. An easy change would be to simply change the 3rd value in the IP as I did above. There is an error in my screen cap above. I don't use the DHCP function on my home network (I've got a server that handles that part for me), so the remainder of the capture shows 192.168.1.x...but you get the idea for the address change right?
• The next thing to change is the number of DHCP users. The router defaults to 50, so why leave it there if you only have 4 users? Change this to the number of machines you expect to be on your network.
• Of course, after you finish changing anything on the setup screens, press the Save Settings button at the bottom of the screen.

MAC Address Clone

• The only purpose of this screen is to clone the MAC address of the NIC registered with your ISP. Some ISP's register the MAC address of your NIC in addition to that of the cable modem. Knology, Gforce, and Charter are the first ISP's that come to mind.
  
• There are several ways to get the MAC address of your Windows based PC. To me, the easiest way is to open a command prompt and type ipconfig /all . Look for the physical address and write it down. On XP Pro, from the good old command line again, you can also use the getmac command to retrieve the information as well.
  
• If you need the MacClone feature, set the radio button to Enable, enter your MAC address, and save.

Basic Wireless Settings

• If you are only using Wireless G at home, go ahead and set it for G-Only.
  
• Change your SSID to something unique. All lower case is fine. Key thing here is to set it to something other than "linksys".
  Your selected wireless channel can help in performance big time. You have 11 channels available, however, if you and your neighbor both use the same channel, you could very well get collisions. In fact, you really don't want to use an adjacent channel either because of crossover. If possible, have one channel between your selected channel and the strongest neighbor's. A good FREE Windows utility for viewing wireless networks in range of your AP is NetStumbler. Works great for the price!
  
• Finally, disable the SSID Broadcast. No need to announce your presence to everyone! You know the SSID and authentication information you will need to input for connecting to your network. Save your settings.

Wireless Security

• This screen is one of the most important in the setup!
  
• Security mode should be set to WPA / WPA2 Personal at a minimum. For the best secrity, WPA2 is what you will want to use, assuming your hardware supports it. If your NIC does not support it, look on the vendor's website for a flash/driver update. If one is not available, I would seriously consider getting a wireless adapter that suppors WPA2.
  
• As for an Encryption algorithm, at a minimum select TKIP (Temporal Key Integrity Protocol). If you run other devices like PDAs and such wirelessly in your home then select TKIP+AES(Advanced Encryption Standard) for maximum compatibility. TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism. It also ensures that every data packet is sent with its own unique encryption key. For maximum security though, use WPA2 with AES only.
  
• The personal key is your own pass phrase. Use what ever you want, up to 64 characters. Use a mixture of stuff containing upper and lower case text, numerics, and special characters as well. Make it RANDOM, difficult and LONG!

Wireless Network Access

• This screen is also known as the MAC Filtering screen. You have the option here of specifying the MAC addresses of NICs that are allowed to connect to your Wireless Network.
  
• You can manually type them in, or if you have allowed unfiltered connections to the router already and they are connected via the internal DHCP server in the router, you can use the button at the bottom of the dialog to automatically fill them in for you. This is the easiest way of course.
  
• When you are done, remember to save your settings!

Firewall Options - Security

• Of course you will want to enable Firewall protection! This will block incoming connect requests while at the same time allow connections initiated from the inside. This is also known as a Stateful Firewall.
  
• Next, if not already selected, you will want to select the "Block WAN Ping box. This will keep your router from responding to anyone looking for IP addresses that will respond to it's pings.
  
• The last three settings apply to VPNs. If you access a VPN at work, you will want to enable these as well to successfully connect. For folks that I work with, DEFINITELY enable these three options.

Administration

• Router password? Need I say more? Change this to something unique that only you know! Remember to make it strong sing a mixture of random MiXEd cAsE characters that aren't in a dictionary.
  
• The next two sections sort of work together...HTTP Access and Remote management. I'd recommend not enabling Remote Router Access from outside your home network. No need to play with it away from home. If you do decide to enable it, definitely enable the HTTPS option for access. Again, I'd recommend not enabling the remote access to the router.
  
• No need to worry about SNMP....most folks don't use it in their home networks.
  
• UPnP - Universal Plug n Play. I'd recommend leaving it off. It buys nothing for you really and the router works great without it. This is an older article, but take a look at it and make the decision for yourself. grc.com - UPnP article.
  
• I have Multicast Pass Through disabled as seen above, but with newer forms of streaming media, it should be enabled. This one is up to you. Disable it first...if you have issues, you can always go back and enable it.

Router Status

• This page is more of a "nice to know" kind of thing. Nothing for security settings here, but it is very useful when you are troubleshooting connectivity to your ISP.
  
• The DHCP Release button does just as it implies, it releases the information related to the router's connection to the ISP.
  
• The DHCP Renew button does just as it implies, it sends a DHCP request to the ISP to renew your IP address and lease information for the WAN side of your router.

Router Performance

• This is basically just a nice overview screen as well. This is a screen capture of mine minus the MAC addresses of course. <grin> As you can see at the bottom, I have 2 machines hardwired to the router. The other two I have are wireless. Note the LAN side IP address above...don't make yours the same. The address above is out of the box and just for this demo. See Main Setup Screen section above.

I hope this information will be useful for you and your new network at home. The router itself has tons of other functions, Port forwarding, DMZ Hosting, etc. and is another area to explore. I'll explain more as time permits.

Contact Me

Please feel free to drop me an email via the email link here. Take Care and God Bless!

Last updated on April 10, 2009 2:03 AM