Java-Based Airport Base Station Configurator
Running the ConfiguratorTo run the configurator, "cd" into the directory containing it and type "java -jar AirportConfigurator.jar". If you get an error message, you may not have the Java Runtime Environment installed. On Windows machines, you may alternately run the software by simply double-clicking on the file "AirportConfigurator.jar".
Configurator Main WindowWhen it starts, the Configurator opens to its main window, which contains several text fields and buttons and a messages area at the bottom, along with a large tabbed pane that holds the configurable settings for a base station - these will be empty (or 0) until valid settings are retrieved from a base station. A description of the function of the text fields and buttons is given below; a detailed description of the tabbed pane functions follows.
This text box receives the IP address of the base station whose settings you wish to retrieve or update. The default value 10.0.1.1 generally works when the Airport is connected through a modem and NAT (discussed below) is being used. However, the Airport's "real" address is different, and must be used in certain situations; this address can be discovered using the "Discover Devices" button, described below.
Receives the password needed to retrieve or update the base station's settings. The default factory value for the base station is "public"; however, this should be one of the first parameters you change, so that your base station can't be reconfigured by anyone else.
Broadcasts a request to all base stations to identify themselves, and displays their IP addresses, names, and device types. You can cut-and-paste an IP address from this window into the "Device address" field in the configurator's main window to retrieve settings. This is useful when you don't know the IP address of your base station, or have configured it so that it no longer responds to its previous address or the default 10.0.1.1 address. Note that other device types might respond to the discovery message; however, this configurator has only been tested on Apple's AirPort Base Station! Choose "Stop Discovery" (or "Close") when you get tired of waiting / bored.
Gets the current settings from the base station whose IP address is entered in the above text field. Note that the community name must be correct for it to respond.
Sends the settings currently displayed to the base station, and instructs it to restart. The restart sequence takes about 30 seconds (with an impressive show of flashing lights!); the base station is storing the settings in a non-volatile memory module, so that they won't be lost if you unplug it. Note that this is disabled until you retrieve settings from a base station; this prevents the inadvertent updating of a base station with null data!
Tabbed PanesThe tabbed panes contain fields, checkboxes and radio buttons for editting the base station settings. The panes and their settings are described below.
Main PaneContains fields for entering a name for the base station, its location, the name of a contact person, and one for entering a new community name (password) for future updates. As discussed above, one of the first changes you should make is to change the community name from the default "public" to something else, so your base station won't be re-configured by someone else!
Wireless LAN Settings
Used to create a name for the wireless LAN that hosts can be configured to use. This is primarily useful in settings in which there are multiple base stations around, and it is desired to have certain hosts use specific base stations: hosts can be configured (by adjusting settings for their wireless cards) to connect only to the network with the specified name. If this isn't an issue, your laptop can be set to use the network name "ANY"; with this setting, it will connect to any wireless base station it detects, ignoring the wireless network name configured into the base station (but see the next item).
If this is selected, then a computer will be able to communicate with the base station only if it knows the exact network name (above) - the base station won't advertise the name, and using network name "ANY" in a host won't gain access. This is useful if you'd like to restrict the wireless hosts which can reach the outside network through the base station; the network name becomes a sort of password that one must know for his packets to be forwarded by the base station. This won't prevent two wireless hosts from communicating directly, though.
You can choose any of 11 channels on which the wireless signals will be broadcast; generally, this will only need to be changed if there is another base station nearby causing intereference (or if you have a favorite number...).
If the "Use encryption" box is checked, wireless transmissions will be encrypted using the selected 5-byte key given in the selected "Encryption key" field. The key should be specified as a hexadecimal value - i.e., it should consist of 10 characters from 0 to 9 or A to F (spaces are OK, and case doesn't matter). An example key setting would be "1A FC 34 D7 88" (without the quotes); any such value will do (but all 0's is probably not a wise choice - make it somewhat random so it can't easily be guessed). The same value should be used as the key in your laptop's wireless card setup; note that some manufacturers (e.g., Lucent) may require you to put the characters "0x" (that's a zero) in front of the key to indicate that it's a hexadecimal value.
You can enter up to 4 encryption keys for storage in the base station, but only one can be active at a time.
If this box is checked, both encrypted and unencrypted traffic will be accepted by the base station
Network ConnectionThis panel sets how the base station connects to the external world - either via its built-in modem (using the small phone-jack connector), or through its Ethernet port (using the fat jack). If you already have an Ethernet LAN, or are using a cable or DSL modem, you'll want to connect through the Ethernet port; if you're using a dial-up line, you'll want to connect through the modem. The settings needed depend on which is selected, and are discussed below.
A benefit for dial-up users is that when connecting through the modem,
non-wireless hosts can connect to the base station through the Ethernet
port and use its modem to connect, sharing the connection with the wireless
hosts. Thus several machines, wireless and wired, can be on-line simultaneously
using just a single phone line! This capability (known as Network Address
Translation, or NAT) is discussed further under the "Bridging Functions";
in any case, the Ethernet port isn't "wasted" when you're connecting through
Bridging FunctionsThis panel sets how the base station handles the hosts that are attached to it, whether wireless or those connected through the Ethernet port. For modem connection, the setting should always be "NAT", or Network Address Translation. When the base station is connected to the external network through the Ethernet port, it can be configured to act as either a transparent bridge or as a NAT provider. These options are discussed below.
Can be used with either modem or Ethernet connection of the base station to the external network. With this setting, wireless hosts are configured with "private" local IP addresses, which they can use to "talk" directly to one another and to the base station. However, these aren't "real" addresses: if one of the local machines sent a message to a non-local machine using its local address as the return address, the remote host wouldn't know where to send the reply - the local addresses only make sense to the local machines. Communication with the "outside world" requires that a globally valid ("real") return address be used.
To accommodate external communication, an address substitution technique is used. The base station has in addition to its "private" local address a "public" or "real" IP address, that it receives from the ISP when modem connection is made (or from an external DHCP server or through manual configuration when connection is through the Ethernet port). This "public" address is what the base station uses to communicate with external (non-local) hosts. When one of the base station's local hosts wishes to communicate with a non-local host, the communication goes through the base station, which replaces the local host's private return address with its own public address and sends the message out. The reply will thus be sent to the base station; when it is received, the base station substitutes the local host's private address for its own public address and forwards the message on the local LAN. The local host thus receives the reply to its original message, without ever being aware that any of this address substitution took place. (The base station actually does an additional substitution, of port numbers, so that it can keep track of which local host is expecting which reply from which remote host; that's how it knows which local host's private address to substitute for its own public address when a reply is received.)
This process of substituting a public (global) address for a private (local) one, and vice-versa, is called Network Address Translation, or NAT. NAT is really neat, especially when used with a modem connection: a single modem connection can support multiple local host connections simultaneously, each communicating with remote machines without even being aware of the other hosts' connections! (Of course, if 10 hosts try to download large files simultaneously, each will receive only about 1/10 of the total connection bandwidth, so transfer speed will be affected.)
When NAT is selected, two textfields are enabled which together specify the local "private" addresses:
As an example, suppose the base station private address is entered as 10.3.4.5
DHCP (Dynamic Host Configuration Protocol) Service
If NAT is used, the addresses to be delivered should be valid private local addresses.
If NAT is not used, i.e., the base station is set to transparent bridge mode, then these must be globally valid IP addresses, that you have been assigned to use by a network authority or network administrator. You can't just choose a random set of addresses and use them as your own if they're to be used as globally valid IP addresses - these will have already been allocated to someone else in the world, and any responses to packets you send out bearing these addresses will be delivered to the adresses' rightful owner, not to you! Note that this isn't a problem when NAT is used, since the private local addresses are replaced by the base station's legitimate public address before they're sent out in public (see the discussion above on NAT for more details).
Access ControlThis panel permits access to the wireless network to be restricted to only the listed hosts. In this way, you won't have to worry about becoming the Internet service provider for all of your neighbors who have wireless cards! The list consists of the Ethernet address of each host's wireless card, together with an optional host name (19 characters max). If the list is empty, i.e., no hosts are listed, then any wireless card will be permitted to connect; if there is at least one entry in the list, then only those hosts listed will be able to connect to the base station.
The Ethernet address of a host's card can usually be found printed on the card, or can be found by running the command "ipconfig /All" in Windows or "ifconfig -a" on most Unix hosts. The address should be 12 hexadecimal digits, 0 to 9 or A to F (spaces and lowercase are OK)
NOTE: If you enter an incorrect address for your laptop,
you may end up preventing your laptop from being able to communicate with
the base station - which will prevent you from correcting and updating
the settings!! If this happens, you can still reconfigure the base station
by connecting to it through its Ethernet port if you have an Ethernet adapter
card. If not, you may have to reset the base station to its default factory
settings and start over! (See, "Troubleshooting", below)
Port MappingThis panel provides a facility for reaching wireless hosts "from the outside" when Network Address Translation (NAT) is used. As per the discussion of NAT above, the base station susbstitutes its own real IP address in the source address of outgoing packets, and additionally replaces the source port with a randomly selected port. This "external" port (and the internal host's address and port) is saved and used by the base station to direct received packets to the internal host that requested them. While the base station selects such ports "on the fly", it's possible to set up initial mappings between specific internal ("private") host adresses and ports and specific external ("public") base station ports. This is useful when you'd like to initiate communication with one of the internal hosts from an external host, by using the base station's IP address and the appropriate "public" port. For example, suppose you'd like to initiate communication with one of the internal hosts from outside the wireless network - say, you'd like to Telnet into the host with internal IP address 10.0.1.5, using the standard Telnet port 23 on that host. To accomplish this, select a public port on the base station to handle this communication - say, port 1500. (Use values greater than 1023 for the public port; ports with values less than 1024 are reserved for well-known services, and shouldn't be used for other purposes.) Then add an entry in the port mapping table, with public port 1500, private IP address 10.0.1.5, and private port 23. After the base station is updated with this information, whenever a packet arrives at the base station from the outside network with destination port 1500, it will be sent to internal host 10.0.1.5, port 23. You would thus Telnet into host 10.0.1.5, port 23, by Telnetting to the base station IP address, port 1500.
Unfortunately, the number of such "port maps" is limited to 20, and
ranges (say, ports 30-35) can only be specified by mapping the individual
ports separately. Also, to be effective, you need to know the base station's
(real) IP address, which might change if it receives its IP address from
your internet service provider using DHCP.
TipsThe Airport base station is a wonderful device, providing a wide array of useful services. Hoewever, this makes it somewhat complex, with a confusing array of configuration options. In fact, it's possible to set the configuration so that it doesn't operate in the way you want it to, and may not even allow your wireless host to communicate with it! Don't fret - there are a number of workarounds to configuration problems (see "Troubleshooting", below) - but the following tips might help keep you from having to use them.
Troubleshooting"OK, now it's broken - what do I do?" Well, that depends on how broken it is....
You need to add the host to the access control list, or disable access control altogether by removing all entries from the access control list. Of course, to change the settings, you need to be able to communicate with the base station, which is exactly what you currently can't do. You therefore need to connect to the base station using either a wireless host that is on the wireless network access list, or connect to the base station through its Ethernet port. If neither option is available, you'll have to reset the base station to its factory settings (see below) and reconfigure it from this starting point.
To see if this is the problem, try setting the network name to "ANY" (without quotes) in your computer's wireless card settings - if this was the culprit, you should now be able to connect without a problem; see the section on "Network Names" in the Wireless LAN section above.
You must be using the correct hex string as your encryption key; see the section on encryption in the Wireless LAN section above. To correct this, you'll either have to change the key you're using on your host or the key on the base station, or disable encryption on both. Of course, to change the base station settings, you need to be able to communicate with it, and you can't currently do that. You therefore need to connect to the base station using either a wireless host that is using the correct encryption key, or connect to the base station through its Ethernet port. If neither option is available, you'll have to reset the base station to its factory settings (see below) and reconfigure it anew.
This can happen for a number of reasons, and is especially frustrating; however, there are some relatively simple workarounds.
You can determine the host address to use by using the "Discover Devices" button (the default 10.0.1.1 won't always work). If you forgot the community name you're using, you have to reset the base station to its factory settings (see below), after which the community name will be the default, "public".
To rectify this, you need to connect to the base station using either a wireless host that is on the wireless network access list, or connect to it through its Ethernet port. If neither option is available, you'll have to reset the base station to its factory settings (see below).
It may be that, even though you can get the base station's address using the "Discover Devices" button, and you know the correct community name (password), the station still won't respond to your requests to retrieve or update its settings. This usually happens when bridging is messed up: the base station isn't recognizing you as belonging to its LAN, and therefore doesn't respond. To rectify this, you need to temporarily reconfigure your computer so that it is on the base station's LAN, as follows:
Resetting base station to factory settings (revised to include Airport 1.1 and up)When all else has failed, you may have to replace corrupted settings with "factory fresh" defaults. The base station's configuration will then be returned to the settings it had when it came out of the box, and you can start over with your reconfiguration. Note that with Airport 1.1 and up, this procedure requires that new firmware (base station operating system software) be uploaded. Thus make sure you have this on hand before proceeding!
I only had to do this once, before I had discovered all of the workarounds above; hopefully you won't find this necessary - not that it's difficult, but it sort of represents a "last resort, I give up, the damn thing still doesn't work" situation....well, if you're reading this, you already know that, so here's the instructions:
Firmware uploadYou can update the base station's software (called "firmware") to take advantages of improvements offered by the latest releases. These are avaiable free through Apple; check their Airport support page at URL: http://www.info.apple.com/support/airport/solve.html
Unfortunately, they deliver this software in a compressed ".smi" file, which requires a Mac to decode it. Once you have such a file, here's how you can upload it to the base station; the procedure depends on whether the base station is currently working (center light shining green) or has been reset (center light shining amber / red).
Base station currently working (not reset): center light green