Apple AirPort Networks
1
Getting Started
1
AirPort offers the easiest way to provide wireless Internet
access and networking anywhere in the home, classroom,
or office.
AirPort is based on the latest Institute of Electrical and Electronics Engineers (IEEE)
802.11n draft specification and provides fast and reliable wireless networking in the
home, classroom, or small office. You can enjoy data transfer rates of up to five times
faster than data rates provided by the 802.11g standard and more than twice the
network range.
The new AirPort Extreme Base Station and the new Time Capsule are based on
simultaneous dual-band technology, so they work in both the 2.4 gigahertz (GHz)
or 5 GHz spectrum at the same time. And they are 100 percent backward-compatible,
so Mac computers and PCs that use 802.11a, 802.11b, 802.11g, or IEEE draft specification
802.11n wireless cards can connect to an AirPort wireless network. They also work
flawlessly with the AirPort Express for wireless music streaming and more. The
AirPort Extreme Base Station and Time Capsule have three additional 10/100/1000Base-
T Gigabit Ethernet ports, so you don’t need to include another router in your network.
To set up an AirPort Extreme Base Station, an AirPort Express, or a Time Capsule, you
use AirPort Utility, the easy-to-use setup and management application. AirPort Utility
has a simple user experience, with all software controls accessible from the same
application. It provides better management of several Apple wireless devices, with
client-monitoring features and logging.
If you’re using AirPort Utility version 5.4 or later, you can set up a guest network, in
both the 2.4 GHz and 5 GHz bands, so that guests can connect to the Internet using
your AirPort network, while you keep your private network secure. You can also choose
to set up guest accounts that expire, to grant temporary access to your network; you
no longer need to give your network password to visitors in your home or office.
You can even set up accounts with time constraints for the best in parental controls.
AirPort Utility supports IPv6 and Bonjour, so you can“advertise”network services such
as printing and sharing a hard disk over the Wide Area Network (WAN) port.
3
Note: When the features discussed in this document apply to the AirPort Extreme Base
Station, AirPort Express, and Time Capsule, the devices are referred to collectively as
Apple wireless devices.
With an AirPort Extreme Base Station or a Time Capsule, you can connect a USB hard
disk so that everyone on the network can back up, store, and share files. Every
Time Capsule includes an internal AirPort disk, so you don’t need to connect an
external one. If you want, you can connect additional USB disks to the USB port on
your Time Capsule. You can also connect a USB printer to the USB port on any
Apple wireless device, so that everyone on the network can access the printer or hub.
All Apple wireless devices provide strong, wireless security. They offer a built-in firewall
and support industry-standard encryption technologies. Yet the simple setup utility
and powerful access controls make it easy for authorized users to connect to the
AirPort network they create.
You can use an Apple wireless device to provide wireless Internet access and share a
single Internet connection among several computers in the following ways:
 Set up the device to act as a router and provide Internet Protocol (IP) addresses to
computers on the network using Dynamic Host Configuration Protocol (DHCP) and
Network Address Translation (NAT). When the wireless device is connected to a DSL
or cable modem that is connected to the Internet, it receives webpages and email
content from the Internet through its Internet connection, and then sends the
content to wireless-enabled computers, using the wireless network or using Ethernet
if there are computers connected to the Ethernet ports.
 Set up the Apple wireless device to act as a bridge on an existing network that
already has Internet access and a router providing IP addresses. The device passes
IP addresses and the Internet connection to AirPort or wireless-enabled computers,
or computers connected to the wireless device by Ethernet.
This document provides information about the latest AirPort Extreme Base Station,
AirPort Express, and Time Capsule, and detailed information about designing 802.11n
networks with AirPort Utility for computers using Mac OS X v10.5 or later, and
Windows Vista or Windows XP with Service Pack 2. If you’re using previous versions of
Mac OS X, or are setting up earlier versions of AirPort devices, you’ll find more
4
Chapter 1 Getting Started
You can set up an Apple wireless device and connect to the Internet wirelessly in
minutes. But because Apple wireless devices are flexible and powerful networking
products, you can also create an AirPort network that does much more. If you want to
design an AirPort network that provides Internet access to non-AirPort computers via
Ethernet, or take advantage of some of your wireless device’s more advanced features,
use this document to design and implement your network. You can find more general
wireless networking information and an overview of AirPort technology in the earlier
Note: The images of AirPort Utility in this document are from Mac OS X v10.5. If you’re
using a Windows computer, the images you see in this document may be slightly
different from what you see on your screen.
Configuring an Apple Wireless Device for Internet Access
Using AirPort Utility
Like your computer, Apple wireless devices must be set up with the appropriate
hardware and IP networking information to connect to the Internet. Install
AirPort Utility, which came on the CD with your wireless device, and use it to provide
Internet configuration information and other network settings.
AirPort Utility combines the ease of use of AirPort Setup Assistant and the power of
AirPort Admin Utility. It is installed in the Utilities folder in the Applications folder on
a Macintosh computer using Mac OS X, and in Start > All Programs > AirPort on
computers using Windows. AirPort Utility walks you through the setup process by
asking a series of questions to determine how the device’s Internet connection and
other interfaces should be set up. Enter the settings you received from your ISP or
network administrator for Ethernet, PPP over Ethernet (PPPoE), or your local area
network (LAN); give your AirPort network a name and password; set up a device as
a wireless bridge to extend the range of your existing AirPort network; and set other
options.
When you’ve finished entering the settings, AirPort Utility transfers the settings to your
wireless device. Then it connects to the Internet and shares its Internet connection with
computers that join its AirPort network.
You can also create an AirPort network that takes advantage of the more advanced
networking features of Apple wireless devices. To set more advanced AirPort options,
use AirPort Utility to manually set up your wireless device’s configuration, or make
quick adjustments to one you’ve already set up. Some of the AirPort advanced
networking features can be configured only using the manual setup features in
AirPort Utility.
Chapter 1 Getting Started
5
Set up your Apple wireless device manually using AirPort Utility when:
 You want to provide Internet access to computers that connect to the wireless device
using Ethernet
 you’ve already set up your device, but you need to change one setting, such as your
account information
 You need to configure advanced settings such as channel frequency, advanced
security options, closed networks, DHCP lease time, access control, WAN privacy,
power controls, or port mapping or other options
For instructions on using AirPort Utility to manually set up your wireless device and
network, see “Using AirPort Utility”on page 15.
You can extend the range of your network by using AirPort Utility to set up wireless
connections among several devices in your network, or to connect a device using
Ethernet to create a roaming network. For more information on extending the range of
your network, see “Connecting Additional Wireless Devices to Your AirPort Network”on
page 41.
Sharing a USB Hard Disk Connected to an AirPort Extreme
Base Station or Time Capsule
USB hard disk to it, and computers connected to the network—wired or wireless, Mac
or Windows—can share files using the hard disk. Every Time Capsule includes an
internal AirPort disk, so you don’t need to connect an external one. If you want, you can
connect additional USB disks to the USB port on your Time Capsule. See “Sharing and
Securing USB Hard Disks on Your Network”on page 54.
If you have a compatible USB printer connected to your Apple wireless device,
computers on the AirPort network can use Bonjour (Apple’s zero-configuration
networking technology) to print to the printer. For instructions about printing to a
USB printer from a computer, see “Connecting a USB Printer to an Apple Wireless
Device”on page 55.
Sharing Your Computer’s Internet Connection
If your computer is connected to the Internet, you can share your Internet connection
with other computers using Mac OS X version 10.2 or later, or Windows XP with Service
Pack 2. This is sometimes called using your computer as a software base station.
6
Chapter 1 Getting Started
You can share your Internet connection as long as your computer is connected to the
Internet. If your computer goes to sleep or is restarted, or if you lose your Internet
connection, you need to restart Internet sharing.
To start Internet sharing on a computer using Mac OS X v10.5 or later:
1 Open System Preferences and click Sharing.
2 Choose the port you want to use to share your Internet connection from the“Share
your connection using”pop-up menu.
3 Select the port you want to use to share your Internet connection in the“To computers
using”list. You can choose to share your Internet connection with AirPort-enabled
computers or computers with built-in Ethernet, for example.
4 Select Internet Sharing in the Services list.
5 If you want to share your Internet connection with computers using AirPort, click
AirPort Options to give your network a name and password.
Chapter 1 Getting Started
7
To start Internet sharing on a computer using Windows:
1 Open Control Panel from the Start menu, and then click“Network and Internet.”
2 Click“Network and Sharing Center.”
3 Click“Manage network connections”in the Tasks list.
4 Right-click the network connection you want to share, and then select Properties.
5 Click Sharing and then select“Allow other network users to connect through this
computer’s Internet connection.”
Note: If your Internet connection and your local network use the same port (built-in
Ethernet, for example), contact your ISP before you turn on Internet sharing. In some
cases (if you use a cable modem, for example) you might unintentionally affect the
network settings of other ISP customers, and your ISP might terminate your service to
prevent you from disrupting its network.
The following chapters explain AirPort security options, AirPort network design and
setup, and other advanced options.
8
Chapter 1 Getting Started
2
AirPort Security
2
This chapter provides an overview of the security features
available in AirPort.
you can enjoy peace of mind when you access the Internet, manage online financial
transactions, or send and receive email. The AirPort Extreme Base Station and
Time Capsule also include a slot for inserting a lock to deter theft.
For information and instructions for setting up these security features, see “Setting Up
the AirPort Extreme Network”on page 17.
Security for AirPort Networks at Home
Apple gives you ways to protect your wireless AirPort network as well as the data that
travels over it.
NAT Firewall
You can isolate your wireless network with firewall protection. Apple wireless devices
have a built-in Network Address Translation (NAT) firewall that creates a barrier
between your network and the Internet, protecting data from Internet-based IP attacks.
The firewall is automatically turned on when you set up the device to share a single
Internet connection. For computers with a cable or DSL modem, AirPort can actually be
safer than a wired connection.
Closed Network
Creating a closed network keeps the network name and the very existence of your
network private. Prospective users of your network must know the network name
and password to access it. Use AirPort Utility, located in the Utilities folder in the
Applications folder on a Macintosh computer using Mac OS X, or in Start > All
Programs > AirPort on a computer using Windows, to create a closed network.
9
Password Protection and Encryption
AirPort uses password protection and encryption to deliver a level of security
comparable to that of traditional wired networks. Users can be required to enter a
password to log in to the AirPort network. When transmitting data and passwords,
the wireless device uses up to 128-bit encryption, through either Wi-Fi Protected Access
(WPA), WPA2, or Wired Equivalent Privacy (WEP), to scramble data and help keep
it safe. If you’re setting up an 802.11n-based AirPort device, you can also use WEP
(Transitional Security Network) if both WEP-compatible and WPA/WPA2-compatible
computers will join your network.
Note: WPA security is available only to AirPort Extreme wireless devices; AirPort and
AirPort Extreme clients using Mac OS X 10.3 or later and AirPort 3.3 or later; and to
non-Apple clients using other 802.11 wireless adapters that support WPA. WPA2
security requires firmware version 5.6 or later for an AirPort Extreme Base Station,
firmware version 6.2 or later for an AirPort Express, firmware version 7.3 or later for a
Time Capsule, and a Macintosh computer with an AirPort Extreme wireless card using
AirPort 4.2 or later. If your computer uses Windows XP or Windows Vista, check the
documentation that came with your computer to see if your computer supports WPA2.
Security for AirPort Networks in Businesses and Classrooms
Businesses and schools need to restrict network communications to authorized users
and keep data safe from prying eyes. To meet this need, Apple wireless devices and
software provide a robust suite of security mechanisms. Use AirPort Utility to set up
these advanced security features.
Transmitter Power Control
Because radio waves travel in all directions, they can extend outside the confines of a
specific building. The Transmit Power setting in AirPort Utility lets you adjust the
transmission range of your device’s network. Only users within the network vicinity
have access to the network.
MAC Address Access Control
Every AirPort and wireless card have a unique Media Access Control (MAC) address.
For AirPort Cards and AirPort Extreme Cards, the MAC address is sometimes referred to
as the AirPort ID. Support for MAC address access control lets administrators set up a
list of MAC addresses and restrict access to the network to only those users whose MAC
addresses are in the access control list.
10
Chapter 2 AirPort Security
RADIUS Support
The Remote Authentication Dial-In User Service (RADIUS) makes securing a large
network easy. RADIUS is an access control protocol that allows a system administrator
to create a central list of the user names and passwords of computers that can access
the network. Placing this list on a centralized server allows many wireless devices to
access the list and makes it easy to update. If the MAC address of a user’s computer
(which is unique to each 802.11 wireless card) is not on your approved MAC address list,
the user cannot join your network.
Wi-Fi Protected Access (WPA) and WPA2
There has been increasing concern about the vulnerabilities of WEP. In response, the
Wi-Fi Alliance, in conjunction with the IEEE, has developed enhanced, interoperable
security standards called Wi-Fi Protected Access (WPA) and WPA2.
WPA and WPA2 use specifications that bring together standards-based, interoperable
security mechanisms that significantly increase the level of data protection and access
control for wireless LANs. WPA and WPA2 provide wireless LAN users with a high-level
assurance that their data remains protected and that only authorized network users
can access the network. A wireless network that uses WPA or WPA2 requires all
computers that access the wireless network to have WPA or WPA2 support. WPA
provides a high level of data protection and (when used in Enterprise mode) requires
user authentication.
The main standards-based technologies that constitute WPA include Temporal Key
Integrity Protocol (TKIP), 802.1X, Message Integrity Check (MIC), and Extensible
Authentication Protocol (EAP).
TKIP provides enhanced data encryption by addressing the WEP encryption
vulnerabilities, including the frequency with which keys are used to encrypt the
wireless connection. 802.1X and EAP provide the ability to authenticate a user on
the wireless network.
802.1X is a port-based network access control method for wired as well as wireless
networks. The IEEE adopted 802.1X as a standard in August 2001.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing
data packets, altering them, and resending them. The MIC provides a strong
mathematical function in which the receiver and the transmitter each compute and
then compare the MIC. If they do not match, the data is assumed to have been
tampered with and the packet is dropped. If multiple MIC failures occur, the network
may initiate countermeasures.
Chapter 2 AirPort Security
11
The EAP protocol known as TLS (Transport Layer Security) presents a user’s information
in the form of digital certificates. A user’s digital certificates can comprise user names
and passwords, smart cards, secure IDs, or any other identity credentials that the IT
administrator is comfortable using. WPA uses a wide variety of standards-based EAP
implementations, including EAP-Transport Layer Security (EAP-TLS), EAP-Tunnel
Transport Layer Security (EAP-TTLS), and Protected Extensible Authentication Protocol
(PEAP). AirPort Extreme also supports the Lightweight Extensible Authentication
Protocol (LEAP), a security protocol used by Cisco access points to dynamically assign a
different WEP key to each user. AirPort Extreme is compatible with Cisco’s LEAP security
protocol, enabling AirPort users to join Cisco-hosted wireless networks using LEAP.
In addition to TKIP, WPA2 supports the AES-CCMP encryption protocol. Based on the
very secure AES national standard cipher, combined with sophisticated cryptographic
techniques, AES-CCMP was specifically designed for wireless networks. Migrating from
WEP to WPA2 requires new firmware for the AirPort Extreme Base Station (version 5.6 or
later), and for AirPort Express (version 6.2 or later). Devices using WPA2 mode are not
backward compatible with WEP.
WPA and WPA2 have two modes:
 Personal mode, which relies on the capabilities of TKIP or AES-CCMP without
requiring an authentication server
 Enterprise mode, which uses a separate server, such as a RADIUS server, for user
authentication
WPA and WPA2 Personal
 For home or Small Office/Home Office (SOHO) networks, WPA and WPA2 operates in
Personal mode, taking into account that the typical household or small office does
not have an authentication server. Instead of authenticating with a RADIUS server,
users manually enter a password to log in to the wireless network. When a user
enters the password correctly, the wireless device starts the encryption process using
TKIP or AES-CCMP. TKIP or AES-CCMP takes the original password and derives
encryption keys mathematically from the network password. The encryption key is
regularly changed and rotated so that the same encryption key is never used twice.
Other than entering the network password, the user isn’t required to do anything to
make WPA or WPA2 Personal work in the home.
12
Chapter 2 AirPort Security
WPA and WPA2 Enterprise
WPA is a subset of the draft IEEE 802.11i standard and effectively addresses the wireless
local area network (WLAN) security requirements for the enterprise. WPA2 is a full
implementation of the ratified IEEE 802.11i standard. In an enterprise with IT resources,
provide centralized access control and management. With this implementation in
place, the need for add-on solutions such as virtual private networks (VPNs) may be
eliminated, at least for securing wireless connections in a network.
For more information about setting up a WPA or WPA2 protected network, see
“Using Wi-Fi Protected Access”on page 45.
Chapter 2 AirPort Security
13
3
AirPort Network Designs
3
This chapter provides overview information and instructions
for the types of AirPort Extreme networks you can set up, and
some of the advanced options of AirPort Extreme.
Use this chapter to design and set up your AirPort Extreme network.
Configuring your Apple wireless device to implement a network design requires
three steps:
Step 1: Setting Up the AirPort Extreme Network
Computers communicate with the wireless device over the AirPort wireless network.
When you set up the AirPort network created by the wireless device, you can name the
wireless network, assign a password that will be needed to join the wireless network,
and set other options.
Step 2: Configuring and Sharing Internet Access
When computers access the Internet through the AirPort Extreme network, the wireless
device connects to the Internet and transmits information to the computers over the
AirPort Extreme network. You provide the wireless device with settings appropriate for
your ISP and configure how the device shares this connection with other computers.
Step 3: Setting Advanced Options
These settings are optional for most users. They include using the Apple wireless device
as a bridge between your AirPort Extreme network and an Ethernet network, setting
advanced security options, extending the AirPort network to other wireless devices,
and fine-tuning other settings.
For specific instructions on all these steps, refer to the sections later in this chapter.
You can do most of your setup and configuration tasks using AirPort Utility, and
following the onscreen instructions to enter your ISP and network information. To set
advanced options, you need to use AirPort Utility to manually set up your Apple
wireless device and AirPort network.
14
Using AirPort Utility
To set up and configure your computer or Apple wireless device to use AirPort Extreme
for basic wireless networking and Internet access, use AirPort Utility and answer
a series of questions about your Internet settings and how you would like to set up
your network.
1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac,
or in Start > All Programs > AirPort on a Windows computer.
2 Select your device in the list on the left if there is more than one device in your
network. Click Continue, and then follow the onscreen instructions to enter the settings
from your ISP or network administrator for the type of network you want to set up. See
the network diagrams later in this chapter for the types of networks you can set up
using AirPort Utility.
To set up a more complicated network, or to make adjustments to a network you’ve
already set up, use the manual setup features in AirPort Utility.
Setting AirPort preferences
Use AirPort preferences to set up your wireless device to alert you when there are
updates available for your device. You can also set it up to notify you if there are
problems detected, and to provide instructions to help solve the problems.
To set AirPort preferences:
1 Open AirPort Utility, located in the Utilities folder inside the Applications folder on
a Mac, and in Start > All Programs > AirPort on a Windows computer.
2 Do one of the following:
 On a Mac, choose AirPort Utility > Preferences
 On a Windows computer, choose File > Preferences
Chapter 3 AirPort Network Designs
15
Select from the following checkboxes:
 Select“Check for Updates when opening AirPort Utility”to automatically check the
Apple website for software and firmware updates each time you open AirPort Utility.
 Select the“Check for updates”checkbox, and then choose a time interval from the
pop-up menu, such as weekly, to check for software and firmware updates in the
background. AirPort Utility opens if updates are available.
 Select“Monitor Apple wireless devices for problems”to investigate problems that
may cause the device’s status light to blink amber. With the checkbox selected,
AirPort Utility opens if a problem is detected, and then provides instructions to help
resolve the problem. This option monitors all of the wireless devices on the network.
 Select“Only Apple wireless devices that I have configured”to monitor only the
devices you’ve set up using this computer.
Monitoring devices for problems requires an AirPort wireless device that supports
firmware version 7.0 or later.
To set up your wireless device manually:
1 Open AirPort Utility, located in the Utilities folder in the Applications folder on a Mac, or
in Start > All Programs > AirPort on a Windows computer.
2 Select your device in the list.
3 Choose Base Station > Manual Setup and enter the password if necessary. The default
device password is public.
If you don’t see your wireless device in the list:
1 Open the AirPort status menu in the menu bar on a Mac and make sure that you’ve
joined the AirPort network created by your wireless device. On a Windows computer,
hover the cursor over the wireless network icon in the status tray to make sure the
computer is connected to the correct network.
The default network name for an Apple wireless device is AirPort Network XXXXXX,
where XXXXXX is replaced with the last six digits of the AirPort ID, (or MAC address).
The AirPort ID is printed on the bottom of Apple wireless devices.
2 Make sure your computer’s network and TCP/IP settings are configured properly.
On a computer using Mac OS X, choose AirPort from the Show pop-up menu in the
Network pane of System Preferences. Then choose Using DHCP from the Configure IPv4
pop-up menu in the TCP/IP pane.
On a computer using Windows, right-click the wireless connection icon that displays
the AirPort network, and choose Status. Click Properties, select Internet Protocol
(TCP/IP), and then click Properties. Make sure“Obtain an IP address automatically”is
selected.
16
Chapter 3 AirPort Network Designs
If you can’t open the wireless device settings:
1 Make sure your network and TCP/IP settings are configured properly.
On a computer using Mac OS X, select AirPort from the network connection services list
in the Network pane of System Preferences. Click Advanced, and then choose Using
DHCP from the Configure IPv4 pop-up menu in the TCP/IP pane.
On a computer using Windows, right-click the wireless connection icon that displays
the AirPort network, and choose Status. Click Properties, select Internet Protocol
(TCP/IP), and then click Properties. Make sure “Obtain an IP address automatically”
is selected.
2 Make sure you entered the wireless device password correctly. The default password
is public. If you’ve forgotten the device password, you can reset it to public by resetting
the device.
To temporarily reset the device password to public, hold down the reset button for one
second. To reset the device back to its default settings, hold the reset button for five full
seconds.
If you’re on an Ethernet network that has other devices, or you’re using Ethernet to
connect to the device:
AirPort Utility scans the Ethernet network to create the list of devices. As a result, when
you open AirPort Utility, you may see devices that you cannot configure.
Setting Up the AirPort Extreme Network
The first step in configuring your Apple wireless device is setting up the device and the
network it will create. You can set up most features using AirPort Utility and following
the onscreen instructions to enter the information from your ISP or network
administrator.
To configure a network manually or set advanced options, open your wireless device’s
configuration in AirPort Utility and manually set up your device and network.
1 Choose the network of the wireless device you want to configure from the AirPort
status menu on a computer using Mac OS X, or from the wireless connection icon in
the status tray on a computer using Windows.
2 Open AirPort Utility and select the wireless device from the list. If you don’t see the
device you want to configure, click Rescan to scan for available wireless devices, and
then select the one you want from the list.
Chapter 3 AirPort Network Designs
17
3 Choose Base Station > Manual Setup and enter the password if necessary. The default
device password is public.
You can also double-click the name of the wireless device to open its configuration in
a separate window. When you open the manual setup window, the Summary pane is
displayed. The summary pane provides information and status about your wireless
device and network.
18
Chapter 3 AirPort Network Designs
|