Residence Hall Personal Wireless Router Configuration

WARNING:  Beginning August 2013, routers will begin to be prohibited in the residence halls as each building gets pervasive wireless coverage per the first item in the Policy section below.  See our Pervasive Wireless Project document for a schedule and more information.

Configuring a Wi-Fi (wireless) router for the UNC Network

A wireless router is a specialized device that can relay information between computers, creating a wireless network. If your computer has a wireless network card, it can connect to a wireless network, allowing you to use the Internet without being hampered by cables and cords. However, in general wireless networks have a limited range, significantly slower download speeds compared to wired networks, and are also less secure since they work by broadcasting data through the air. Under some circumstances, on-campus residents may set up their own wireless routers.

UNC already has hundreds of wireless access points installed throughout most of campus. See our list of UNC Wi-Fi zones for specific locations. If you live within range of an official Wi-Fi zone, then you do not need and should not use a personal wireless router. All residence hall common areas (i.e. lounges, outside quads) have official Wi-Fi coverage.

ResNET support for routers is best-effort and it takes a 2nd priority behind all other tickets. Our top priority is to get you connected to the network, which you can do by plugging directly into the data jacks. We will do our best to setup your router. However, it may not be possible to set it up to ever work correctly due to interference issues: http://help.unc.edu/help/wireless-and-wi-fi-best-practices-and-faqs/.

Networking Policy

Before choosing to use a router you need to understand the policy issues. First, routers are prohibited on main campus in academic and professional buildings. A special exception has been made for residence halls if the router meets the following guidelines:

  1. A personal router can NOT interfere with the campus network (wired or Wi-Fi). If it does cause interference, then it must be immediately disabled.
  2. A personal router must be secured and restricted to use by the owner. The registered owner of any networked device, including routers, assumes all responsibility for the device and will be contacted regarding any security issues,
  3. If you have access to the campus Wi-Fi service, no router may be installed. If you need additional ports, simply purchase a Wired Hub.

Configuring a Router

There are many different brands and models of routers, as well as, multiple versions of the same router and varying levels of firmware. As a result, we can’t easily post or maintain accurate screenshots but visit http://www.pcwintech.com/router-screenshots for a rather large list that may help. The following instructions are a general guideline that should help you configure your router to meet our requirements, to protect your data (as best as it can be) and to get it configured. After reading our documentation that covers the required settings, you can see step-by-step instructions, possibly for your router at http://www.pcwintech.com/wireless-setup-linksys-routersmodems. To setup a router you’ll need to follow these steps:

1. Gather the proper tools

2. Physical connections

3. Find and register the MAC address

4. Finding the setup/configuration page

5. Internet configuration

6. DHCP

7. SSID

8. Channels

9. Security

10. Advanced Configuration and Troubleshooting

11. Finishing and connecting

Gather the proper tools

  • Router (802.11n ideally)
  • Two Ethernet cables (RJ-45)
  • Computer

Physical connections

Before setting up the router, use an Ethernet (RJ-45) cable to connect the router’s “Internet” port to a UNC network data jack (D-##), and another Ethernet cable to connect your computer to one of the other ports on the router. Then, plug in the router’s power adapter and ensure that it is turned on.

Find and register the MAC address

Note that there are ~3 networking interfaces on a router.

The Internet or WAN port, which is a wired port that connects directly to the Internet via a data jack in your wall.

The wired ports, which allow you to plug computers directly to the router.

The Wi-Fi wireless interface, which you don’t really “see.”

This can yield as many as three unique MAC addresses for each of the listed ports. The Internet port is the one that must be registered for DHCP via http://onyen.unc.edu. Many times this MAC address is on a sticker under the device, although sometimes you have to go into the Router Configuration page (see below) to identify the proper address.

Note: It will take 30-45 minutes for this registration to activate.
Warning: Routers have the ability to “Clone MAC Addresses,” which means that you can change the Internet Port MAC address to something different. Sometimes this is enabled when you follow the setup instructions on the setup CD that came with the router. This is a violation of our network policy because all devices connected to our network, must be registered with DHCP using their unique MAC address. Second, it simply will not work with our NAC service. If NAC thinks your router is really a computer, then it will expect it to meet all the requirements, which means the Internet will not work properly. So this feature must be disabled and/or set to use the Default MAC Address.

Finding the setup/configuration page

Once everything is physically connected, open a web browser and navigate to the router setup page. The address for the setup page varies between manufacturers, but it always begins with “192.168″ and can be found in the router manual. Typically this will be either 192.168.1.1 or 192.168.0.1. The setup page may require you to log in with a username and password, which can also be found in the router manual. With a Linksys router, the username is often ‘admin’ and the password is typically blank or ‘admin.’

Note: If 192.168.1.1 doesn’t work, then simply go to Start > Run > type: cmd. Next type: ipconfig. Look for your wired Ethernet network address. You’ll notice that it’s the one with an actual IP address. The Gateway that is listed will be the same as your Router’s setup page.

After logging in, you should first reset the settings to Default, per the router instructions, especially if this router has been used before.

Internet configuration

Make sure the connection type is set to use “dynamic IP addresses,” which is typically the Default setting. Use of a static IP address on the residence hall network will result in your router being removed from the network.

DHCP

Ensure that DHCP is enabled. You should not need to change any of the DHCP settings from their defaults.

SSID

The SSID is the “name” of the wireless network broadcast by your router. We highly recommend your router be named based on your room or apartment address (e.g. Morrison 234). In the case that there is a problem with your router, we will be better able to locate it and assist with a solution.

Warning: Do not use names that will make your network appear to be an official UNC Wi-Fi network (e.g. UNC-1, tarheel, UNC-Secure, Free-WiFI, etc.) or anything profane. This will result in removal of your router from the network.

Channels

Wireless routers broadcast on various channels, similar to radio stations. For best results, leave the channel setting on “Automatic.” This will minimize interference with other nearby wireless networks. If by chance all of your devices can do 802.11n or 802.11a, then you should disable the other modes. This will provide you with many more channels to use and virtually eliminate the chance of interference. Again, if your router interferes with the signal from any official UNC Wi-Fi access point, it will be removed from the network.

Also note that if your router interferes with a neighbor’s router you may both find that it never works properly. In most cases, there simply may be no fix. For most routers there are only 3 channels that you can use without overlapping other routers: 1, 6 & 11. If there are 4 people with routers near you, then clearly someone is going to be using the same channel.

Security

Encryption (Required)

Enabling encryption is essential for maintaining wireless security and your own privacy. Without encryption, nearby people may be able to eavesdrop on your Internet usage. The recommended encryption mode is WPA2. Older devices may not be able to use this level of security. In that case, you should choose the highest level of encryption that all devices can use.


Firewall

All routers include software known as a firewall, which helps to prevent outsiders from attacking your computer through the router. Ensure that the firewall is enabled. The default firewall settings will provide a good baseline of security. This is no substitute for the Windows Firewall.

Configuration Account

By default the Administrator password is usually blank or something standard like “admin”. In order to keep your neighbors from configuring your router for you, this password needs to be changed. Follow the instructions in the manual to change this password to something more secure, like a password with upper and lower case letters, numbers, special characters and a minimum length of eight characters. Remember, passwords must never be shared. Just like you are responsible for any activity on your bank account, your password protected account on a router or computer means you are responsible for any activity related to that account on the router or computer.

MAC address filtering

A computer’s MAC address serves as a unique identifier. Some routers have the ability to lock out all computers whose MAC addresses are not present on a “safe list.” Enabling this option will add another layer of security to your wireless network. If you do enable it, you’ll need to determine the wireless MAC address(es) for your own computer(s) (http://help.unc.edu/help/connecting-to-the-unc-network-getting-started/) and add it to the safe list. If you have guests who want to connect to your wireless network with their computers, you will also have to add their MAC address to the list.

Note: As the registered owner of your router, you are responsible for all networking traffic that passes through your router.

Advanced Configuration and Troubleshooting

Port Forwarding

Every computer that is on the UNC network has an IP address. When you use a router, it will have a UNC IP address (152.x.x.x), while the devices connected to it have a local IP address (192.168.x.x). During Internet communications, specific traffic is sent from one port to another. As a result of this, if you have multiple devices connected to the router and a system on the network tries to connect to one of your devices, it may have problems figuring out which of your devices to connect to.

The way to resolve this problem is with Port Forwarding. You must first determine which port a certain application or protocol (e.g. Remote Desktop, Media Servers, etc.) uses. Then you need to determine what IP address the destined device (your laptop) has. It may also be smart to set a Static IP (192.168.x.x) for your local devices (not including your router’s IP), so that the IP never changes. Then configure the Port Forwarding so that the traffic for that port will be routed to your specific device.

We recommend you Google “Port forwarding for ______” and include the name of the application or service that you are having problems with. You’ll find plenty of tutorials that tell you exactly how to configure your router.

Router Firmware

We highly recommend that you check the vendor’s website for the latest firmware for your router. Having the latest firmware means that any bugs have been resolved and new features/options may have been enabled, which will make the setup process much easier. For previously used routers, we also recommend you reset the router to the Default settings before configuring, because there are hundreds of settings in a router and one of them can keep it from working properly.

Note: You may want to backup your current settings first, because a firmware update may wipe all of the settings.

Finishing and connecting

Once you have finished configuring the router and saved all your settings, close the web browser and disconnect the Ethernet cord that connects your computer to the router (but make sure not to disconnect the router from the data jack in the wall). Open your wireless connection utility and you should now see your Wi-Fi network in the list of local wireless networks. Double-click your network and enter your Encryption key when prompted.