TWO Internet Set-up Instructions Purpose Of This Document This document describes the items needed, and configuration of those items, for connection of TWO workstations to the Internet. The workstations will also need to be networked for the purpose of printing – that procedure is described in the document, “Network Printer Set-up” (Appendix, Ref No. 1). The appendix contains a list of documents that may assist you in the setup. IMPORTANT NOTE: This document contains the procedures for setting up the routers and connecting equipment when there is a wired connection to the Internet at your site. If the only connection to the Internet is via a wireless connection, then you should, instead, accomplish the procedures in the document, “Using a Site’s Wireless Connection” (Appendix, Ref No. 8). Level Of Expertise Required This procedure requires an intermediate level of expertise. The user should have at least an introductory level of knowledge of computers and routers. In addition, it is recommended that the user read through this document before starting to assure that he/she has a general understanding of the procedures and feels comfortable completing them. The procedures are not difficult, but some interpretation is required on the user’s part, because it is impossible to address the procedures and terminology for each of the routers that can be used. What You Need 1. Broadband access – Access must be through a wired connection. 2. Workgroup router (wired or wireless, depending on your type of connection) It’s possible to use a network switch rather than a router if your host facility already uses a router. But a router can provide a separate network from that of the host’s network, and is the preferred networking hardware for Internet sharing. 3. Network switch(es) - If you are using wired connections and your router doesn’t have enough ports to connect all workstations 4. Cat 5, 5E, or 6 Ethernet cables (whichever can be purchased the cheapest). These are referred to as “patch cables.” 5. Microsoft Security Essentials (MSE) antivirus installed and updated on AARP laptops (Appendix, Ref No. 7) 6. Windows firewall turned on laptops (Appendix, Ref No. 7) 7. IRS depot and/or AARP laptops that have had the tune-up procedures installed (Appendix, Ref No. 4 and 5) or, in lieu of running the tune-up procedures, AARP computers that have been imaged with the 2010 images (Appendix, Ref No. 10). Also, personal and donated computers or site provided computers that have run the two security scans, if being used as wireless workstations (Appendix, Ref No. 9) and have been certified by NTC as safe for use. 8. Wireless adapters for non-wireless capable computers. 9. IT assistance – If your host site’s Internet connection is managed by an IT department, you will need to coordinate with the IT department’s engineers/technicians to connect your router to their managed network. Connecting directly to a DSL or cable network does not require this. AARP Tax-Aide National Technology Committee 1 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions Router And Wireless Card Technical Requirements Wireless Routers: The router must meet the 802.11G specifications – so, a router listed as 802.11G, 802.11 B/G, or 802.11B/G/N will meet that specification. It is not necessary to purchase a router with the new 802.11N specification – these routers will normally be much more expensive and most of the Tax-Aide wireless computers with wireless capability will not conform to the 802.11N specification. In addition, you will not notice a difference between the G and N routers for the TWO application. However, if someone is offering N routers at a bargain price, the N routers will work in a G network as long as the N router is listed as backward compatible with the G specification – almost all are. The router must also be capable of providing WPA-2 encryption. Wired Routers: Virtually any router manufactured in the last 5 years will work in a wired network. Wireless Cards: The wireless cards should meet the 802.11G specifications as described under “Wireless Routers,” above. However, if someone is offering N cards at a bargain price, the N cards will work in a G network as long as the N card is listed as backward compatible with the G specification – almost all are. The card should also be capable of WPA-2 encryption. Router Security Policy The use of Wireless Networking is not permitted at any site for full client/server networking of TaxWise. The security policy in this section is REQUIRED for any router used in the AARP Tax-Aide program. A router is recommended to be used for connecting multiple computers to an Internet connection. While the use of a network switch is allowed, the router offers the most secure and best option for creating the local area network. This section describes the setup parameters for wired and wireless routers to the Internet. Each of the items in the list should be changed/verified in your router. Configuration of the router is described in the next section. Wireless Router Security Policy: It is required that all of the following items be configured in your router to secure any and all wireless routers used in the AARP Tax-Aide program, regardless of the purpose of the network use. If the wireless feature of the router is disabled, you can skip to the Wiredonly Router Security Policy paragraph, below. 1. Infrastructure1 network configuration will be used. Ad-Hoc2 networks are not permitted. 1 Infrastructure -------A wireless network centered about an access point. In this environment, the access point not only provides communication with a wired network but also mediates wireless network traffic in the immediate neighborhood. 2 Ad Hoc ---------------Computers communicate directly with one another without using an access point (AP) or any connection to a wired network. 2 SSID -----------------The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network. AARP Tax-Aide National Technology Committee 2 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions 2. The default username (if required) and password will be changed to protect the wireless router or access point. 3. The manufacturer’s default SSID3 must be changed to "TAV[site name]" (without quotes), e.g., TAVMainLibrary, TAVMapleCC, etc.. 4. WPA4 encryption will be used. 5. OPTIONAL: MAC5 address filtering 6 can be used and adds extra security when used in conjunction with WPA. 6. High power antennae and/or other signal boosters will not be used. Wired-only Router Security Policy: The default router username (if used) and password must be changed according to the router manufacturer’s instructions. Computers: Simple File Sharing must be turned off EXAMPLE ROUTER CONFIGURATION NOTE: It is not possible to address the terminology and menu structure in use by all router manufacturers. Therefore, in the example procedure below, the menu will look different and have a different nomenclature in your router. If confused, refer to the product manual or request help from taxaidetech@aarp.org. Wired and Wireless Network Configuration There are very few settings to be made in a wired router or wireless router. In general, most default settings will be correct for TWO. In addition to configuring the items listed in the Router Security Policy section for each configuration (wired or wireless), the following should also be set or verified to assure your network functions properly: Internet Connection Type: Automatic Configuration – DHCP7 DHCP Server: Enabled Explanation of DHCP: A DHCP server provides an Internet Protocol (IP) address to each device on the network. The address is similar to a telephone number – it uniquely identifies the device so it can be communicated with properly. Unlike a telephone number, this address can change every time the router or network devices are turned on – but, the DHCP server assures that these addresses remain unique. Your router has two IP addresses: one on the Internet side, Wide Area Network (WAN), so the router can be recognized on the WAN and one on the Local Area Network (LAN) side so the local The SSID is set by a network administrator and for open wireless networks, the SSID is broadcast to all wireless devices within range of the network access point. A closed wireless network does not broadcast the SSID, requiring users to know the SSID to access the network. 4 WPA ------------------Short for Wi-Fi Protected Access and it is extra strong encryption for Wi-Fi networks. 5 MAC------------------ Media Access Control address, a hardware address that uniquely identifies each node of a network. Address Filtering---- Address filtering is a router configuration option that only allows connection to the router from equipment whose MAC address is identified in the router tables. 7 DHCP---------------- Dynamic Host Configuration Protocol is a protocol for assigning dynamic IP addresses to devices on a network. 6 AARP Tax-Aide National Technology Committee 3 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions network is isolated from the WAN and local devices can communicate with each other and the WAN through the router. The router comes with the LAN IP address set, though this can be changed if necessary. The router must be setup so the WAN side of the router receives its IP address automatically from the ISP’s DHCP server. Then, the router must act as a DHCP server to provide an IP address to each of the devices on the LAN side of the router. Thus, the Internet Connection Type (or similar terminology) must be set to automatically receive the DHCP address on the WAN side. Then, for the LAN side, the DHCP Server must be enabled to allow the router to distribute IP addresses to LAN devices. Wired Network Configuration If you are using a wireless router but only want to use it for establishing a wired network, then disable the wireless function. Wireless Network Configuration NOTE: Due to the large number of different makes and models of wireless equipment it is not possible to address all settings and methods. It is the responsibility of the TCS and or TC to ensure that policy requirements are met. The following example is written around the Belkin Model F5D7230-4 Wireless G router. For other makes and models refer to the product manual. 1. If the computer you will connect directly to the router with an Ethernet cable has built-in wireless capability, then turn off the wireless feature - example: Push the wireless radio button on the HP nx6110/6310 laptops, or, right-click on the wireless connection icon in the System Tray on the right-hand side of the Task Bar and select Disable (see below figure). 2. Do not connect the computer to the router yet. 3. Install the router software using the manufacturer’s CD. Accept all the defaults. 4. Connect the router to the computer with an Ethernet patch cable. Caution: DO NOT use the WAN port on the router to connect your computer. The WAN port is usually clearly identified, and it is used ONLY to connect to a modem. 5. Using your web browser, access the router by going to the “site” 192.168.2.1 (some routers may use a different address, e.g., 192.168.1.1 is also a popular address – see your router documentation). You will see the below menu. Below is the configuration menu for the Belkin router. AARP Tax-Aide National Technology Committee 4 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions 6. Click on Utilities – System Settings. The current password for the router access is blank. (some routers come password protected – that password will be identified in the product documentation and must be changed). 7. Enter a new password, and confirm it. No other changes are necessary on this screen. Scroll to the bottom of the screen and click “Apply” – the router will reboot once you click on OK. 8. Login in to the router using the password just assigned, 9. Click on “Wireless – Channel and SSID” a. Change the SSID from its default to TAV[site name] b. Click “Apply changes” and reboot the router again. 10. Login to the router again a. Click on “Wireless – security”. b. Scroll to select a security mode of WPA (may be WPA-2 or WPA2-Personal). c. Enter the WPA key (also called Passphrase). The passphrase should be of the form “[standard password for the year, IRS laptop PW][last 8 digits of the MAC address],” for example, stdpw0423C8F0. d. Remember the WPA key – you will need it. If you forget it just log on to the router and look it up. e. Click "Apply Changes". 11. OPTIONAL - Log in to the router again and access “Firewall – MAC address filtering”. a. Check the “Enable MAC address filtering” box. b. Enter the MAC address of each of the devices that will be allowed to connect to the wireless network. The list of allowed MAC addresses can be updated later. c. Click Apply changes AARP Tax-Aide National Technology Committee 5 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions Your Broadband router is now configured for secure access! Connecting Computers to TWO Preparing Your Computers 1. Windows ‘as installed’ will have all the settings already enabled for connecting to the Internet 2. The following changes are helpful for verifying and troubleshooting if there is a problem: a. Show Common Tasks: Open any folder, such as ‘My Documents’ From the ‘Tools’ menu select: ‘Folder Options’ Click to “Show common tasks in folders” b. Automatically Search for network folders and printers and Use Simple File Sharing: From the same ‘Folder Options’ window, select the ‘View’ Tab The first item in the list, Automatically search..., should be disabled (un-checked) The last item in the list, Use simple file...,” should be disabled (un-checked) Click "Apply" and then "OK" AARP Tax-Aide National Technology Committee 6 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions Installing the Router First connect one patch cable from the WAN port of the router to the facility network jack or broadband modem’s connection and power up the router. If connecting from another router (as in a Library, Senior Center, etc.), not a modem, you should coordinate with the person responsible for IT at the site. You may need to change the IP address on the second router, as the two routers must have different IP addresses, to create a different subnet. If at first you do not have an Internet connection when opening ‘Internet Explorer,’ sometimes a power cycle of the router will correct the problem. Example: Library DHCP router address 192-168-2-1. AARP router address could be changed to 192.168.5.1 or anything other then the library router. If you are permitted to use the Library network router as a DHCP server, then DHCP on the AARP router must be turned off! With DHCP off you are not in a separate network, and have basically configured your router as a switch. It is recommended that you use our router as the DHCP server. Connecting the Wired Computers Connect one CAT5 cable from the router’s LAN ports to each computer. If the router does not have enough ports to connect all your computers, then you will have to buy a network switch to expand the connections to the router. One port of the network switch should be connected to the router with a patch cable and then the remaining computers connected by a patch cable to the switch. Network AARP Tax-Aide 7 TaxaideTech@aarp.org National Technology Committee November, 2010 TWO Internet Set-up Instructions switches come with a variety of ports, e.g., 4, 5, 10, 20, etc. The switches can be daisy-chained – that is, one switch can be connected via patch cable to another switch to provide even more ports. Remember, when you do this, there is one less available port on each of the switches – one port is used by the connection of the two switches. The switches require no configuration. Congratulations! You are now connected. To verify your Internet connection simply open ‘Internet Explorer’ Connecting the Wireless Computers This section assumes that the computers have wireless capability. If they don’t, then network cards, or USB wireless adapters can be purchased and installed. Installation is a simple procedure and consists of installing the card’s software and then inserting the card and following the on-screen instructions to install it. If, during the software setup you are asked if you want the card utility or Windows to manage the card, choose Windows. Then, follow the instructions, below. NOTE: Cost of Network Cards or Adapters is not reimbursable from AARP Tax-Aide, but donated funds can be used. 1. Turn on the computers and login. Make sure your wireless connection is enabled. 2. Double-click the Wireless management icon in the System Tray along the right-hand side of the Task Bar 3. Click on “View wireless networks” AARP Tax-Aide National Technology Committee 8 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions 4. Highlight the name of your network – the SSID will be visible – and click “Connect.” Be careful, there may be other networks listed. If any of those are not secure, you will be able to connect to them without entering a key or passphrase. DO NOT DO THIS! The connection will not be encrypted and is subject to shutting down at the users whim. 5. You will be asked to provide the key or passphrase – enter and verify it. AARP Tax-Aide National Technology Committee 9 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions 6. The window will now show progress and will say, “Acquiring network address.” Once this is completed, the status will say “Connected.” Congratulations! You are now Connected. To verify your Internet connection simply open ‘Internet Explorer’ and navigate to the TWO site, twonline.taxwise.com From now on, when you restart your computer, it will automatically connect to the wireless network Assistance with any of the above procedures is available from AARP Tax-Aide - email taxaidetech@aarp.org. AARP Tax-Aide National Technology Committee 10 TaxaideTech@aarp.org November, 2010 TWO Internet Set-up Instructions Appendix Reference Documents Available On The Extranet http://www.aarp.org/sk/taxaide/technology.html Ref No. 1 Document Network Printer Set-up Technology Tab Networking Description Procedures for networking printers for all TaxWise or TWO configurations. 2 TWO - Suggested Settings TaxWise Online Provides NTC suggested settings for TWO, excluding template defaults. 3 Suggested Default Template For TWO TaxWise Online Provides NTC suggested template defaults. 4 IRS Depot Laptop Tune-up TY2010 Hardware Procedures for tune-up of all IRS depot model laptops. 5 AARP HP Laptop Tune-up TY 2010 Hardware Procedures for tune-up of all AARP HP model laptops. 6 AARP HP Dell Vostro Tune-up TY 2010 Hardware Procedures for tune-up of the AARP Dell Vostro model laptops. 7 Microsoft Security Essentials Software Procedures for removing AVG and installing and configuring Microsoft Security Essentials. 8 Using a Site’s Wireless Connection Networking Procedures for establishing a network when the only connection to the Internet is via wireless. 9 Security Scan Software Procedures for running two security scans on home and/or host provided computers for certification as TWO workstations. 10 AARP Computer images Hardware The download site for all computer images is: http://www.taxaideaarp.org 11 Networking TaxWise for AARP Tax-Aide Networking Procedures for setting up a TaxWise client/server network. A comprehensive document on networking that may help if you are having trouble understanding concepts. AARP Tax-Aide National Technology Committee 11 TaxaideTech@aarp.org November, 2010