TWO Internet Set-up Instructions
Purpose Of This Document
This document describes the items needed, and configuration of those items, for connection of TWO
workstations to the Internet. The workstations will also need to be networked for the purpose of
printing – that procedure is described in the document, “Network Printer Set-up” (Appendix, Ref No.
1). The appendix contains a list of documents that may assist you in the setup.
IMPORTANT NOTE: This document contains the procedures for setting up the routers and
connecting equipment when there is a wired connection to the Internet at your site. If the only
connection to the Internet is via a wireless connection, then you should, instead, accomplish the
procedures in the document, “Using a Site’s Wireless Connection” (Appendix, Ref No. 8).
Level Of Expertise Required
This procedure requires an intermediate level of expertise. The user should have at least an
introductory level of knowledge of computers and routers. In addition, it is recommended that the user
read through this document before starting to assure that he/she has a general understanding of the
procedures and feels comfortable completing them. The procedures are not difficult, but some
interpretation is required on the user’s part, because it is impossible to address the procedures and
terminology for each of the routers that can be used.
What You Need
1. Broadband access – Access must be through a wired connection.
2. Workgroup router (wired or wireless, depending on your type of connection)
It’s possible to use a network switch rather than a router if your host facility already uses a
router. But a router can provide a separate network from that of the host’s network, and is the
preferred networking hardware for Internet sharing.
3. Network switch(es) - If you are using wired connections and your router doesn’t have enough ports
to connect all workstations
4. Cat 5, 5E, or 6 Ethernet cables (whichever can be purchased the cheapest). These are referred to as
“patch cables.”
5. Microsoft Security Essentials (MSE) antivirus installed and updated on AARP laptops (Appendix,
Ref No. 7)
6. Windows firewall turned on laptops (Appendix, Ref No. 7)
7. IRS depot and/or AARP laptops that have had the tune-up procedures installed (Appendix, Ref No.
4 and 5) or, in lieu of running the tune-up procedures, AARP computers that have been imaged
with the 2010 images (Appendix, Ref No. 10). Also, personal and donated computers or site
provided computers that have run the two security scans, if being used as wireless workstations
(Appendix, Ref No. 9) and have been certified by NTC as safe for use.
8. Wireless adapters for non-wireless capable computers.
9. IT assistance – If your host site’s Internet connection is managed by an IT department, you will
need to coordinate with the IT department’s engineers/technicians to connect your router to their
managed network. Connecting directly to a DSL or cable network does not require this.
AARP Tax-Aide
National Technology Committee
1
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
Router And Wireless Card Technical Requirements
Wireless Routers: The router must meet the 802.11G specifications – so, a router listed as 802.11G,
802.11 B/G, or 802.11B/G/N will meet that specification. It is not necessary to purchase a router with
the new 802.11N specification – these routers will normally be much more expensive and most of the
Tax-Aide wireless computers with wireless capability will not conform to the 802.11N specification.
In addition, you will not notice a difference between the G and N routers for the TWO application.
However, if someone is offering N routers at a bargain price, the N routers will work in a G network as
long as the N router is listed as backward compatible with the G specification – almost all are. The
router must also be capable of providing WPA-2 encryption.
Wired Routers: Virtually any router manufactured in the last 5 years will work in a wired network.
Wireless Cards: The wireless cards should meet the 802.11G specifications as described under
“Wireless Routers,” above. However, if someone is offering N cards at a bargain price, the N cards
will work in a G network as long as the N card is listed as backward compatible with the G
specification – almost all are. The card should also be capable of WPA-2 encryption.
Router Security Policy
The use of Wireless Networking is not permitted at any site for full
client/server networking of TaxWise.
The security policy in this section is REQUIRED for any router used in the AARP Tax-Aide program.
A router is recommended to be used for connecting multiple computers to an Internet connection.
While the use of a network switch is allowed, the router offers the most secure and best option for
creating the local area network. This section describes the setup parameters for wired and wireless
routers to the Internet. Each of the items in the list should be changed/verified in your router.
Configuration of the router is described in the next section.
Wireless Router Security Policy: It is required that all of the following items be configured in your
router to secure any and all wireless routers used in the AARP Tax-Aide program, regardless of the
purpose of the network use. If the wireless feature of the router is disabled, you can skip to the Wiredonly Router Security Policy paragraph, below.
1. Infrastructure1 network configuration will be used. Ad-Hoc2 networks are not permitted.
1
Infrastructure -------A wireless network centered about an access point. In this environment, the access point not only
provides communication with a wired network but also mediates wireless network traffic in the
immediate neighborhood.
2
Ad Hoc ---------------Computers communicate directly with one another without using an access point (AP) or any
connection to a wired network.
2
SSID -----------------The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local
area network.
AARP Tax-Aide
National Technology Committee
2
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
2. The default username (if required) and password will be changed to protect the wireless router
or access point.
3. The manufacturer’s default SSID3 must be changed to "TAV[site name]" (without quotes),
e.g., TAVMainLibrary, TAVMapleCC, etc..
4. WPA4 encryption will be used.
5. OPTIONAL: MAC5 address filtering 6 can be used and adds extra security when used in
conjunction with WPA.
6. High power antennae and/or other signal boosters will not be used.
Wired-only Router Security Policy: The default router username (if used) and password must be
changed according to the router manufacturer’s instructions.
Computers: Simple File Sharing must be turned off
EXAMPLE ROUTER CONFIGURATION
NOTE: It is not possible to address the terminology and menu structure in use by all router
manufacturers. Therefore, in the example procedure below, the menu will look different and have a
different nomenclature in your router. If confused, refer to the product manual or request help from
taxaidetech@aarp.org.
Wired and Wireless Network Configuration
There are very few settings to be made in a wired router or wireless router. In general, most default
settings will be correct for TWO. In addition to configuring the items listed in the Router Security
Policy section for each configuration (wired or wireless), the following should also be set or verified
to assure your network functions properly:
Internet Connection Type: Automatic Configuration – DHCP7
DHCP Server: Enabled
Explanation of DHCP: A DHCP server provides an Internet Protocol (IP) address to each device on
the network. The address is similar to a telephone number – it uniquely identifies the device so it can
be communicated with properly. Unlike a telephone number, this address can change every time the
router or network devices are turned on – but, the DHCP server assures that these addresses remain
unique. Your router has two IP addresses: one on the Internet side, Wide Area Network (WAN), so the
router can be recognized on the WAN and one on the Local Area Network (LAN) side so the local
The SSID is set by a network administrator and for open wireless networks, the SSID is broadcast to
all wireless devices within range of the network access point. A closed wireless network does not
broadcast the SSID, requiring users to know the SSID to access the network.
4
WPA ------------------Short for Wi-Fi Protected Access and it is extra strong encryption for Wi-Fi networks.
5
MAC------------------ Media Access Control address, a hardware address that uniquely identifies each node of a network.
Address Filtering---- Address filtering is a router configuration option that only allows connection to the router from
equipment whose MAC address is identified in the router tables.
7
DHCP---------------- Dynamic Host Configuration Protocol is a protocol for assigning dynamic IP addresses to devices on
a network.
6
AARP Tax-Aide
National Technology Committee
3
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
network is isolated from the WAN and local devices can communicate with each other and the WAN
through the router. The router comes with the LAN IP address set, though this can be changed if
necessary. The router must be setup so the WAN side of the router receives its IP address
automatically from the ISP’s DHCP server. Then, the router must act as a DHCP server to provide an
IP address to each of the devices on the LAN side of the router. Thus, the Internet Connection Type
(or similar terminology) must be set to automatically receive the DHCP address on the WAN side.
Then, for the LAN side, the DHCP Server must be enabled to allow the router to distribute IP
addresses to LAN devices.
Wired Network Configuration
If you are using a wireless router but only want to use it for establishing a wired network, then disable
the wireless function.
Wireless Network Configuration
NOTE: Due to the large number of different makes and models of wireless equipment it is not possible
to address all settings and methods. It is the responsibility of the TCS and or TC to ensure that policy
requirements are met.
The following example is written around the Belkin Model F5D7230-4 Wireless G router. For
other makes and models refer to the product manual.
1. If the computer you will connect directly to the router with an Ethernet cable has built-in
wireless capability, then turn off the wireless feature - example: Push the wireless radio button
on the HP nx6110/6310 laptops, or, right-click on the wireless connection icon in the System
Tray on the right-hand side of the Task Bar and select Disable (see below figure).
2. Do not connect the computer to the router yet.
3. Install the router software using the manufacturer’s CD. Accept all the defaults.
4. Connect the router to the computer with an Ethernet patch cable. Caution: DO NOT use the WAN
port on the router to connect your computer. The WAN port is usually clearly identified, and it is used
ONLY to connect to a modem.
5. Using your web browser, access the router by going to the “site” 192.168.2.1 (some routers may use
a different address, e.g., 192.168.1.1 is also a popular address – see your router documentation). You
will see the below menu. Below is the configuration menu for the Belkin router.
AARP Tax-Aide
National Technology Committee
4
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
6. Click on Utilities – System Settings. The current password for the router access is blank. (some
routers come password protected – that password will be identified in the product documentation and
must be changed).
7. Enter a new password, and confirm it. No other changes are necessary on this screen. Scroll to the
bottom of the screen and click “Apply” – the router will reboot once you click on OK.
8. Login in to the router using the password just assigned,
9. Click on “Wireless – Channel and SSID”
a. Change the SSID from its default to TAV[site name]
b. Click “Apply changes” and reboot the router again.
10. Login to the router again
a. Click on “Wireless – security”.
b. Scroll to select a security mode of WPA (may be WPA-2 or WPA2-Personal).
c. Enter the WPA key (also called Passphrase). The passphrase should be of the form “[standard
password for the year, IRS laptop PW][last 8 digits of the MAC address],” for example,
stdpw0423C8F0.
d. Remember the WPA key – you will need it. If you forget it just log on to the router and look it up.
e. Click "Apply Changes".
11. OPTIONAL - Log in to the router again and access “Firewall – MAC address filtering”.
a. Check the “Enable MAC address filtering” box.
b. Enter the MAC address of each of the devices that will be allowed to connect to the wireless
network. The list of allowed MAC addresses can be updated later.
c. Click Apply changes
AARP Tax-Aide
National Technology Committee
5
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
Your Broadband router is now configured for secure access!
Connecting Computers to TWO
Preparing Your Computers
1. Windows ‘as installed’ will have all the settings already enabled for connecting to the Internet
2. The following changes are helpful for verifying and troubleshooting if there is a problem:
a. Show Common Tasks:
 Open any folder, such as ‘My Documents’
 From the ‘Tools’ menu select: ‘Folder Options’
 Click to “Show common tasks in folders”
b. Automatically Search for network folders and printers and Use Simple File Sharing:
 From the same ‘Folder Options’ window, select the ‘View’ Tab
 The first item in the list, Automatically search..., should be disabled (un-checked)
 The last item in the list, Use simple file...,” should be disabled (un-checked)
 Click "Apply" and then "OK"
AARP Tax-Aide
National Technology Committee
6
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
Installing the Router
First connect one patch cable from the WAN port of the router to the facility network jack or
broadband modem’s connection and power up the router.
If connecting from another router (as in a Library, Senior Center, etc.), not a modem, you should
coordinate with the person responsible for IT at the site.
You may need to change the IP address on the second router, as the two routers must have different IP
addresses, to create a different subnet. If at first you do not have an Internet connection when opening
‘Internet Explorer,’ sometimes a power cycle of the router will correct the problem.
Example: Library DHCP router address 192-168-2-1. AARP router address could be changed to
192.168.5.1 or anything other then the library router. If you are permitted to use the Library network
router as a DHCP server, then DHCP on the AARP router must be turned off! With DHCP off you are
not in a separate network, and have basically configured your router as a switch. It is recommended
that you use our router as the DHCP server.
Connecting the Wired Computers
Connect one CAT5 cable from the router’s LAN ports to each computer. If the router does not have
enough ports to connect all your computers, then you will have to buy a network switch to expand the
connections to the router. One port of the network switch should be connected to the router with a
patch cable and then the remaining computers connected by a patch cable to the switch. Network
AARP Tax-Aide
7
TaxaideTech@aarp.org
National Technology Committee
November, 2010
TWO Internet Set-up Instructions
switches come with a variety of ports, e.g., 4, 5, 10, 20, etc. The switches can be daisy-chained – that
is, one switch can be connected via patch cable to another switch to provide even more ports.
Remember, when you do this, there is one less available port on each of the switches – one port is used
by the connection of the two switches. The switches require no configuration.
Congratulations! You are now connected.
 To verify your Internet connection simply open ‘Internet Explorer’
Connecting the Wireless Computers
This section assumes that the computers have wireless capability. If they don’t, then network cards, or
USB wireless adapters can be purchased and installed. Installation is a simple procedure and consists
of installing the card’s software and then inserting the card and following the on-screen instructions to
install it. If, during the software setup you are asked if you want the card utility or Windows to
manage the card, choose Windows. Then, follow the instructions, below.
NOTE: Cost of Network Cards or Adapters is not reimbursable from AARP Tax-Aide, but donated funds can be used.
1. Turn on the computers and login. Make sure your wireless connection is enabled.
2. Double-click the Wireless management icon in the System Tray along the right-hand side of the
Task Bar
3. Click on “View wireless networks”
AARP Tax-Aide
National Technology Committee
8
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
4. Highlight the name of your network – the SSID will be visible – and click “Connect.” Be careful,
there may be other networks listed. If any of those are not secure, you will be able to connect to them
without entering a key or passphrase. DO NOT DO THIS! The connection will not be encrypted and
is subject to shutting down at the users whim.
5. You will be asked to provide the key or passphrase – enter and verify it.
AARP Tax-Aide
National Technology Committee
9
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
6. The window will now show progress and will say, “Acquiring network address.” Once this is
completed, the status will say “Connected.”
Congratulations! You are now Connected.
 To verify your Internet connection simply open ‘Internet Explorer’ and navigate to the TWO
site, twonline.taxwise.com
 From now on, when you restart your computer, it will automatically connect to the wireless
network
Assistance with any of the above procedures is available from AARP Tax-Aide - email
taxaidetech@aarp.org.
AARP Tax-Aide
National Technology Committee
10
TaxaideTech@aarp.org
November, 2010
TWO Internet Set-up Instructions
Appendix
Reference Documents Available On The Extranet
http://www.aarp.org/sk/taxaide/technology.html
Ref
No.
1
Document
Network Printer Set-up
Technology
Tab
Networking
Description
Procedures for networking printers for
all TaxWise or TWO configurations.
2
TWO - Suggested Settings
TaxWise
Online
Provides NTC suggested settings for
TWO, excluding template defaults.
3
Suggested Default Template For
TWO
TaxWise
Online
Provides NTC suggested template
defaults.
4
IRS Depot Laptop Tune-up TY2010
Hardware
Procedures for tune-up of all IRS
depot model laptops.
5
AARP HP Laptop Tune-up TY
2010
Hardware
Procedures for tune-up of all AARP
HP model laptops.
6
AARP HP Dell Vostro Tune-up TY
2010
Hardware
Procedures for tune-up of the AARP
Dell Vostro model laptops.
7
Microsoft Security Essentials
Software
Procedures for removing AVG and
installing and configuring Microsoft
Security Essentials.
8
Using a Site’s Wireless Connection
Networking
Procedures for establishing a network
when the only connection to the
Internet is via wireless.
9
Security Scan
Software
Procedures for running two security
scans on home and/or host provided
computers for certification as TWO
workstations.
10
AARP Computer images
Hardware
The download site for all computer
images is: http://www.taxaideaarp.org
11
Networking TaxWise for AARP
Tax-Aide
Networking
Procedures for setting up a TaxWise
client/server network. A
comprehensive document on
networking that may help if you are
having trouble understanding
concepts.
AARP Tax-Aide
National Technology Committee
11
TaxaideTech@aarp.org
November, 2010