Back to Airport Tab Up to Airport Index Next

How to Configure your Network Tab

The Network tab controls what your ABS will do for your Network.

The Network Tab in the Admin Utility

Your ABS is a very versatile piece of of Networking equipment. Many different configurations are possible, all dependant on how you want to use the ABS. For example, the Airport software allows the ABS to act as a router and as a rudimentary firewall. It does this through a process called Network Address Translation (NAT, also known as IP spoofing). This software is activated when you check the "Distribute IP Addresses" box.

Below, I have tried to assemble the most obvious combinations, one of which hopefully comes close to describing what you want to do with it. Red Line connections denote ethernet wires, blue connections denote telephone wires. If any option is grayed out (for example, due to you unchecking the "Distribute IP Addresses" option, you can assume that these options are automatically disabled.


Telephone Dialup Connection

Telephone Dialup Network Configuration

This is the configuration you would use if you have a regular dialup connection to your ISP. As the ABS has a WAN and LAN port built-in, you can share this connection across wired and wireless computers alike. If you want to attach multiple computers via wired connections, you'll need to attach a ethernet "hub" or "switch" to the LAN Port (<···>) on the ABS, then attach the computers to the hub/switch. In this configuration, I would:

  • Enable "Distribute IP addresses"
  • Enable "Share a Single Address (DHCP & NAT)"

This way, your ABS hides all computers behind the Firewall (a good safety feature). Allegedly, as of Version 2.04 of the ABS software package, "Snow" base stations should work with Virtual Private Networks (PPTP, IPSec, etc.). Also, I'd only attach computers and clients to the LAN port as I'm not sure that the ABS wouldn't be confused by a computer on the WAN port.


Office Network

Office LAN Network Config

In an office that already has a IT infrastructure, the ABS usually functions as a mere "bridge" between the wired and the wireless portion of the network. Thus, it does not need to be a router (offices usually have one already) or a DHCP server. It is very important not to have multiple DHCP servers on one network (it causes a lot of confusion, see below), so the following steps are important:

  • Disable "Distribute IP addresses" - Not Applicable
  • Disable "Share a Single Address (DHCP & NAT)" - Not Applicable

High Speed Internet

High-Speed Internet connection

A Snow base station that is attached directly to an high-speed modem can serve as a router for wired and wireless clients alike. Simply attach the WAN port to the high-speed modem and the computer or hub/switch to the LAN port. Then:

  • Enable "Distribute IP addresses"
  • Enable "Share a Single Address (DHCP & NAT)"

High Speed Internet with Router

High Speed Internet with Router

Sometimes an ABS joins an extant network, where a router already provides firewall protection and DHCP services to the network. In this case, there is no reason to reconfigure the entire network. Simply set up the ABS as a "bridge" between the wired and wireless portion of the network and connect it via the WAN port to the router. Thus:

  • Disable "Distribute IP addresses" - Not Applicable
  • Disable "Share a Single Address (DHCP & NAT)" - Not Applicable

PPP Dialin

PPP Dialin on Snow Base Station

This is a useful feature for users that want to connect to their network via a telephone connection. It may not be fast, but it probably gets the job done. For example, this could be a useful feature for someone that wants to be able to print on a office printer from home or vice versa.

Starting with the later versions of the "Snow" base station software, it has become possible to dial into the ABS using the ABS modem. Naturally, you have to connect the modem to a telephone line on which it can answer your call for this feature to work. Next, configure the following dialog that comes up if you enable this feature to suit your needs.

To prevent the telephone connection from being hogged, you can configure the ABS to hang up whenever the connection has been idle for a while, or to force users off the ABS after a pre-set time. This could be especially relevant if you'd like to configure your ABS so that someone dialing in can share a high-speed connection that the ABS is attached to.



AOL Parental controls

The "Snow" base station is also the first to support AOL Parental controls, which may or may not prevent your users from seeing objectionable content on the internet. I have no idea if this feature works or not but for those who want their content censored, I suppose it's better than nothing.

I hope this was of help. If you would like to get a better understanding of what NAT and DHCP do, I hope the following discussion is illuminating... Otherwise, it's time for the Port Mapping Tab.



Network Address Translation (NAT) Explained

NAT "hides" machines behind the ABS from prying eyes on the internet. Basically, it pretends to be the only client attached to a internet connection and it prevents any unauthorized access to the network behind the ABS (this protection is what people usually refer to as a firewall). Hence, a firewall is a very important security feature as it prevents infected computers on the internet from contacting your machines, for example.

You might think that your computers are reasonably up-to-date, that they have built-in firewalls, etc. yet the continuing soap opera on the Windows side of the computer business shows otherwise. A recent test showed that the average life expectancy of a unpatched, unprotected windows computer on the internet is four minutes... While Apple Macs are far more resistant to outside attacks, a external firewall remains a worthwhile and important security tool.

Another benefit of a router is that the number of machines behind it remain masked from the ISP. This is beneficial whenever your ISP tries to impose arbitrary limitations, such as the maximum number of clients that may connect at the same time. However, the more machines share a single internet connection, the slower the connection will become for each user as the bandwidth is shared equally. This is particularly apparent on telephone dialup connections. Click here for an explanation of NAT from Apple


The DHCP Server

Regardless of how many machines are on your network, it is useful to have something called a DHCP server. Think of a DHCP server as something similar to the telephone company assigning telephone numbers to houses in your neighborhood. These numbers (IP addresses) then allow the devices on your network to communicate with each other.

The way that the router keeps track of which device is via something called the MAC address, which is a unique series of hexadecimal digits assigned to every ethernet transceiver when it is built. Thus, every transmission destined for a specific IP address is then picked up by the transceiver that "knows" that this is its IP address.

With a DHCP server, each ethernet transceiver is assigned a valid IP address automatically using the MAC address of every device on the network. In turn, the devices on the network can be programmed to accept such designations automatically. Thus, the DHCP server is a great time saver because it ensures that every piece of your network knows how to reach each other and how to connect to the internet.

With the help of a DHCP server, all computers in your home are automatically assigned an IP address and download critical router, DNS server, subnet, etc. data. If anything changes upstream (like your ISP putting you on a new network node), a DHCP server will automatically reconfigure the TCP/IP settings of your networked machines. Hence, it is not surprising that nearly every network in existence today has a DHCP server - they save a lot of time. Most (if not all) routers sold into the home market today have built-in DHCP servers.

However, there is one thing about DHCP servers that you have to keep in mind: They cannot coexist on a network. DO NOT EVER run two or more DHCP servers on the same network - confusion will reign. It's like two policemen directing traffic in an intersection without coordinating with each other! Whenever two DHCP servers are battling for control, some machines on the network will not be able to connect to the internet, etc. as they may erroneous DHCP data being sent to them.

The DHCP lease time is the amount of time that a individual computer retains its network address. Think of it as a dinner reservation - its a time slot reserved for you. This is particularly relevant for networks where a lot of machines come in and out. The shorter the time slot, the more turnover can be accommodated. However, renewing DHCP leases causes some overhead and if you do not have a lot of people moving in and out of your network, you can safely set long DHCP leases. The default 60 minutes is usually good enough. Click here for a explanation of DHCP from Apple

Anyway, onwards to the Port Mapping Tab!