Apple's AirPort Software Base Station is a program that turns a Mac OS 9.x computer into a Wireless Access Point. It requires a Mac OS 9.x computer that has an Internet connection (either dial-up (modem) or Ethernet), and an Apple AirPort Wireless card. It shares the single Internet connection with a number of clients; the clients communicate with the Software Base Station via wireless networking and/or Ethernet wiring.
The program is not available for Mac OS X. (Equivalent functionality is supposed tobe available using Mac OS X's Internet Sharing feature, available starting in Mac OS X version 10.2. However, that software contains serious bugs that can interfere with the campus network.)
Do not confuse the Apple AirPort Software Base Station (a program that runs on a Macintosh computer) with Apple's AirPort Base Station; the latter is a standalone hardware device. The information in this document applies only to the software version.
The information in this document applies only to Apple AirPort Software Base Station software running on a Macintosh computer attached to the campus network via the Mac's Ethernet port. This document does not apply to AirPort Software Base Station software running on a Macintosh computer attached to a network via the Mac's modem (telephone) port.
While Apple's AirPort Software Base Station is not a product that OIT explicitly supports for on-campus use, we anticipate that some on-campus customers will run this program as a means to create private wireless networks attached to the campus wired network.
The purpose of this document is to describe important steps that must be taken (by the person responsible for the Macintosh on which the program runs) to prevent the program from interfering with the operation of the campus wired and wireless networks.
Our intent is not to fully document the configuration and use of the Apple AirPort Software Base Station; we assume that the owner will review the documentation provided by the vendor. This document is focused on just those particular issues specific to running this program on Princeton University's campus network.
Before proceeding, be sure you are familiar with Connecting a Private Wireless Access Point to the Campus Network.
The Apple AirPort Software Base Station always functions as a NAT; it cannot be configured to function as a bridge. Therefore, be sure you are also familiar with Connecting a Private Network Address Translator to the Campus Network.
The program includes an embedded DHCP server. It will provide NAT and DHCP service to the private network created by the Mac's wireless interface. As documented below, it must be configured so that it does not serve the Mac's Ethernet interface.
The Macintosh computer on which you will run the software must be subscribed to Dormnet or registered in the Host Database. No special steps must be taken when registering the Macintosh computer; it is registered simply as a normal HOST. (It is not registered as a NAT, because it is not a dedicated NAT. It is is a host that also acts as a NAT.)
Naturally, if you enable the AirPort Software Base Station, then your Mac can no longer use its wireless card to connect to wireless networks. (After all, the wireless card is now being used to create a new private wireless network to which other wireless clients may connect.)
Configuring the Software Base Station is performed using Apple's "AirPort" program on the Macintosh. (This is the same program that may be used to configure the Mac's AirPort card.) At the time of this writing, the current version of this program is version 2.0.4; if you do not have this program on your Macintosh, or you have an older version, obtain the current version from Apple before proceeding. (It is included as part of a software package named AirPort 2.0.4.) You can download it from Apple. (Depending on your Mac, you may also be able to retrieve it from Apple using your Mac's "Software Update" Control Panel.)
(Apple also provides another program called "AirPort Setup Assistant" to configure the software base station. Do not use that program to configure the Software Base Station; it may not configure it appropriately for use on the campus network.)
Follow Apple's instructions for configuring the Software Base Station (which are not repeated here), but with the following caveats:
The name you enter here is the wireless network name (a.k.a. "SSID") that wireless clients see, and select to join your private wireless network.
We recommend you name your wireless network after the hostname registered for your Macintosh. For instance, if your Macintosh is registered as jxydoe.student.princeton.edu, then make your wireless network name jxydoe.student or perhaps jxydoe's network. Using the same name as your Mac's hostname will help identify the wireless network to anyone who stumbles across it, and may be helpful for diagnostic purposes.
Be sure that you do not specify puwireless as your network name. That wireless network name (a.k.a. SSID) is reserved for use by OIT Wireless Service; if you were to name your private wireless network the same way, it would confuse clients who stumble across it, and could cause difficulty for users of OIT's service.
Enabling this would cause your Mac to also act as a NAT on its Ethernet interface. That is not appropriate as your Ethernet interface is attached to the campus network. You should only be serving clients on your wireless interface (i.e. your private wireless network).
You may choose to limit access in either (or better yet, both) of two ways:
You should be aware that this does not guarantee that other clients cannot associate to your AirPort Software Base Station. It is still possible for unscrupulous individuals to configure a wireless client to spoof another's wireless hardware address. It just adds another small obstacle for them to overcome.
Note that some wireless clients may not support WEP, so this feature is not practical unless all the clients of your wireless network support WEP.
Note also that WEP is not considered to be strong encryption, and in fact, WEP technology has been "cracked." You should not assume that the use of WEP provides you with strong privacy, access control, or integrity. At best, it adds a level of inconvenience to dissuade unwelcome guests from attempting to access your private wireless network. Still, each obstacle you add to prevent unauthorized use of your private wireless network may be helpful.
Although this document discusses the Apple AirPort Software Base Station, it should not be construed as a statement of OIT support for the program, or for the construction of private wireless networks.
We have published this document because we expect some customers will run this product on Macintosh computers attached to the campus network; unless running with appropriate configuration, the program can interfere with the operation of the campus wired and wireless networks. The instructions in this document are intended to document the steps necessary to prevent such problems.
OIT does not support your Apple AirPort Software Base Station, or the private wireless network it provides. You are responsible for operating the program in a way that does not interfere with the operation of OIT's wired and wireless networks. If you cannot configure it to operate in such a way, you will have to disable the program.