mac.column.ted: Make the Most of Your AirPort Network

Posted Wednesday, September 6th

Ted Landau
September 2006

A wireless network, especially one set up with an Apple AirPort Base Station, combined with broadband Internet access is a surefire recipe for computer joy. For starters, there is the obvious benefit of the speedy 24/7 online access. If you have more than one Mac in your home, perhaps you have discovered the added joy of sharing data among your connected Macs, such as via iTunes Music Sharing or even via the Finder. But all of that just scratches the surface of what you can do. Ignoring these features is a bit like ordering cable TV and never straying from the network stations available over-the-air. You're getting some benefit, but there's so much more you could be getting.

That's the focus of this article. It's an exploration of the lesser known features of Apple's AirPort Base Stations (Extreme and/or Express) and their wireless networks. It's also about the primary tool you'll need to access most of these features: Apple's AirPort Admin Utility (located in the /Applications/Utilities folder). Ready? OK, let's go:

AirPort Printer Sharing. If you have a USB printer and more than one Mac, you may be using Mac OS X's Printer Sharing. You enable this option via the Printer Sharing settings in the Print & Fax System Preferences pane. This allows all the Macs on your AirPort network to access a printer connected to one of the Macs. This is certainly a convenience and much cheaper than having to get a separate printer for each Mac. But it has one significant downside: If the Mac to which the printer is connected is shut down or sleeping, the printer is no longer accessible by other Macs.

Happily, there is a way to avoid this downside -- if you have an AirPort Base Station. You can connect the printer to the USB port on the Base Station. The printer will now show up when you select to add a printer in Printer Setup Utility. After adding it, the printer becomes available to all Macs on your AirPort network, independent of whether or not Printer Sharing is enabled and regardless of whether any particular Mac is on or off.

There's even cooler news if you have more than one USB printer and an AirPort Extreme Base Station (an AirPort Express won't do for this trick!): You can connect up to four USB printers to one Base Station by using a USB hub. All the printers will be similarly accessible to all Macs on the network (see this Apple Knowledge Base article for more details).

AirTunes. AirTunes is an AirPort option that many more people have heard about than actually use -- possibly because it usually requires buying an additional AirPort Base Station. But it's so worth it. For a little over $100, you get to spectacularly transform the way you listen to music.

Briefly, here's how it works: an AirPort Express (but not an AirPort Extreme) is connected to a stereo system via an audio cable (such as the AirPort Express Stereo Connection Kit). To get AirTunes working, just select your newly installed Express in AirPort Admin Utility, go to the Music tab, click the checkbox for the "Enable AirTunes of this base station" option, name the speaker connection, and click to Update the Base Station. That's it. You don't even need a pre-existing wireless network in place for this to work.

Now, from any Mac with AirPort access, launch iTunes. At the bottom of the window will be a new pop-up menu from which you can select the speaker  location of your choice (such as Computer or Living Room). Select Living Room (or whatever name you entered) and all iTunes audio will be sent to the device to which the Express is connected. The music will sound just about the same as if you had played it directly from a CD player. Except that you don't have to worry about swapping out CDs to keep the music going. To change the music, just change your selection in iTunes. Mix-and-match from the music you transferred from your CDs and/or downloaded from the Internet. Create and play playlists of any desired length. If you are like me, you will never want to use your stand-alone CD player again.

The only downside is that you cannot control play, such as pause or skip, from the room where you are listening. But there is a partial work-around for this. Get Keyspan Express Remote, a device that connects to your AirPort Express via its USB port. With it, you can remotely control iTunes from the room where your stereo is located. You still can't see a list of songs or switch playlists, but you can do all the other basics.

Believe me, if you enjoy listening to music and own a quality music system, use AirTunes. You will not regret it. I promise.

Figure 1. AirPort Admin Utility's Music tab for an AirPort Express Base Station.

WDS. Okay. If you already have an AirPort Base Station in your office, the AirPort Express connected to your stereo is a secondary base station. If this is the case, your next step should be to connect the two Base Stations together via a Wireless Distribution System (WDS).

Why do this? Because it will boost the AirPort signal in your secondary location (your living room in our example). Without the WDS setup, a laptop in your living room will try to connect to the Internet via the Base Station in your office. With WDS, the laptop connects via the presumably closer Express in the living room (which in turn connects to the Base Station in your office). This latter setup provides much better signal strength from the distant location. In some homes, it can mean the difference between a decent connection and not being able to connect at all.

The only hitch is that setting up a WDS requires getting your hands a bit dirty with Apple Admin Utility. Here's some guidelines that should make the job an easy one:

  1. Go to AirPort Admin Utility and access the main Base Station in your office.
  2. Select the WDS tab.
  3. Enable the "Enable this base station as a WDS" checkbox and select "Main base station" from the pop-up menu. The "Allow wireless clients on this base station" should now also be enabled; leave it alone.
  4. Click the Add ( ) button and locate the Express base station from the list that appears. Make sure the "Auto configure as a WDS remote Base Station option is enabled," and click OK to add it.
  5. Click the Update button to actually make the changes to the Base Station.
  6. You will be prompted to confirm changes to be made to the remote Base Station as well. Click OK to do so.

That's essentially it (see this Apple Knowledge Base article if you need more details).

By the way: After setting up a WDS as described here, if you open the secondary Express in AirPort Admin Utility, you should see that it is configured as a "remote base station" in the WDS tab. Further, in the Internet tab, the "Connect Using" pop-up menu item should read "AirPort (WDS)."

Figure 2. AirPort Admin Utility's WDS tab for an AirPort Extreme Base Station.

TiVO Desktop. The AirPort Express in your living room is now doing double duty as a vehicle for AirTunes and as a WDS relay station. But we're not done yet. There is at least one more thing you should definitely not pass up! If you have a TiVo DVR near the Express (as part of an entertainment center hooked together with your stereo, for example), you can connect the TiVo to the AirPort Express.

The newest generation of TiVos make the connection easy because they include an Ethernet port. For older TiVo DVRs, you will need a USB-to-Ethernet adapter (I recommend the NetGear FA120) to connect to the USB port on the TiVo. In either case, you connect the TiVo to the Ethernet port on your AirPort Express. To get things working, you next go to the TiVo setup screen on your television and select to connect to your wireless network (rather than to the phone connection you had been using).

The immediate benefit is that you will get more frequent and speedier updates from TiVo, as you will have 24/7 wireless access to the network. But there's more. You also get access to network-only options such as Yahoo! Weather, Yahoo! Traffic and even the ability to listen to podcasts! Just go to the "Music, Photos & More" section of the TiVo. But we're still not done. Finally, go back to your Mac and download the free TiVo Desktop software. After you install it (it's a System Preferences pane), you will be able to play music from your iTunes library or show slideshows from your iPhoto library through your TiVo (from the same "Music, Photos & More" section). Of course, with AirTunes, you already have access to your iTunes music. But now you can show photos as well.

One minor gripe: The PC version of the TiVo Desktop software allows you to send recorded shows from the TiVo to your computer. This option is not yet available for the Mac, but TiVo says it is coming.

If you have done everything I have suggested so far, the AirPort Express in your living room is now full-to-capacity: an audio cable connection for AirTunes, a USB connection for the Keyspan Express Remote, and an Ethernet connection for TiVo. Meanwhile, the USB port on the AirPort in your office is connected to one or more USB printers while its WAN Ethernet connection goes to your broadband modem. Whew!

Take a brief break to enjoy all that you have accomplished. Then let's return to dig even deeper into AirPort Admin Utility:

Closed networks and Access Control. Unless you don't care that neighbors (or even strangers driving by your house) may use your wireless network to get free Internet access (and potentially even get access to your Mac!), you will want to set up some level of security for your network. The most basic and most common security is to assign a password. Chances are good you already have this in place, so I won't discuss it further -- except to say that if you are using a WEP password, you should consider shifting to WPA, as it is more secure. To do so, open your Base Station in AirPort Admin Utility and select the Change Wireless Security option in the AirPort pane (see this Apple article for more details).

If you want even more security than a password provides, AirPort offers several additional options. Two of the best are (a) closed networks and (b) access control.

To create a closed network is simple. Just enable the "Create a closed network" checkbox in the afore-mentioned AirPort pane (and then Update, as always). After doing this, the name of your network is no longer listed in places such as AirPort menus or Internet Connect's Network pop-up menu. Instead, to join your network, a person needs to select the "Other..." option. From here, they will need to enter the network's name as well as its password. Anyone who does not know the name (assuming they can't guess it!) will thus be unable to even find your network, never mind join it.

The downside of the "closed network" approach is that it can be a pain to have to select "Other..." each time you want to join the network, especially if you frequently shift among different networks. That's one reason that some users may prefer instead to use access controls. To do so, go to the Access Control tab of AirPort Admin Utility. From here:

  1. Click the Add ( ) button.
  2. From the sheet that drops down, click the "This Computer" button.
  3. Click OK to add your Mac to the access control list.
  4. Click the Update button.

Now, the only device that can connect to your network is the Mac you just added. Even you cannot connect to the network from another device (such as another Mac) -- regardless of whether or not you know the network name and/or password! Of course, if you want other computers to be able to get on the network, you can add them to the list. All you need is to know their AirPort ID (also known as the MAC address), as listed in the AirPort section of the Network System Preferences pane of the relevant Mac.

Note: If you've set up a Wireless Distribution System (WDS), you'll need to duplicate the access control list on all base stations on the network in order for access to the network to be truly blocked.

The obvious downside of control lists is that there may be times when you want less restrictive access, such as if friends drops by with their laptops and want to get on your network. If this is a frequent occurrence, than you may not want to use Access Control.

Each form of security (password, closed network, Access Control) has its advantages and disadvantages. Which one (or which combination of more than one) is best for you depends on your particular situation. The important thing is to be aware of these different options so you can select what works best.

Figure 3. AirPort Admin Utility's Access Control tab.

Default Host and Port Mapping. Finally, if you have more than one Mac connected to your wireless network, you may confront a dilemma when users legitimately attempt to access your Mac over the Internet. This can occur, for example, if you have set up a Web site on your Mac (as enabled via the "Personal Web Sharing" option in the Sharing System Preferences pane).

The problem occurs when an outside request reaches your AirPort Base Station and the Base Station doesn't know to which Mac to route the request. The result is that users are unable to get to your Web site (or whatever else they were trying to do). The solution is for you to tell the Base Station how to route the traffic. There are at least two ways to do this:

  • Default Host. From the AirPort pane of AirPort Admin Utility, click the Base Station Options button. From the sheet that drops down, click the checkbox for "Enable Default Host at." Additionally, in the text box to the right, enter the final segment of the local (LAN) IP address for the Mac.

    For most wireless networks, the local IP address is the one listed in the relevant Mac's Sharing System Preferences pane, such as The local address, in turn, is determined by the "Distribute IP addresses" settings in the Network tab of AirPort Admin Utility.

    Finally, click to Update. Now, all incoming requests from the Internet will be sent to your selected Mac, ignoring all others.

    Default Host does carry a security risk. Essentially, all incoming requests will bypass the security afforded by the router's assignment of local addresses, which normally keeps the existence of Macs on the local network hidden and protected from outside Internet access.

  • Port Mapping. To minimize the risks of Default Host, you can instead use Port Mapping. Port Mapping only opens the ports you designate (rather than opening all ports, as Default Host does). For example, Web (http) traffic is typically directed to port 80 (check out this Apple Knowledge Base article for a list of all common Internet services and what ports they use). So, if you have set up a Web site on your office desktop Mac, you would want to direct port 80 requests to that Mac (and not to any other Macs you may have).

    To do this, go (where else?) to the Port Mapping tab of AirPort Admin Utility. Click the Add button. From the sheet that drops down, enter the public and private port number (typically the same in both cases, and "80" in this case). As the "Private Address," enter the local IP address of the relevant Mac. Click OK and then Update. Now all http requests will be correctly directed to the specified Mac. You can repeat this procedure for any other ports you wish to map. A further advantage here, over Default Host, is that you can map different ports to different Macs, rather than having them all go to the same Mac.

Figure 4. AirPort Admin Utility's Port Mapping tab.

One related technical note: For all of this to work, you also need to know your network's WAN IP address. This is the one that you give to others, so that they can access your Web site (the local address listed in the Sharing pane will not work outside of your local network!). In most setups, this address is listed in the "IP address" text box of AirPort Admin Utility's Internet pane. If "Using DHCP" has been selected from the Configure pop-up menu, your WAN IP address may change over time, further complicating matters. You can avoid this change by getting a fixed WAN IP address (how best to do this is the subject for another article, but go to this web site for more information).

Bottom line. In most home setups, having a wireless AirPort network with broadband Internet access is a huge improvement over dial-up connections and wired networks. But you already knew that. What you also now know is that, with a relatively small investment of time and money, you can do much more with your network than simply surf the Web and get email. It's your network; you might as well get the most out of it!

