Splash of Style...Macs, Photography, Design, and other Passions

Configuring a Linksys Router

April 13, 2007 by debbie T | ComputersInternetWireless

My friend Jenn is having a tough time properly configuring her Linksys wireless router, so I told her I would write a tutorial. (waving to Jenn!) Hopefully this will help her, and anyone else in need. I suggest printing this tutorial to follow along easier.

First off, let me state that I am not a security expert, so please take everything in this tutorial with a grain of salt. ;) My router is a Linksys WRT54G wireless router, and I am using Comcast for broadband internet access. If someone is using DSL or a different router model, then settings might be slightly different.

For lots more information on wireless security, I recommend the podcast “Security Now” with Steve Gibson and Leo Laporte. Along with the audio podcast, there are also text transcripts for each show. For specific wifi discussion, locate podcasts from 2005 - episodes 10 through 13.

Let’s get started

Access the Linksys Router in Your Browser

In order to access the settings of your Linksys router, type or copy/paste the address http://192.168.1.1/ into the address bar of any web browser (Internet Explorer, Firefox, Safari)

In the password window, type user name “admin” and unless you previously changed the access password, the default password will be “admin”.

If you are having trouble gaining access, you may want to reset the router back to its default settings by pushing the reset button on the back of the router. Important! if the router is reset, all previous settings will be lost.

Change Your Administration Password

If you gained access to the router settings using the default password “admin” CHANGE THAT PASSWORD IMMEDIATELY!

Any stranger with access to your wireless connection can get into your settings and mess around. A malicious user can change certain settings and the password to lock you out of your own connection.

To change the admin password, click the Administration tab.

Type in a new password, then re-enter the password to confirm. Next time you log into the router using your browser, you will need to use this new password. Keep it in a safe place.

image of admin page

Make sure your password is strong. Do not use passwords that are easy to decipher. Security Stats has an easy to use password strength tool. Check out their tips for selecting a good strong password.

While you are in the admin screen, disable UNPnP (Universal Plug n Play) - UNPnP is used by certain programs to automatically open ports for communication, and can open an unwanted security hole in your router.

Click the “Save Settings” button at the bottom of the page.

Basic Wireless Settings

Click to select the Wireless tab, then Basic Wireless Settings.

Leave “mixed” for Wireless Network Mode, unless you have specific reasons to disable G or B client access. If you wish to disable wireless access altogether, choose disable from the menu.

image of basic wireless settings

It is recommended to edit the Network Name - this is the name that displays when connecting from your laptop or other wireless enabled device (if you enable SSID broadcast.)

It is up for debate whether to disable or enable SSID broadcast. Search on google for ssid broadcast and read through the advise. Most will recommend to disable. Personally, I have SSID broadcast enabled. In my opinion, it is better to use an extremely strong WPA password (more on that later), but if you feel safer keeping it disabled, then by all means, do it. Keep in mind it is not a fool-proof security.

Next, choosing a wireless channel. The support pages at Linksys.com state “Preferred channels to use are 1, 6 and 11 since they are considered non-overlapping channels.” I am using channel 11. If you have a 2.4ghz cordless phone, you might have interference problems. For more information, use google to search for choosing a router wireless channel.

Click the “Save Settings” button at the bottom of the page.

Wireless Security Settings

Click to select the Wireless Security tab.

The best mode of wireless security is WPA encryption. I use WPA Personal, because it seemed to have the least conflicts. Do not use WEP encryption, as it can be easily hacked. Update 2008-11-9: It is now best to use WPA2 Personal.

image of wireless security settings

For WPA Algorithms, use TKIP. According to Linksys help files, TKIP utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers.

Update: 2008-11-9: It has been now found that TKIP is not as secure as once thought. It’s best to use AES. Please see my newer tutorial for more details: http://splashofstyle.com/archives/2008/11/09/change-linksys-router-wireless-security-to-wpa2/

Next is WPA Shared Key. The shared key is the password that all users will need to access your wireless network.

This is not the time to use a flimsy password. Your wireless security depends on a solid strong password. Your WPA password can be creating using up to 63 characters; think of a password using numbers, lower & upper case letters, along with special characters like & or @.

Don’t worry about having to memorize this password. In most cases, once you type it to access the wifi connection, you shouldn’t have to type it again. So, don’t skimp on the complexity of your WPA shared key. Steve Gibson offers a strong password generator on his web site. Each time the page is displayed, a new set of passwords is generated. There is a choice of three. I like the one with the ASCII characters.

Important to remember, this password should not be the same as your admin password.

Please do not lose the shared key password. Make sure to keep it in a safe place, just in case you need it in the future. A visitor to your home, a reinstalled operating system, and a new computer are all reasons that might warrant the need to access the wireless network as a new user.

Lastly, the Group Key Renewal can be left at the default. I won’t pretend that I know exactly what this setting is, but if you are curious, google will give you answers. Search for Group Key Renewal.

Click the “Save Settings” button at the bottom of the page.

The Router Firewall

Whether you enable wireless connectivity or not, the router (hardware) firewall should be enabled. A hardware firewall will protect all wired and wirelessly connected computer systems much more efficiently than a software firewall. Note: It is still advised to run a software firewall as it offers additional protection.

Click to choose the Security tab; enable the firewall, then check the boxes next to:

image for firewall settings

Click the “Save Settings” button at the bottom of the page.

Final Thoughts

Well, that should be all the major setting choices. Do some exploring on your own, such as the Parental Control and Internet Access found in the Access Restrictions section. If you find a setting that intrigues you, search for it on google.

Good luck and be safe!

There are 8 comments

  1. Very nicely written article!

    Instead of trying to type a random, 63 character password as generated on Steve Gibson’s secure site, I strongly recommend copying and pasting the file into Notepad or a similar text editor then pasting it into the WPA configuration page on the router, and the wireless cards configuration.

    It’s kind of frustrating to type 63 random characters and to try and figure out where the typo is, or which character you’re missing.

    One caveat, don’t send the key over your wireless connection to your wireless computer! This would result in your long, random pre-shared key going clear text to your other computer. Kind of defeats the purpose. Get it to the other computer by saving to a USB Drive, a Floppy, or over a wired connection.

    Again, well written article.

    Ted

    Comment by Ted on April 15th, 2007

  2. Oh Ted, excellent points!

    You are absolutely correct about the lack of security when pasting the password from Steve Gibson’s web page, and into your wireless computer!

    Plug in your computer using an ethernet cable (into the router) then copy and paste.

    If an ethernet cable is not handy, then get online using a wired computer, and copy the key to a CD or USB drive.

    Actually, if neither of these options are suitable for your situation, it is just as easy to let your own fingers generate a random key.

    In Notepad, (or any text editor) type a string consisting of numerical, lower case letters, upper case letters, along with a smidgen of special characters, and you got yourself a passkey.

    Thank you for your comments, Ted!

    Comment by debbieT on April 15th, 2007

  3. hey deb, that was great and easy to follow, and it worked! thank you so much we are now secure jenn

    Comment by Jen on April 15th, 2007

  4. Woo-hoo! Glad to hear it, Jenn!

    Comment by debbieT on April 15th, 2007

  5. Fantastic article,Very Very useful stuff.

    Thanks a ton. Yogesh

    Comment by Yogesh on April 24th, 2007

  6. I have been trying to set-up access restrictions on my Linksys router and discovered that they only work when the firewall setting is enabled. This may be common knowlege to some people but it took me hours to figure it out. I still can’t get the restricted hours setting to work correctly. No matter what hours I set, the MAC addresses I’ve entered lose their internet access immediately when I enable the policy.

    Any ideas?

    Comment by Kathie on June 2nd, 2007

  7. sorry Kathie, I don’t use any access restrictions. Have you tried calling LinkSys? I have spoken to them a couple of times, and although it appears the call center is in India, they seemed to know the answers.

    Maybe they can help you with this! Good luck!

    Comment by debbieT on June 3rd, 2007

  8. One thing I forgot, it’s also good to change your SSID from its default. It should be something hard to guess.

    Comment by Ted on June 6th, 2007