Apple AirPort

There are now two types of AirPort base stations that are on the market from Apple. Both the AirPort Express and AirPort Extreme Base Station are 802.11g devices. The AirPort Extreme is designed more as a home gateway, and it has a modem and external antenna port. Although more costly than a number of other devices on the market, it is also more functional and is a common small-office solution.

First-Time Setup

The first-time setup is done with the same AirPort Setup Assistant application that configures new wireless interfaces. AirPorts fresh out of the shrink wrap broadcast their existence to the world so that a Mac OS client can be used for configuration. After connecting to the AirPort and clicking through to the configuration screen, the network security setup screen of Figure 20-3 is presented. The configuration displayed shows a WPA pre-shared key security method. It is also possible to configure WEP from this screen.

Figure 20-3. Network security settings

The Management Interface

Once the bootstrap configuration is done with the Setup Assistant, the AirPort Base Station is on the network and must be configured with the AirPort Utility (Figure 20-4). This is a separate configuration utility that will feel vaguely familiar if you have ever seen Lucent's AP Manager. When it is started, the AirPort Admin Utility searches all the AirPort base stations on the network and displays them in a list. Individual base stations can be selected for further configuration. When changes are made, the base station must be restarted for the changes to take effect. The "Other" button at the top allows configuration of any AirPort Base Station that the manager can send IP packets to. Far-away base stations may not appear on the browse list, but by clicking on "Other" and entering an IP address, the Manager can configure any base station to which it has IP connectivity.

Figure 20-4. AirPort Admin Utility main screen

Configuring the wireless interface

When a base station is selected for configuration, the configuration screen will pop up. Several tabs are used to group configuration information into logical subsets, and the wireless interface configuration is available by default. Across the top, there are buttons to restart the access point, upload new firmware, return the base station to factory defaults, and change the password. (New firmware is distributed as part of the Admin Utility package, and will automatically be used to update old AirPorts as the manager discovers them.)

The AirPort configuration is shown in Figure 20-5. Security settings are similar to those shown in previously in Figure 20-3. The "closed network" option prevents the inclusion of the SSID information element in Beacon frames and requires that stations associating provide it. It is a toy security option, and does not really close the network. As dual-mode 802.11b/g devices, it is possible to configure them in a b/g compatibility mode, or attempt to keep 802.11b devices off the network to reduce the overhead of protection.

Figure 20-5. Wireless interface configuration

Configuration of the LAN interface

The AirPort may be used as a NAT device, in which case it will translate IP traffic from wireless devices on to its address on the Ethernet interface. Client computers can be statically addressed by the network administrator, or the built-in DHCP server can be turned on and assigned a range of addresses to assign to clients. When NAT is used to hide several computers behind one IP address, the address specified in the Internet properties is used as the public address. The wired LAN interface is given the private address 10.0.1.1, and DHCP is used to lease out addresses from 10.0.1.2 to 10.0.1.200 (in this case, you can't select the range of addresses for the DHCP server to give out). The AirPort base station can be connected to wired networks by its Fast Ethernet LAN port if the DHCP server is disabled.

The Port Mapping tab, shown in Figure 20-6, can be used to add inbound static port mappings. The public port is translated to the private IP address and port number listed in the mapping. The figure illustrates an address translation for inbound web services to port 80 on host 10.0.1.201.

Figure 20-6. Port Mapping tab

Access control

Like most other products, the AirPort Base Station supports filtering by client MAC address. The Access Control tab lets you identify clients by their AirPort ID (MAC address) and add them to a list of allowed clients, together with a description.