Lesson 3: Network Configuration CHAPTER 6 353 To connect to the wireless network displayed in Figure 6-36, you enter the following c o m m a n d : netsh wlan connect name=default If there is more than one wireless network on the same profile, you also need to specify the service set identifier (SSID) of the network to which you want to connect. For example, if you created an ad hoc network called MyOtherNet and want to connect to it, you enter the following command: netsh wlan connect name=default ssid=myothernet If you issue a command to connect to a wireless network and your computer is already connected to another wireless network, it disconnects from its current network and connects to the network that you specify. If you want to disconnect from a network without connecting to another one and you have only one network adapter on your computer, you enter the following command: netsh wlan disconnect If you have more than one wireless interface on your system, you can specify the interface that you want to disconnect by entering a command similar to the following: netsh wlan disconnect interface=”Wireless Network Connection” To disconnect from all interfaces, you enter the following command: netsh wlan disconnect interface=* The Netsh wlan utility is both versatile and powerful. As with all command-line utilities, the best way of becoming familiar with it is to use it and experiment with it. This is one of the suggested practices at the end of this chapter. Figure 6-37 shows the commands available for the Netsh wlan utility. FIGURE 6-37 Netsh wlan utility commands 3 5 4 CHAPTER 6 Network Settings You can configure wireless connection behavior by clicking Change Adapter Settings in Network And Sharing Center, right-clicking your wireless adapter, and clicking Status. Clicking Details on the Status dialog box displays the adapter configuration, as shown in Figure 6-38. FIGURE 6-38 Wireless adapter configuration Clicking Wireless Properties in the adapter’s Status dialog box opens the Wireless Network Properties dialog box for the wireless network to which you are currently connected, as shown in Figure 6-39. You can configure your computer to always connect to the currently connected network if it is in range, or to connect to a more preferred network when available. You can configure a WAP so that it does not broadcast its name or SSID. This enhances security because the network does not appear on the list of wireless networks in range and you need to connect to it manually. You can configure your computer (and hence, other computers on your network) to connect to a network that is in range but is not broadcasting its SSID. You can copy this and other settings to a USB flash drive that you then use to configure other computers to connect to your wireless network. If you select the Connect To A More Preferred Network If Available, automatic switching is enabled, which can be a useful feature in a large organization that requires more than one wireless network to cover its floor space. Suppose, for example, a doctor is moving from ward to ward in a hospital and is using a laptop computer. She does not want to manually connect to another wireless network whenever she gets out of the range of the one to which she is currently connected. Automatic switching accomplishes this seamlessly, without user intervention. However, automatic switching can cause problems if two networks overlap. This is discussed in the section entitled “Troubleshooting Wireless Networks,” later in this lesson. Lesson 3: Network Configuration CHAPTER 6 355 FIGURE 6-39 Configuring connection properties You can add additional wireless-enabled computers to your network by inserting the USB flash drive and clicking Wireless Network Setup Wizard in the AutoPlay dialog box. Alternatively, you can manually add a wireless computer running Windows 7 to your network by clicking Connect To A Network on Network And Sharing Center and using the same procedure that you followed when connecting the first computer. note NETWORK SECURITY KEY By default, a WAP is set to permit open access by any wireless-enabled computer within its range. You can configure both authentication and encryption type on the Security tab of the Wireless Network Properties dialog box. Configuring security settings on a third-party WAP is discussed later in this lesson. Quick Check n You are adding a new computer to a wired network that connects to the Internet through a cable modem attached to one of your computers by a USB cable. The new computer is configured to obtain its IP configuration automatically. When you switch the new computer on, it is configured with an IP address, a subnet mask, and IP addresses for its default gateway and DNS server. Where does it get this information? Quick Check Answer n From the computer attached to the modem, which is configured to run ICS. 3 5 6 CHAPTER 6 Network Settings To connect to a wireless network that does not broadcast its SSID, you need to know details such as the network name and security type. In Network And Sharing Center, you click Set Up A Connection Or Network, click Manually Connect To A Wireless Network, and click Next. You are prompted for the network name and security type and (if appropriate) encryption type and security key. Alternatively, you can open an elevated command prompt and enter a command with the following syntax: netsh wlan connect name=<profile_name> ssid-<network_ssid> [interface=<interface_name>] To add a wireless device other than a computer to a network, you need to follow the manufacturer’s instructions in the information that came with the device. You might be able to add the device using a USB flash drive. If the device is a printer, you might need to enable printer sharing so that other computers on the network can use it. If you want to add a Bluetooth enabled device to your network, you need a Bluetooth network adapter. More Info BLUETOOTH For more information about Bluetooth, access http://bluetooth.com/Bluetooth/Technology/ and follow the links. note VIRTUAL PRIVATE NETWORKS You can also connect to a virtual private network (VPN) by clicking Connect To A Network in Network And Sharing Center. Chapter 10, “DirectAccess and VPN Connections,” discusses VPNs in detail. Managing Preferred Wireless Networks If you have a wireless-enabled mobile computer such as a laptop, you can take it to various locations and connect to whatever wireless networks are available at any location. You can see the available networks by opening Network And Sharing Center and clicking Connect To A Network. You can also click the Wireless icon on the Toolbar at the bottom right section of your screen. You can then right-click a network and click Connect. Available networks are listed in the Manage Wireless Networks dialog box. If you do not see the network to which you want to connect, you can click Set Up A New Connection Or Network in Network And Sharing Center. You can select from a list of available options (for example, Connect To The Internet) and manually search for and connect to a network. You can also create a new network connection. Some networks require a network security key or passphrase. To connect to a secure network that you do not administer, you need to ask the network administrator or the service provider for the key or passphrase. Lesson 3: Network Configuration CHAPTER 6 357 WarnIng CHOOSE A SECURITY-ENABLED WIRELESS NETWORK When you are connecting to a wireless network that is not your own, you should always choose a security-enabled wireless network if available. If you connect to a network that is not secure, someone with the right tools can see everything that you do, including the Web sites you visit, the documents you work on, and the user names and passwords that you use—decidedly not recommended. If you have previously connected to various wireless networks, the list of these networks is referred to as your preferred list. The wireless networks on your preferred list are your preferred wireless networks. You can click Manage Wireless Networks in the Network And Sharing Center and view saved wireless networks. You can change the order in which your computer attempts to connect to preferred networks by dragging the networks up or down in the list. You can also change preferences for the network by right-clicking the network and selecting Properties. Suppose, for example, that a doctor works in a large hospital. On the first floor, she can connect to the wireless networks Wards_10_to_14 and Wards_15_to_19. On the second floor, she can connect to the wireless networks Wards_20_to_24 and Wards_25_to_29. There is shielding between the floors, and she cannot connect to a network if she is not on the appropriate floor. She knows that the networks Wards_10_to_14 and Wards_20_to_24 have high bandwidth, and she wants to connect to them by preference of whatever ward she is in. If she cannot connect to her first choice of network, she wants to connect to her second choice. The doctor has previously been connected to all four networks (not at the same time), and they are on her preferred list. Note that a network can be on a preferred list even if it is not currently in range. The doctor needs to make sure that the network Wards_10_to_14 is above the network Wards_15_to_19 and that the network Wards_20_to_24 is above the network Wards_25_to_29 in her preferred network list. It makes no difference whether the first-floor wards are above the second-floor wards in the list or the other way round. On the first floor, the second-floor networks cannot be reached. The doctor’s computer connects to the network Wards_10_to_14 if it is available. If not, it connects to the network Wards_15_to_19. On the second floor, the first-floor networks cannot be reached. The doctor’s computer connects to the network Wards_20_to_24 if it is available. If not, it connects to the network Wards_25_to_29. Setting Internal Wireless Adapter Security Later in this lesson, you will learn how to configure security settings on a third-party WAP. You should also configure compatible security in a wireless network adapter. By default, a WAP is set to permit open access by any wireless-enabled computer within its range. However, it can be configured to restrict access to authenticated connections and to use a specified encryption standard. You can configure both authentication and encryption for a wireless 3 5 8 CHAPTER 6 Network Settings network adapter on the Security tab of the Wireless Network Properties dialog box, shown in Figure 6-40. The figure shows the choice of security type. The Encryption Type is either None or Wired Equivalent Privacy (WEP). FIGURE 6-40 The Security tab of the Wireless Network Properties dialog box The following authentication types are available: n No authentication (open) n Shared (a shared secret passkey) n Wi-Fi Protected Access (WPA)-Personal n WPA2-Personal n WPA-Enterprise n WPA2-Enterprise n 802.1X WPA and WPA2 indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. WPA2 enhances WPA, which in turn addresses weaknesses in the previous system, WEP. WPA was intended as an intermediate measure to take the place of WEP while an IEEE 802.11i standard was prepared. 802.1X provides port-based authentication, which involves communications between a supplicant (a client computer), an authenticator (a wired Ethernet switch or WAP), and an authentication server (typically a Remote Authentication Dial In User Service, or RADIUS, server). The WPA2 certification mark indicates compliance with an advanced protocol that implements the full 802.11 standard, and it is mandatory for all new wireless routers that bear the Wi-Fi trademark. This advanced protocol does not work with some older network cards, Lesson 3: Network Configuration CHAPTER 6 359 and WPA is still supported in Microsoft operating systems, including Windows 7. The main difference between WPA and WPA2 is that WPA2 uses Advanced Encryption Standard (AES). AES has its own mechanism for dynamic key generation and is resistant to statistical analysis of the cipher text. Pre-shared key (PSK) mode is also known as Personal mode and is designed for SOHO networks that do not require the complexity of an 802.1X authentication server and do not contain a certificate authority (CA) server. Each wireless network device encrypts the network traffic using a 256-bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. Both WPA-Personal and WPA-2 Personal modes are supported in Windows 7. WPA-Enterprise and WPA2-Enterprise authenticate through the Extensible Authentication Protocol (EAP) and require computer security certificates rather than PSKs. The following EAP types are included in the certification program: n EAP-TLS n EAP-TTLS/MSCHAPv2 n PEAPv0/EAP-MSCHAPv2 n PEAPv1/EAP-GTC n EAP-SIM More Info EAP For more information about EAP, see http://technet.microsoft.com/en-us/network/ bb643147.aspx. The authentication type you choose to configure on your network adapter needs to be supported by the networks to which you want to connect and by your network hardware. For example: n If you have a RADIUS server on your network to act as an authentication server and you want the highest possible level of security, you would choose 802.1X. n If you want to use AES and to use computer certificates rather than a PSK, you would choose WPA2-Enterprise. n If your network router does not support the AES standard but you want to use computer certificates, you would choose WPA-Enterprise. n If you have a small network that is not in a domain and cannot access a CA server, but you install a modern WAP that supports AES, you would use WPA2-Personal (with a PSK). n If you have a small network that is not in a domain and cannot access a CA server and your WAP does not support AES, you would use WPA-Personal. n Shared uses a shared passkey but offers no other protection. You would choose this if no other method was available. n By default, an unconfigured WAP has no authentication. An unconfigured WAP is a security risk and it is most unwise and unprofessional to leave it in that condition. 3 6 0 CHAPTER 6 Network Settings If no authentication is configured, anyone can connect a computer to your network. If no encryption exists, someone with a protocol sniffer can intercept and read confidential data. More Info WEP AND WPA For more information about WEP and WPA, see http://www.ezlan.net/wpa_wep.html. This is not a TechNet site, but it is maintained by a Microsoft Most Valued Professional (MVP). Using an Ad Hoc Network You can set up a temporary wireless network, or ad hoc network, between two or more computers running Windows 7 (or between computers running Windows 7 and Windows Vista) provided they are all within 30 feet (9 meters) of each other. A WAP is not required to set up an ad hoc network. This enables users to share folders and other resources without needing to connect to an organizational network. Suppose, for example, that you were holding a meeting with representatives from another company and you wanted to share information (such as product specifications) with them but did not want to grant them access to your company network. Or suppose that you were holding a meeting in a hotel room and did not want to share confidential information through the hotel’s network. In these and similar cases, you can easily and quickly set up an ad hoc network by doing the following procedure. On the first computer on the network, you open Network And Sharing Center and click Set Up A New Connection Or Network. You then choose the option Set Up A Wireless Ad Hoc (Computer To Computer) Network. You give the network a name and (if you want) set up a security key so that users joining the network need to supply a password. For WEP, this can be 5 case-sensitive characters, 13 case-sensitive characters, 10 hexadecimal case- insensitive characters, or 26 hexadecimal case-insensitive characters, depending on security considerations. (If you choose WPA-2 Personal, you can insist on a 64-character password, but by the time everyone has typed it in correctly, the meeting would probably be over.) Other users join the ad hoc network as they would any other wireless network. You can choose to save the network settings if you want to set up an ad hoc network with the same configuration sometime in the future, but typically an ad hoc network is transient and is torn down when the last member leaves. Ad hoc networks use IPv6 and do not require IPv4 connectivity. You set up and join an ad hoc network in a practice exercise later in this lesson. One use for an ad hoc network is if you connect to the Internet through, for example, an internal cellular modem or a high-speed dial-up modem that uses a mobile phone network. This type of connection (unlike Internet access through a WAP and cable modem) cannot be accessed simultaneously by several computers. In this case you can set up an ad hoc network and share your Internet connection through ICS so that friends with wireless laptops can access the Internet when they visit you. Lesson 3: Network Configuration CHAPTER 6 361 Wireless Network Technologies Advantages of wireless networks include mobility and easy physical installation (you do not need to run cables under the floor). Disadvantages include a slower connection (typically) than a wired network and interference from other wireless devices, such as cordless phones. Currently there are (arguably) four types of wireless network technologies in common use: n 802.11b Up to 11 megabits per second (Mbps); good signal range; low cost. This technology allows fewer simultaneous users than the other options and uses the 2.4-gigahertz (GHz) frequency. This frequency is prone to interference from microwave ovens, cordless phones, and other appliances. n 802.11a Up to 54 Mbps; more simultaneous users than 802.11b, but a smaller signal range; expensive. This option provides a fast transmission speed and uses the 5-GHz frequency, which limits interference from other devices. However, its signal is more easily obstructed by walls and other obstacles and it is not compatible with 802.11b network adapters, routers, and access points. n 802.11g Up to 54 Mbps (under optimal conditions); more simultaneous users than 802.11b; very good signal range; not easily obstructed. This option is compatible with 802.11b network adapters, routers, and access points, but it uses the 2.4-GHz frequency and has the same interference problems as 802.11b. It is also more expensive than 802.11b. n 802.11n Still in draft format, although this situation may have changed by the time you read this book. However, a number of vendors are manufacturing equipment using the current draft 802.11n standard. Most 802.11n devices are compatible with 802.11b and 802.11g. 802.11n builds on previous 802.11 standards by adding multiple- input, multiple-output (MIMO), which uses multiple transmitter and receiver antennas to improve the system performance. 802.11b is adequate for most home and many small-office applications. If, however, your network carries a high volume of streaming media (video or music) traffic, or if interference is a major problem, you might consider 802.11a. If you already have 802.11b devices on your network but require high-speed transmission between specified network points, you might consider 802.11g. Most modern WAPs available from computer equipment retailers now are 802.11g. If you have more than one wireless network adapter in your computer, or if your adapter uses more than one standard, you can specify which adapter or standard to use for each network connection. eXaM tIP Several 802.11 standards exist in addition to 802.11a, 802.11b, and 802.11c. However, the standards described in this lesson are those in common use. If you see any other standard (for example, 802.11d) given as a possible answer in the examination, that answer is almost certainly wrong. 3 6 2 CHAPTER 6 Network Settings Managing Network Connections You can view a list of all the connection interfaces (wired and wireless) on a computer by opening Network And Sharing Center and clicking Change Adapter Settings. You can right-click any network connection and select Status. If you click Details on the Local Area Connection Status dialog box, you access the Network Connection Details information box. This was shown in Figure 6-38 earlier in this lesson. On a small wired network with ICS enabled, a workstation typically has an address on the 192.168.0.0/24 network with its default gateway 192.168.0.1. A WAP is typically not configured with the 192.168.0.1 address but might instead have, for example, the IP address 192.168.123.254. Whatever the settings on your network are, you should take note of them when everything is working correctly. This information is invaluable if something goes wrong. note CHANGING NETWORK SETTINGS Rather than accept the default ICS settings, many administrators prefer to change them, for example by using the 10.0.10.0/24 network for wired computers and the 192.168.123.0/24 subnet for wireless ones. However, changing default ICS settings is not in the objectives for the 70-680 examination. When you right-click an adapter and click Properties, this accesses the Local Area Connections Properties dialog box. From this dialog box, you can enable or disable the items shown, or install more items (client services, server services, or protocols) by clicking Install. Typically, the Local Area Connection Status dialog box for both wired and wireless connections) might contain the following items: n Client for Microsoft Networks Enables the computer to access resources on a Microsoft network. n Quality of Service (QoS) Packet Scheduler Provides traffic control. This can be significant if you have high-bandwidth traffic, such as video streaming, on your network. n File and Printer Sharing for Microsoft Networks Enables other computers to access resources on your computer in a Microsoft network (and other networks). n Internet Protocol Version 6 (TCP/IPv6) Permits IPv6 configuration. n Internet Protocol Version 4 (TCP/IPv4) Permits IPv4 configuration. n Link-layer Topology Discovery Mapper I/O Driver Discovers and locates other computers, devices, and network infrastructure features on the network, and determines network bandwidth. n Link-layer Topology Discovery Responder Allows a computer to be discovered and located on the network. If an item is configurable, selecting the item activates the Properties button, which you can click to configure the item’s properties. You can also configure the adapter itself (for example, updating the driver) by clicking Configure in the Local Area Connections Properties dialog box. . EAP-TLS n EAP-TTLS/MSCHAPv2 n PEAPv0/EAP-MSCHAPv2 n PEAPv1/EAP-GTC n EAP-SIM More Info EAP For more information about EAP, see http://technet.microsoft.com/en-us/network/ bb6431 47. aspx. The. passkey) n Wi-Fi Protected Access (WPA)-Personal n WPA2-Personal n WPA-Enterprise n WPA2-Enterprise n 802.1X WPA and WPA2 indicate compliance with the security protocol created by the Wi-Fi Alliance. wireless network, or ad hoc network, between two or more computers running Windows 7 (or between computers running Windows 7 and Windows Vista) provided they are all within 30 feet (9 meters) of each