Configuring Windows XP IEEE 802.11 Wireless Networks for the Home and Small Business
Abstract
This article describes how to configure computers running Windows XP to create a wireless network for a home or small business that does not use IEEE 802.1X authentication and a Windows domain.
On This Page
Introduction
A Wireless Network Using a Wireless Access Point
A Wireless Network Without Using a Wireless Access Point
Summary
Related Links
Introduction
The utility of wireless networking in the home and small business has obvious benefits. With wireless networking, you do not have to install cabling to connect the separate computers together and portable computers, such as laptops or notebook computers, can roam around the house or small business office and maintain their connection to the network.
Although there are multiple wireless networking technologies available to create wireless networks, this article describes the use of the Institute of Electrical and Electronic Engineers (IEEE) 802.11 standards.
IEEE 802.11 Overview
IEEE 802.11 is a set of industry standards for shared wireless local area network (WLAN) technologies, the most prevalent of which is IEEE 802.11b, also known as Wi-Fi. IEEE 802.11b transmits data at 1, 2, 5.5 or 11 Megabits per second (Mbps) using the 2.4-2.5 gigahertz (GHz) S-Band Industrial, Scientific, and Medical (ISM) frequency range. Other wireless devices such as microwave ovens, cordless phones, wireless video cameras, and devices using another wireless technology known as Bluetooth also use the S-Band ISM.
For ideal conditions, close proximity, and no sources of attenuation or interference, IEEE 802.11b operates at 11 Mbps, a higher bit rate than 10 Mbps wired Ethernet. In less-than-ideal conditions, the slower speeds of 5.5 Mbps, 2 Mbps, and 1 Mbps are used.
The IEEE 802.11a standard has a maximum bit rate of 54 Mbps and uses frequencies in the 5 GHz range, including the 5.725-5.875 GHz C-Band ISM frequency band. This higher speed technology allows wireless LAN networking to perform better for video and conferencing applications. Because they are not on the same frequencies as Bluetooth or microwave ovens, IEEE 802.11a provides both a higher data rate and a cleaner signal.
The IEEE 802.11g standard has a maximum bit rate of 54 Mbps and uses the S-Band ISM. All of the instructions in this article for configuring the wireless nodes apply to IEEE 802.11b, 802.11a, and 802.11g-based wireless networks.
Infrastructure Mode
The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad hoc mode.
Infrastructure mode is used to connect computers with wireless network adapters, also known as wireless clients, to an existing wired network. For example, a home or small business office might have an existing Ethernet network. With infrastructure mode, laptop computers or other desktop computers that do not have an Ethernet wired connection can be seamlessly connected to the existing network. A networking node known as a wireless access point (AP) is used to bridge the wired and wireless networks. Figure 1 shows an infrastructure mode wireless network.
Figure 1 Infrastructure mode wireless network
In infrastructure mode, data sent between a wireless client and other wireless clients and nodes on the wired network segment is first sent to the wireless AP. The wireless AP then forwards the data to the appropriate destination.
Ad Hoc Mode
Ad hoc mode is used to connect wireless clients directly together, without the need for a wireless AP or a connection to an existing wired network. An ad hoc network consists of up to 9 wireless clients, which send their data directly to each other. Figure 2 shows an ad hoc mode wireless network.
Figure 2 Ad hoc mode wireless network
Naming Wireless Networks
Wireless networks, whether operating in either infrastructure mode or ad hoc mode, use a name known as a Service Set Identifier (SSID) to identify a specific wireless network. When wireless clients first start up, they scan the wireless frequency band for special beacon frames sent by wireless APs or wireless clients in ad hoc mode. The beacon frames contain the SSID, also known as the wireless network name. From the accumulated list of wireless network names collected during the scanning process, the wireless client can determine the wireless network to which a connection is attempted. One of the elements of configuring a wireless network is to select a name for your wireless network. If you are creating a new wireless network, the name you choose should be different than the names of all other wireless networks with scanning range. For example, if you are creating a wireless network in your home and your neighbor has already created a wireless network called HOME that is visible from the locations in your home, you must choose a name other than HOME.
After you have selected a wireless network name and configured it for your wireless AP (infrastructure mode) or a wireless client (ad hoc mode), that name will be visible from any IEEE wireless node. War driving is the practice of driving around business or residential neighborhoods scanning for wireless network names. Someone driving around the vicinity of your wireless network might be able to see your wireless network name, but whether they will be able to do anything beyond viewing your wireless network name is determined by your use of wireless security.
With wireless security enabled and properly configured, war drivers will see your network name and join your network, but will be unable to send data, interpret the data sent on your wireless network, access the resources of your wireless or wired network (shared files, private Web sites), or use your Internet connection.
Without wireless security enabled and properly configured, war drivers will be able to send data, interpret the data sent on your wireless network, access the shared resources of your wireless or wired network (shared files, private Web sites), install viruses, modify or destroy confidential data, and use your Internet connection without your knowledge or consent. For example, a malicious user might use your Internet connection to send email or launch attacks against other computers. The malicious traffic can be traced back to your home or small business.
It is for these reasons that Microsoft strongly urges you to enable and properly configure wireless security.
Wireless Security
Security for IEEE 802.11 consists of encryption and authentication. Encryption is used to encrypt, or scramble, the data in wireless frames before they are sent on the wireless network. Authentication requires wireless clients to authenticate themselves before they are allowed to join the wireless network.
Encryption
The following types of encryption are available for use with 802.11 networks:
WEP
WPA
WPA2
WEP Encryption
For the encryption of wireless data, the original 802.11 standard defined Wired Equivalent Privacy (WEP). Due to the nature of wireless LAN networks, securing physical access to the network is difficult. Unlike a wired network where a direct physical connection is required, anyone within range of a wireless AP or a wireless client can conceivably send and receive frames as well as listen for other frames being sent, making eavesdropping and remote sniffing of wireless network frames very easy.
WEP uses a shared, secret key to encrypt the data of the sending node. The receiving node uses the same WEP key to decrypt the data. For infrastructure mode, the WEP key must be configured on the wireless AP and all the wireless clients. For ad hoc mode, the WEP key must be configured on all the wireless clients.
As specified in the IEEE 802.11 standards, WEP uses a 40-bit secret key. Most wireless hardware for IEEE 802.11 also supports the use of a 104-bit WEP key. If your hardware supports both, use a 104-bit key.
Note Some wireless vendors advertise the use of a 128-bit wireless encryption key. This is the addition of a 104-bit WEP key with another number used during the encryption process known as the initialization vector (a 24-bit number). Also, some recent wireless APs support the use of a 152-bit wireless encryption key. This is a 128-bit WEP key added to the 24-bit initialization vector. The Windows XP configuration dialog boxes do not support 128-bit WEP keys. If you must use 152-bit wireless encryption keys, disable Wireless Auto Configuration by clearing the Use Windows to configure my wireless network settings check box on the Wireless Networks tab of the properties of the wireless connection in Network Connections, and use the configuration utility provided with your wireless network adapter.
Choosing a WEP key
The WEP key should be a random sequence of either keyboard characters (upper and lowercase letters, numbers, and punctuation) or hexadecimal digits (numbers 0-9 and letters A-F). The more random your WEP key, the safer it is to use.
A WEP key based on a word (such as a company name for a small business or your last name for a home) or an easily remembered phrase is subject to easy determination. Once a malicious user has determined the WEP key, they can decrypt WEP-encrypted frames, properly encrypt WEP frames, and begin attacking your network.
Even if your WEP key is random, it is still subject to determination if a large amount of data encrypted with the same key is collected and analyzed. Therefore, it is recommended that you change your WEP key to a new random sequence periodically, for example, every three months.
WPA Encryption
IEEE 802.11i is a new standard that specifies improvements to wireless LAN networking security. The 802.11i standard addresses many of the security issues of the original 802.11 standard. While the new IEEE 802.11i standard was being ratified, wireless vendors agreed on an interoperable interim standard known as Wi-Fi Protected Access (WPA™).
With WPA, encryption is done using the Temporal Key Integrity Protocol (TKIP), which replaces WEP with a stronger encryption algorithm. Unlike WEP, TKIP provides for the determination of a unique starting unicast encryption key for each authentication and the synchronized changing of the unicast encryption key for each frame. Because TKIP keys are determined automatically, there is no need to configure an encryption key for WPA.
Microsoft provides WPA support for computers running Windows XP with Service Pack 2 (SP2). For computers running Windows XP with Service Pack 1 (SP1), you must obtain and install the Wireless update rollup package for Windows XP—a free download from Microsoft.
For more information, see Wi-Fi Protected Access (WPA) Overview.
WPA2 Encryption
WPA2™ is a product certification available through the Wi-Fi Alliance that certifies wireless equipment as being compatible with the 802.11i standard. WPA2 supports the additional mandatory security features of the 802.11i standard that are not already included for products that support WPA. With WPA2, encryption is done using the Advanced Encryption Standard (AES), which also replaces WEP with a much stronger encryption algorithm. Like TKIP for WPA, AES provides for the determination of a unique starting unicast encryption key for each authentication and the synchronized changing of the unicast encryption key for each frame. Because AES keys are determined automatically, there is no need to configure an encryption key for WPA2. WPA2 is the strongest form of wireless security.
Microsoft provides WPA2 support for computers running Windows XP with Service Pack 2 (SP2) with the Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2—a free download from Microsoft.
For more information, see Wi-Fi Protected Access 2 (WPA2) Overview.
Authentication
The following types of authentication are available for use with 802.11 networks:
Open System
Shared Key
IEEE 802.1X
WPA or WPA2 with preshared key
Open System
Open system authentication is not really authentication, because all it does is identify a wireless node using its wireless adapter hardware address. A hardware address is an address assigned to the network adapter during its manufacture and is used to identify the source and destination address of wireless frames.
For infrastructure mode, although some wireless APs allow you to configure a list of allowed hardware addresses for open system authentication, it is a fairly simple matter for a malicious user to capture frames sent on your wireless network to determine the hardware address of allowed wireless nodes and then use that hardware address to perform open system authentication and join your wireless network.
For ad hoc mode, there is no equivalent to configuring the list of allowed hardware addresses in Windows XP. Therefore, any hardware address can be used to perform open system authentication and join your ad hoc mode-based wireless network.
Shared Key
Shared key authentication verifies that the wireless client joining the wireless network has knowledge of a secret key. During the authentication process, the wireless client proves it has knowledge of the secret key without actually sending the secret key. For infrastructure mode, all the wireless clients and the wireless AP use the same shared key. For ad hoc mode, all the wireless clients of the ad hoc wireless network use the same shared key.
IEEE 802.1X
The IEEE 802.1X standard enforces authentication of a network node before it can begin to exchange data with the network. Exchanging frames with the network is denied if the authentication process fails. Although this standard was designed for wired Ethernet networks, it has been adapted for use by 802.11. IEEE 802.1X uses the Extensible Authentication Protocol (EAP) and specific authentication methods known as EAP types to authenticate the network node.
IEEE 802.1X provides much stronger authentication than open system or shared key and the recommended solution for Windows XP wireless authentication is the use of EAP-Transport Layer Security (TLS) and digital certificates for authentication. To use EAP-TLS authentication for wireless connections, you must create an authentication infrastructure consisting of an Active Directory domain, Remote Authentication Dial-In User Service (RADIUS) servers, and certification authorities (CAs) to issue certificates to your RADIUS servers and wireless clients. This authentication infrastructure is appropriate for large businesses and enterprise organizations, but is not practical for the home or small business office.
The solution to the use of IEEE 802.1X and EAP-TLS for the medium and small business is Protected EAP (PEAP) and the Microsoft Challenge-Handshake Authentication Protocol, version 2 (MS-CHAP v2) EAP type. With PEAP-MS-CHAP v2, secure wireless access can be achieved by installing a purchased certificate on a RADIUS server and using name and password credentials for authentication. Windows XP with SP2, Windows XP with SP1, Windows Server 2003, and Windows 2000 with Service Pack 4 (SP4) support PEAP-MS-CHAP v2.
WPA or WPA2 with Preshared Key
For a home or small business that cannot do 802.1X authentication, WPA and WPA2 provide a preshared key authentication method for infrastructure mode wireless networks. The preshared key is configured on the wireless AP and each wireless client. The initial WPA or WPA2 encryption key is derived from the authentication process, which verifies that both the wireless client and the wireless AP are configured with the same preshared key. Each initial WPA or WPA2 encryption key is unique.
The WPA or WPA2 preshared key should be a random sequence of either keyboard characters (upper and lowercase letters, numbers, and punctuation) at least 20 characters long or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long. The more random your WPA or WPA2 preshared key, the safer it is to use. Unlike the WEP key, the WPA or WPA2 preshared key is not subject to determination by collecting a large amount of encrypted data. Therefore, you do not need to change your WPA or WPA2 preshared key as often.
Recommended Security Configurations
The following are the recommended security configurations, in order of most to least secure:
For the home or small business network that contains a domain controller and a RADIUS server and supports WPA2, use WPA2 and PEAP-MS-CHAP v2 authentication. For more information, see Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks.
For the home or small business network that contains a domain controller and a RADIUS server and supports WPA, use WPA and PEAP-MS-CHAP v2 authentication. For more information, see Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks.
For the home or small business network that does not contain a domain controller and a RADIUS server and supports WPA2, use WPA2 and preshared key authentication.
For the home or small business network that does not contain a domain controller and a RADIUS server and supports WPA, use WPA and preshared key authentication.
For the home or small business network that does not contain a domain controller and a RADIUS server and does not support either WPA or WPA2, use open system authentication and WEP. However, this is not a recommended security configuration and should only be used temporarily when transitioning to a WPA or WPA2-based wireless network.
On the surface, the choice of open system over shared key authentication might seem contradictory because open system authentication is not really authentication and shared key authentication requires knowledge of a shared secret key. Shared key authentication might be a stronger authentication method than open system, but the use of shared key authentication makes wireless communication less secure.
For most implementations, including Windows XP, the shared key authentication secret key is the same as the WEP encryption key. The shared key authentication process consists of two messages: a challenge message sent by the authenticator and a challenge response message sent by the authenticating wireless client. A malicious user that captures both messages can use cryptanalysis methods to determine the shared key authentication secret key, and therefore the WEP encryption key. Once the WEP encryption key is determined, the malicious user has full access to your network, as if WEP encryption was not enabled. Therefore, although shared key authentication is stronger than open system for authentication, it weakens WEP encryption.
The tradeoff with using open system authentication is that anyone can easily join your network. By joining the network, the malicious user uses up one of the available wireless connections. However, without the WEP encryption key, they cannot send or interpret receive wireless frames that are encrypted.
Wireless APs and Windows XP support open system authentication. One advantage to using open system authentication is that it is always enabled for Windows XP wireless clients. No additional authentication configuration is needed.
Windows XP Wireless Auto Configuration
Windows XP Wireless Auto Configuration, enabled through the Wireless Zero Configuration service, provides a way to automate the configuration of the settings for wireless networks. When your wireless network adapter, whose driver supports Wireless Auto Configuration, scans for wireless networks, the names of the found wireless networks are passed to Wireless Auto Configuration. Windows XP maintains a list of preferred wireless networks. Windows XP tries to match a found wireless network to the preferred networks list in the order of preference. If a network name is found, Windows XP uses the settings of the wireless network to attempt a connection. If a network name is not found, Windows XP prompts you with a notification bar message, asking you whether or not you want to connect to one of the found wireless networks.
For home or small office wireless networks, you will use Wireless Auto Configuration to discover your wireless network, but because the default configuration for a wireless network is to use WEP and automatically determine the WEP key, you will have to manually configure the settings for your wireless network.
A Wireless Network Using a Wireless Access Point
This section describes how to setup a wireless network for a home or small business when you are using a wireless AP.
To secure your infrastructure mode home or small business wireless network, you must use WPA2 preshared key authentication with AES encryption (recommended), WPA preshared key authentication with TKIP encryption (recommended), or open system authentication and WEP encryption (not recommended).
The following sections describe how to manually configure your wireless AP and computers running Windows XP. If you are using a computer running Windows XP with SP2, you can greatly simplify the configuration of strong security for wireless networks in the home or small office by using the new Wireless Network Setup Wizard.
This new wizard in Windows XP SP2 steps you through the configuration of wireless network settings and then writes that configuration as a set of files on a Universal Serial Bus (USB) flash drive (UFD). You then plug the UFD into other wireless devices in the home or small office that support Windows Connect Now (formerly known as Windows Smart Network Key [WSNK]). All of the wireless devices that support Windows Connect Now automatically read the settings from the files stored on the UFD and configure themselves with the same settings as the computer on which the Wireless Network Setup Wizard was initially run.
This is the recommended method of configuring wireless AP-based wireless networks in a home or small office, especially if you are using other computers running Windows XP with SP2 or wireless network devices (such as wireless APs or wireless printers) that support Windows Connect Now.
For more information, including a step-by-step example with screen shots, see Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks.
Note
Note The Wireless Network Setup Wizard only supports manually configured WEP keys and WPA preshared keys. The Wireless Network Setup Wizard does not support configuration of WPA2 preshared keys.
Configuring the Wireless AP (Without WPA or WPA2)
For open system authentication and WEP encryption, you must configure your wireless AP with the following settings:
The wireless network name (SSID)
Enable open system authentication
Enable WEP
Select a WEP key format
If you are typing the WEP key using keyboard (ASCII) characters, you must type 5 characters for a 40-bit WEP key and 13 characters for a 104-bit WEP key. If you are typing the WEP key using hexadecimal digits, you must type 10 hexadecimal digits for a 40-bit key and 26 hexadecimal digits for a 104-bit key. If you have the choice of the format of the WEP key, choose hexadecimal. Keyboard characters do not have a lot of randomness, whereas hexadecimal digits are more random. The more random your WEP key, the safer it is to use.
Select the WEP encryption key number
You must specify which key to use. IEEE 802.11 allows the use of up to 4 different WEP keys. A single WEP key is used when traffic is exchanged between the wireless AP and the wireless client. The key is stored in a specific memory position. In order for the receiver to correctly decrypt the incoming frame, both the sender and the receiver must use the same encryption key in the same memory position.
Although it is possible to configure your wireless AP with all four keys and have different clients use different keys, this can lead to configuration confusion. Rather, choose a specific key and a specific memory position to use for the wireless AP and all the wireless clients.
The choice of a specific memory position is complicated by the fact that Windows XP with no service packs installed refers to the encryption key memory positions using a "key index" and numbers the key indexes starting at 0 and some wireless APs refer to the encryption key memory positions as "encryption keys" and numbers the keys starting at 1. In this case, you must make the Windows XP with no service packs installed key index number indicate the same encryption key memory position as the encryption key number on the wireless AP, otherwise the wireless AP and wireless clients will not be able to communicate. Table 1 shows this relationship.
Windows XP with no service packs installed key index number
Wireless AP encryption key number
0
1
1
2
2
3
3
4
Table 1 Windows XP with no service packs installed key index and wireless AP encryption key numbers
The easiest configuration is to use the first encryption key memory position, which corresponds to Windows XP with no service packs installed key index 0 and wireless AP encryption key 1.
Windows XP with SP2 and Windows XP with SP1 number the encryption key indexes starting at 1.
Type the WEP key
Configuring the Wireless AP (With WPA)
For WPA preshared key authentication and TKIP encryption, you must configure your wireless AP with the following settings:
The wireless network name (SSID)
Enable WPA with TKIP encryption
Enable WPA preshared key authentication
Type the WPA preshared key
Note The WPA preshared key should be a random sequence of either keyboard characters (upper and lowercase letters, numbers, and punctuation) at least 20 characters long or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long.
Configuring the Wireless AP (With WPA2)
For WPA2 preshared key authentication and AES encryption, you must configure your wireless AP with the following settings:
The wireless network name (SSID)
Enable WPA2 with AES encryption
Enable WPA2 preshared key authentication
Type the WPA2 preshared key
Note The WPA2 preshared key should be a random sequence of either keyboard characters (upper and lowercase letters, numbers, and punctuation) at least 20 characters long or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long.
Configuring the Windows XP Wireless Clients (Without WPA or WPA2)
Configuration of the Windows XP wireless clients for open system authentication and WEP depends on whether the wireless network adapter driver supports Wireless Auto Configuration and whether you are using Windows XP with SP2, Windows XP with SP1, or Windows XP with no service packs installed.
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP2
Use the following procedure to configure Windows XP with SP2 for your infrastructure mode wireless network when the wireless network adapter supports Wireless Auto Configuration:
Install your wireless network adapter in Windows XP with SP2. This process includes installing the proper drivers for your wireless network adapter so it appears as a wireless connection in Network Connections.
When the computer is within range of the wireless AP operating in your home or small business, Windows XP should detect it and prompt you with a Wireless networks detected message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see a dialog box with the name of the wireless connection.
Double-click your wireless network name. Windows XP will attempt to connect to your wireless network.
Because Windows XP has not been configured with the WEP encryption key for your wireless network, the connection attempt will fail and Windows XP will prompt you with a Wireless Network Connection dialog box. Type the WEP key in Network key and Confirm network key, and then click Connect.
If the status message for your wireless network in the Wireless Network Connection dialog box is Connected, you are done. If the status message for your wireless network in the Wireless Network Connection dialog box is Authentication did not succeed, click Change the order of preferred networks in the list of Related tasks. From the Wireless Networks tab of properties of your wireless network adapter, click the name of your wireless network in Preferred networks, and then click Properties.
In Network Authentication, click Open. In Data encryption, click WEP. In Network key and Confirm network key, type the WEP encryption key as configured on the wireless AP.
In Key index, select the key index corresponding to the encryption key memory position as configured on the wireless AP.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 3 shows an example of a Windows XP with SP2 Wireless Network Properties dialog box for a home wireless network with the following configuration:
SSID is HOME-AP
Open system authentication is enabled.
WEP is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 1 (the first encryption key position), and consists of the sequence "8e7cd510fba7f71ef29abc63ce".
Figure 3 Example properties of an infrastructure mode wireless network using WEP for Windows XP with SP2
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP1
Use the following procedure to configure Windows XP with SP1 for your infrastructure mode wireless network when the wireless network adapter supports Wireless Auto Configuration:
Install your wireless network adapter in Windows XP with SP1. This process includes installing the proper drivers for your wireless network adapter so it appears as a wireless connection in Network Connections.
When the computer is within range of the wireless AP operating in your home or small business, Windows XP should detect it and prompt you with a message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see a dialog box with the name of the wireless connection.
Click the name of your wireless network, type the WEP key in Network key and Confirm network key, and click Connect.
Alternately, click Advanced. In the wireless network adapter properties dialog box, click your wireless network name and then click Configure.
On the Association tab of the Wireless Network Properties dialog box, clear the The key is provided for me automatically check box.
In Network key and Confirm network key, type the WEP encryption key as configured on the wireless AP.
In Key index, select the key index corresponding to the encryption key memory position as configured on the wireless AP.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 4 shows an example of a Windows XP with SP1 Wireless Network Properties dialog box for a home wireless network with the following configuration:
SSID is HOME-AP
Open system authentication is enabled.
WEP is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 1 (the first encryption key position), and consists of the sequence "8e7cd510fba7f71ef29abc63ce".
Figure 4 Example properties of an infrastructure mode wireless network using WEP for Windows XP with SP1
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with no service packs installed
The following procedure configures Windows XP with no service packs installed for your infrastructure mode wireless network:
Install your wireless network adapter in Windows XP with no service packs installed. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Once the computer is within range of the wireless AP operating in your home or small business, Windows XP with no service packs installed should detect it and prompt you with a message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see either a Connect to Wireless Network dialog box.
Type the WEP key in Network key and click Connect.
Alternately, click Advanced.
In the wireless network adapter properties dialog box, click your wireless network name and click Configure.
In the Wireless Network Properties dialog box, clear the The key is provided for me automatically check box.
In Key format, select the encryption key format as configured on wireless AP.
In Key length, select the key size as configured on the wireless AP.
In Network key, type the key as configured on the wireless AP.
In Key index, select the key index corresponding to the encryption key memory position as configured on the wireless AP.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 5 shows an example of a Windows XP with no service packs installed Wireless Network Properties dialog box for a home wireless network with the following configuration:
SSID is HOME-AP
WEP is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 0 (the first encryption key position), and consists of the sequence "8e7cd510fba7f71ef29abc63ce".
Figure 5 Example properties of an infrastructure mode wireless network using WEP for Windows XP with no service packs installed
Wireless Network Adapter Driver Does Not Support Wireless Auto Configuration
If your wireless network adapter driver does not support Wireless Auto Configuration, you will notice the following:
The network adapter does not appear as a wireless network adapter in Network Connections. It appears as a LAN adapter, similar to an Ethernet connection.
The properties of the wireless connection do not have a Wireless Networks tab.
You do not receive a Windows XP notification bar message indicating that wireless networks are available.
To get the most out of your Windows XP wireless experience, you should contact your wireless network adapter vendor to obtain the latest version of the drivers for Windows XP that support Wireless Auto Configuration. If new drivers are not available, or you want to connect your computer to the wireless network while the drivers are being obtained, you must manually configure wireless network settings using the configuration software supplied with the wireless network adapter.
Use the configuration software to configure your wireless network adapter for the following:
The SSID of your wireless network
The SSID must be the same as configured on the wireless AP.
Open system authentication
Enable WEP encryption
The WEP key size
Select the key size as configured on the wireless AP. If the wireless network adapter does not support the same encryption key length as the wireless AP, you must reconfigure the wireless AP. For example, if your wireless AP supports 40-bit and 104-bit WEP key sizes and your wireless network adapter only supports 40-bit keys, you must reconfigure the wireless AP to use a 40-bit WEP key.
The WEP key format
Select the same WEP key format as configured on the wireless AP. If the wireless network adapter does not support the same encryption key formats as the wireless AP, you must reconfigure the wireless AP. For example, if your wireless AP supports keyboard (ASCII) and hexadecimal WEP key formats and your wireless network adapter only supports keyboard format, you must reconfigure the wireless AP to use keyboard format for the encryption keys.
The WEP key
Type the same encryption key in the same encryption key memory position as configured on the wireless AP.
Configuring the Windows XP Wireless Clients (With WPA)
Configuration of the Windows XP wireless clients for TKIP encryption and WPA preshared key authentication depends on whether you are using Windows XP with SP2 or Windows XP with SP1 and whether the wireless network adapter driver supports Wireless Auto Configuration.
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP2
Use the following procedure to configure Windows XP with SP2 for your infrastructure mode wireless network when the wireless network adapter supports Wireless Auto Configuration:
Install your wireless network adapter in Windows XP with SP2. This process includes installing the proper drivers for your wireless network adapter so it appears as a wireless connection in Network Connections.
When the computer is within range of the wireless AP operating in your home or small business, Windows XP should detect it and prompt you with a Wireless networks detected message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see a Choose a wireless network dialog box with the name of your wireless network.
Double-click your wireless network name. Windows XP will attempt to connect to your wireless network.
Because Windows XP has not been configured with the WPA preshared key for your wireless network, the connection attempt will fail and Windows XP will prompt you with a Wireless Network Connection dialog box. Type the WPA preshared key in Network key and Confirm network key, and then click Connect.
If the status message for your wireless network in the Choose a wireless network dialog box is Connected, you are done. If the status message for your wireless network in the Choose a wireless network dialog box is Authentication did not succeed, click Change the order of preferred networks in the list of Related tasks. From the Wireless Networks tab of properties of your wireless network adapter, click the name of your wireless network in Preferred networks, and then click Properties.
In Network Authentication, click WPA-PSK. In Data encryption, click TKIP.
In Network key, type the WPA preshared key as configured on the wireless AP. In Confirm network key, retype the WPA preshared key.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 6 shows an example of a Windows XP SP2 Wireless network properties dialog box for a home wireless network with the following configuration:
SSID is HOME-AP
WPA with preshared key authentication is enabled
TKIP is enabled
A WPA preshared key
Figure 6 Example properties of an infrastructure mode wireless network using WPA-PSK with Windows XP with SP2
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP1
The following procedure configures Windows XP with SP1 for your infrastructure mode wireless network:
Obtain and install the Wireless update rollup package for Windows XP.
Install your wireless network adapter in Windows XP. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Once the computer is within range of the wireless AP operating in your home or small business, Windows XP should detect it and prompt you with a message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. You should see a dialog box with the name of the wireless connection.
Click the name of your wireless network, type the WPA key in Network key and Confirm network key, and click Connect.
Alternately, click Advanced. In the wireless network adapter properties dialog box, click your wireless network name and click Configure.
On the Association tab, select WPA-PSK in Network Authentication and select TKIP in Data Encryption.
In Network key, type the WPA preshared key as configured on the wireless AP.
In Confirm network key, retype the WPA preshared key.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 7 shows an example of a Wireless Network Properties dialog box for a home wireless network with the following configuration:
SSID is HOME-AP
WPA with preshared key authentication is enabled
TKIP is enabled
A WPA preshared key
Figure 7 Example properties of an infrastructure mode wireless network using WPA-PSK with Windows XP with SP1
Wireless Network Adapter Driver does not Support Wireless Auto Configuration
If your wireless network adapter driver does not support Wireless Auto Configuration, you will notice the following:
The network adapter does not appear as a wireless network adapter in Network Connections. It appears as a LAN adapter, similar to an Ethernet connection.
The properties of the wireless connection do not have a Wireless Networks tab.
You do not receive a Windows XP notification bar message indicating that wireless networks are available.
To get the most out of your Windows XP wireless experience, you should contact your wireless network adapter vendor to obtain the latest version of the drivers for Windows XP that support Wireless Auto Configuration. If new drivers are not available, or you want to connect your computer to the wireless network while the drivers are being obtained, you must manually configure wireless network settings using the configuration software supplied with the wireless network adapter.
Use the configuration software to configure your wireless network adapter for the following:
The SSID of your wireless network
The SSID must be the same as configured on the wireless AP.
Enable WPA with preshared key authentication
Enable TKIP encryption
The WPA preshared key
Type the same WPA preshared key as configured on the wireless AP.
Configuring the Windows XP Wireless Clients (With WPA2)
Configuration of the Windows XP wireless clients for AES encryption and WPA2 preshared key authentication depends on whether the wireless network adapter driver supports Wireless Auto Configuration.
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP2
Use the following procedure to configure Windows XP with SP2 for your infrastructure mode wireless network when the wireless network adapter supports Wireless Auto Configuration:
Install your wireless network adapter in Windows XP with SP2. This process includes installing the proper drivers for your wireless network adapter so it appears as a wireless connection in Network Connections. Install the Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) update for Windows XP with Service Pack 2.
When the computer is within range of the wireless AP operating in your home or small business, Windows XP should detect it and prompt you with a Wireless networks detected message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see a Choose a wireless network dialog box with the name of your wireless network.
Double-click your wireless network name. Windows XP will attempt to connect to your wireless network.
Because Windows XP has not been configured with the WPA2 preshared key for your wireless network, the connection attempt will fail and Windows XP will prompt you with a Wireless Network Connection dialog box. Type the WPA2 preshared key in Network key and Confirm network key, and then click Connect.
If the status message for your wireless network in the Choose a wireless network dialog box is Connected, you are done. If the status message for your wireless network in the Choose a wireless network dialog box is Authentication did not succeed, click Change the order of preferred networks in the list of Related tasks. From the Wireless Networks tab of properties of your wireless network adapter, click the name of your wireless network in Preferred networks, and then click Properties.
In Network Authentication, click WPA2-PSK. In Data encryption, click AES.
In Network key, type the WPA2 preshared key as configured on the wireless AP. In Confirm network key, retype the WPA2 preshared key.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Wireless Network Adapter Driver does not Support Wireless Auto Configuration
If your wireless network adapter driver does not support Wireless Auto Configuration, you will notice the following:
The network adapter does not appear as a wireless network adapter in Network Connections. It appears as a LAN adapter, similar to an Ethernet connection.
The properties of the wireless connection do not have a Wireless Networks tab.
You do not receive a Windows XP notification bar message indicating that wireless networks are available.
To get the most out of your Windows XP wireless experience, you should contact your wireless network adapter vendor to obtain the latest version of the drivers for Windows XP that support Wireless Auto Configuration. If new drivers are not available, or you want to connect your computer to the wireless network while the drivers are being obtained, you must manually configure wireless network settings using the configuration software supplied with the wireless network adapter.
Use the configuration software to configure your wireless network adapter for the following:
The SSID of your wireless network
The SSID must be the same as configured on the wireless AP.
Enable WPA2 with preshared key authentication
Enable AES encryption
The WPA2 preshared key
Type the same WPA2 preshared key as configured on the wireless AP.
A Wireless Network Without Using a Wireless Access Point
This section describes how to setup a wireless network for a home or small business when you not are using a wireless AP (ad hoc mode). For an ad hoc wireless network, you must set up an initial wireless client that assumes some of the responsibilities of a wireless AP such as beaconing the name of the ad hoc wireless network to other wireless network clients.
To secure your ad hoc mode home or small business wireless network, you must use open system authentication and WEP encryption.
Configuring the Initial Wireless Client
Configuration of the initial Windows XP wireless client for open system authentication and WEP encryption depends on whether the wireless network adapter driver supports Wireless Auto Configuration and whether you are using Windows XP with SP2, Windows XP with SP1, or Windows XP with no service packs installed.
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP2
The following procedure configures Windows XP with SP2 on the initial wireless client for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP with SP2. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Because there might not be any wireless networks in your home or small business location, you might not be prompted with a message in the notification area of your taskbar.
Right-click the wireless network adapter in Network Connections, and then click Properties. Click the Wireless Networks tab.
From the wireless network adapter properties dialog box, click Add under Preferred networks.
On the Association tab, type the name of your ad hoc wireless network in Network name (SSID).
Select the This is a computer-to-computer (ad hoc) network check box and clear the The key is provided for me automatically check box.
In Network Authentication, click Open. In Data encryption, click WEP.
In Network key, type the WEP key. Retype the WEP key in Confirm network key.
In Key index, select 1.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 8 shows an example of a Windows XP with SP2 Wireless Network Properties dialog box for a home ad hoc wireless network with the following configuration:
SSID is HOME-AD HOC
Open system authentication is enabled
WEP is enabled
Ad hoc mode is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 1 (the first encryption key position), and consists of the sequence "19a8bce753ed4e6a410b730fa4".
Figure 8 Example properties of an ad hoc mode wireless network for Windows XP with SP2
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with SP1
The following procedure configures Windows XP with SP1 on the initial wireless client for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP with SP1. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Because there might not be any wireless networks in your home or small business location, you might not be prompted with a message in the notification area of your taskbar.
Right-click the wireless network adapter in Network Connections, and then click Properties. Click the Wireless Networks tab.
In the wireless network adapter properties dialog box, click Add under Preferred networks.
On the Association tab, type the name of your ad hoc wireless network in Network name (SSID).
Select the Data encryption (WEP enabled) and This is a computer-to-computer (ad hoc) network check boxes and clear the The key is provided for me automatically check box.
In Network key, type the WEP key.
Retype the WEP key in Confirm network key.
In Key index, select 1.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 9 shows an example of a Windows XP with SP1 Wireless Network Properties dialog box for a home ad hoc wireless network with the following configuration:
SSID is HOME-AD HOC
WEP is enabled
Ad hoc mode is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 1 (the first encryption key position), and consists of the sequence "19a8bce753ed4e6a410b730fa4".
Figure 9 Example properties of an ad hoc mode wireless network for Windows XP with SP1
Wireless Network Adapter Driver Supports Wireless Auto Configuration with Windows XP with no service packs installed
The following procedure configures Windows XP with no service packs installed on the initial wireless client for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP with no service packs installed. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Because there might not be any wireless networks in your home or small business location, you might not be prompted with a message in the notification area of your taskbar.
Right-click the wireless network adapter in Network Connections, and then click Properties. Click the Wireless Networks tab.
In the wireless network adapter properties dialog box, click Add under Preferred networks.
In the Wireless Network Properties dialog box, type the name of your ad hoc wireless network in Network name (SSID).
Select the Data encryption (WEP enabled) and This is a computer-to-computer (ad hoc) network check boxes and clear the The key is provided for me automatically check box.
In Key format, select a key format.
In Key length, select a key size.
In Network key, type the WEP key.
In Key index, select 0.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Figure 10 shows an example of a Windows XP with no service packs installed Wireless Network Properties dialog box for a home ad hoc wireless network with the following configuration:
SSID is HOME-AD HOC
WEP is enabled
Ad hoc mode is enabled
The WEP encryption key is 104 bits long, in hexadecimal format, using key index 0 (the first encryption key position), and consists of the sequence "19a8bce753ed4e6a410b730fa4".
Figure 10 Example properties of an ad hoc mode wireless network for Windows XP with no service packs installed
Wireless Network Adapter Driver does not Support Wireless Auto Configuration
If your wireless network adapter driver does not support Wireless Auto Configuration, you will notice the following:
The network adapter does not appear as a wireless network adapter in Network Connections. It appears as a LAN adapter.
The properties of the wireless connection do not have a Wireless Networks tab.
You do not receive a Windows XP notification bar message indicating that wireless networks are available.
To get the most out of your Windows XP wireless experience, you should contact your wireless network adapter vendor to obtain the latest version of the drivers for Windows XP that support Wireless Auto Configuration. If new drivers are not available, or you want to connect your computer to the wireless network while the drivers are being obtained, you must manually configure wireless network settings using the configuration software supplied with the wireless network adapter.
Use the configuration software to configure your wireless network adapter for the following:
The SSID of your ad hoc wireless network
Ad hoc wireless network mode
Open system authentication
Enable WEP encryption
The WEP key size
For the best security, select 104-bit WEP keys.
The WEP key format
For the best security, select hexadecimal format.
The WEP encryption key memory position
For the easiest configuration, select the first encryption key memory position.
The WEP encryption key
Configuring the Additional Windows XP Wireless Clients
Configuration of the Windows XP wireless clients for open system authentication and WEP encryption depends on whether the wireless network adapter driver supports Wireless Auto Configuration.
Wireless Network Adapter Driver Supports Wireless Auto Configuration
For wireless network adapter drivers that support Wireless Auto Configuration, the procedure is different depending on whether you are using Windows XP with SP2, Windows XP with SP1, or Windows XP with no service packs installed.
The following procedure configures Windows XP with SP2 for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP with SP2. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Once the computer is within range of the initial wireless client in your home or small business, Windows XP should detect it and prompt you with a Wireless networks detected message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. In either case, you should see a Wireless Network Connection dialog box with the name of your wireless network.
Double-click your ad hoc wireless network name. Windows XP will attempt to connect to your ad hoc wireless network.
Because Windows XP with SP2 has not been configured with the WEP encryption key for your ad hoc wireless network, the connection attempt will fail and Windows XP will prompt you with a Wireless Network Connection dialog box. Type the WEP key in Network key and Confirm network key, and then click Connect.
In the wireless network adapter properties dialog box, click your wireless network name and click Configure.
If the status message for your wireless network in the Wireless Network Connection dialog box is Connected, you are done. If the status message for your wireless network in the Wireless Network Connection dialog box is Authentication did not succeed, click Change the order of preferred networks in the list of Related tasks. From the Wireless Networks tab of properties of your wireless network adapter, click the name of your ad hoc wireless network in Preferred networks, and then click Properties.
In Network Authentication, click Open. In Data encryption, click WEP.
In Network key and Confirm network key, type the WEP encryption key as configured on the initial Windows XP wireless client.
In Key index, select the key index number that matches the key index position of the initial Windows XP wireless client.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
The following procedure configures Windows XP with SP1 for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Once the computer is within range of the initial wireless client in your home or small business, Windows XP should detect it and prompt you with a message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. You should see a dialog box with the name of the wireless connection.
Click the name of your ad-hoc wireless network, type the WEP key in Network key and Confirm network key, and click Connect.
Alternately, click Advanced.
On the Wireless Networks tab of the properties of the wireless network adapter, click your wireless network name and then click Configure.
On the Association tab, select the Data encryption (WEP enabled) check box and clear the The key is provided for me automatically check box.
In Network key and Confirm network key, type the WEP key as configured on the initial wireless client.
In Key index, select the key index number that matches the key index position of the initial Windows XP wireless client. Windows XP with SP1 begins numbering key indexes with 1.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
The following procedure configures Windows XP with no service packs installed for your ad hoc mode wireless network:
Install your wireless network adapter in Windows XP. This includes installing the proper drivers for your wireless network adapter so that it appears as a wireless network adapter in Network Connections.
Once the computer is within range of the initial wireless client in your home or small business, Windows XP should detect it and prompt you with a message in the notification area of your taskbar.
Click the notification message. If you are not notified, right-click the wireless network adapter in Network Connections and click View Available Wireless Networks. You should see a Connect to Wireless Network dialog box.
Type the WEP key in Network key and click Connect.
Alternately, click Advanced.
In the wireless network adapter properties dialog box, click your wireless network name and click Configure.
In the Wireless Network Properties dialog box, select the Data encryption (WEP enabled) check box and clear the The key is provided for me automatically check box.
In Key format, select the encryption key format as configured on the initial wireless client.
In Key length, select the key size as configured on the initial wireless client.
In Network key, type the key as configured on the initial wireless client.
In Key index, select the key index number that matches the key index position of the initial Windows XP wireless client. Windows XP with no service packs installed begins numbering key indexes with 0.
Click OK to save changes to the wireless network.
Click OK to save changes to the wireless network adapter.
Wireless Network Adapter Driver does not Support Wireless Auto Configuration
Use the configuration software to configure your wireless network adapter for the following:
The SSID of your ad hoc wireless network
The SSID must be the same as configured on the initial wireless client.
Ad hoc wireless network mode
Open system authentication
Enable WEP encryption
The WEP key size
Select the key size as configured on the initial wireless client. If the wireless network adapter does not support the same encryption key length as the initial wireless client, you must reconfigure the initial wireless client. For example, if the initial wireless client supports 40-bit and 104-bit WEP key sizes and your wireless network adapter only supports 40-bit keys, you must reconfigure the initial wireless client to use a 40-bit WEP key.
The WEP key format
Select the same WEP key format as configured on the initial wireless client. If the wireless network adapter does not support the same encryption key formats as the initial wireless client, you must reconfigure the initial wireless client. For example, if the initial wireless client supports keyboard (ASCII) and hexadecimal WEP key formats and your wireless network adapter only supports keyboard format, you must reconfigure the initial wireless client to use keyboard format for the encryption keys.
The WEP key
Type the same encryption key in the same encryption key memory position as configured on the initial wireless client.
Summary
Wireless networks enable location independence and roaming support for network connectivity in the home or small business. You can configure a wireless network using a wireless AP (infrastructure mode), or just using wireless clients (ad hoc mode). Wireless networks can also allow unintended access to your network. In order to provide security for your home or small office wireless network where 802.1X authentication is not practical, you must use WPA2 preshared key authentication and AES encryption (for infrastructure mode), WPA preshared key authentication and TKIP encryption (for infrastructure mode), or open system authentication and WEP encryption (for either infrastructure or ad hoc mode).
Related Links
See the following resource for additional information:
“Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks” white paper at https://www.microsoft.com/downloads/details.aspx?familyid=269902e8-fc41-4eb1-9374-44612e64f0fb&displaylang=en.
“Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office” article at https://www.microsoft.com/downloads/details.aspx?FamilyID=35c7e5ad-59e7-477b-9d27-6a7030e67002&displaylang=en.
Microsoft Wireless Networking Web site at https://www.microsoft.com/technet/itsolutions/network/wifi/default.mspx.
For the latest information about Windows XP, see the Windows XP Web site at https://www.microsoft.com/windowsxp.