Wednesday, May 12, 2010

Guide To Home Networking 2

Setting Up Your New Network
Okay, so you've installed your networking infrastructure (if you're using wired or HomePlug networking). Now it's time to set everything up. I'll assume that you're starting from scratch. (If you're having problems with your network, check out "Set Up Your Home Network: Windows 7 Edition" for more tips.)

The steps are pretty straightforward, but keep in mind that these are general rules of thumb. Various models and brands of access points and routers may differ on specific configuration details. Note that when I refer to "routers" in this section, most of this advice also applies to access points in Wi-Fi-only networks.

Also, don't assume that experience with older routers means you'll just be able to jump in and configure new ones. Some recent routers have substantially automated the setup process, but it's useful knowing how to manually set up your router if there are exceptions to the rules you've followed before.

Configure the Router to Connect to One PC

Typically, you'll connect your router or access point to your PC via an ethernet cable. Routers usually have multiple ethernet ports, so connecting a PC is easy. An access point may require something called a crossover cable, which is a special ethernet cable with two of the pins reversed. Some access points come with a short crossover cable, but you may need to obtain one before proceeding.

Some routers require you to configure your PC to a specific IP address in order to perform setup. Recently released products may be bundled with a software CD that walks you through the configuration process. Note that different brands may have different default IP addresses for the router itself. For example, Linksys routers default to 192.168.1.1, while D-Link users have 192.168.0.1. You'll need to consult your router or access-point documentation for specifics.
Set Up Router and Wi-Fi Security

Every router comes with a default admin account that has a default password, which is usually listed in the documentation. It's startling how many users simply leave the admin password at the default, which allows random people to hijack your router. So the first thing you should do is change the admin password.

Securing your Wi-Fi network
The next step is to set up wireless security. A general rule of thumb is to configure for the highest level of security: WPA2, which uses AES encryption. However, some applications and older hardware may not work with WPA2, so you may need to opt for WPA with TKIP encryption for compatibility. Some much older devices may support only the original WEP security scheme, but that has been shown to be relatively insecure. I recommend upgrading to newer devices.

One important step here is to enter a password that acts as an encryption key. Though you want to remember the password easily, you don't want it to be so easy as to be hackable by an outsider. Pick a long, relatively arcane password. (WEP keys are more limited--but you're not using WEP, right?)

Connect the Router to Your ISP
If you have a recent-generation router, it may come with software that will autoconfigure the ISP settings, but you might want to do this manually anyway. Connecting to the Internet means entering key information about your ISP into the router.

* Connect your cable modem, DSL modem, or other gateway that your ISP supplied to the port labeled "WAN" or "Internet" on the router.
* Set the IP address of the router as indicated by your service provider, if you use a static IP. Otherwise, simply set the router to be assigned an IP address by your service provider automatically via DHCP. Note that this is different from the gateway address you'll set in any client hardware that connects to the router.

Routers isolate your internal network from the Internet by presenting a single IP address to the Internet. But your home network sees a different IP address as the router gateway, typically 192.168.0.1 or 192.168.1.1.

* If your ISP provides you with a modem that acts as a gateway device, as some do, you'll need the IP address for that device. The gateway adds another layer, which has yet another IP address. Your ISP should have configured that piece of hardware earlier.
* If you use alternate DNS providers, such as OpenDNS, you'll want to enter that information. (If you don't know what this is, then you can ignore this step.)

Connect Any Wired Devices to the Router
If you want to connect some PCs or other hardware via wired ethernet, now is the time to hook them up. Also, if you have an ethernet switch, attach that to one of the router's standard ports (not the port labeled "WAN").

I'm assuming that you left the router set to supply IP addresses to your internal network automatically, via DHCP. If you did, any client hardware should pick up an IP address from the router.

Connect Wi-Fi Hardware
The last step to getting your network running is to configure Wi-Fi hardware. When you fire up your hardware and tell it to connect via Wi-Fi, you'll need to enter the encryption key (Wi-Fi password) you set up in the router.

Some routers implement something called "Wi-Fi protected setup," which can automate the process of connecting wirelessly to the router. You may still need to enter the password, but you won't need to tell the device what type of security you're using, or other connectivity details. Again, check the documentation for each piece of hardware.
Configure for Software

You may need to configure your router for particular software needs. For example, you may be a heavy user of videoconferencing or VoIP (voice over IP). Or maybe you're a serious online gamer. In any of those cases, you may need to configure features such as port forwarding or virtual servers.

Virtual servers allow you to configure particular ports as public; the router redirects incoming requests to a specific system. This arrangement can be useful if you're running a Web server or an FTP site.

For gaming, VoIP, and other similar software, you'll want to use port forwarding. If you're not comfortable mucking around with your router settings, check out Simple Port Forwarding.

Ports are specific to individual IP addresses (for example, 192.168.0.100:xxxxx, in which the xxxxx is the port number). Each IP address can support 65,536 ports. For instance, 80 is the port that Web browsers use, and every router automatically recognizes this.

Depending on the application, you may need to configure a TCP (transmission control protocol) port or UDP (user datagram protocol) port--or both.

Forwarding ports is a painSome games and other applications may use only specific ports to connect to the game server or other systems. As a result, you might need to configure your router for particular port numbers. For example, the screenshot here shows a D-Link port forwarding management page, configured for the Xbox Live service (port 3074) and the Slingbox (port 5001).
Port Forwarding, uPnP, and DMZ

Current-generation routers and software are often more sophisticated, and you may not have to configure port forwarding. The general rule is to try to connect with the game first, without port forwarding, and then add it if you can't connect.

If the router has UPnP (Universal Plug and Play) capability, some apps will use it to configure port forwarding while the game is running, and then turn it off when the software shuts down. Some users disable UPnP for security reasons, however. If you do, you may need to configure the proper ports for your app.

You can find lists of ports and related applications on the Internet, if your game or application manuals don't give you that information.

One thing to avoid, if at all possible, is a firewall DMZ. A DMZ (literally taken from the military term "demilitarized zone") allows you to configure a particular computer to be set up outside the firewall. That PC, as a result, is completely exposed to the Internet. This can be useful for running game servers for older games that are difficult to set up using port forwarding, but you should avoid it if you can. A system in a DMZ is open to all manner of intrusions from the Internet.

A Brief Note on Firewalls
FirewallsModern hardware routers often ship with fairly sophisticated firewalls built into them. If yours does, you may not need to use a software firewall, such as the Windows firewall, or the firewalls incorporated into Internet security software. In my home, we typically turn off software firewalls. Is that safe? We've never had an intruder get into our home network.

Most routers have logging capability built in, and checking those logs is always illuminating. When we look at the log for our home router, a D-Link DIR-655, we see a few entries that read like the following:

Blocked incoming TCP connection request from IP address xxx.yyy.zzz.123 to [router IP address]

I've changed the IP address above, and I've chosen not to reveal my router IP address for obvious reasons. What this can represent is a serious intrusion attempt, or some software bot simply pinging the router to see if the network is exposed.

No firewall is completely foolproof, but we've had good success with hardware firewalls built into modern routers. While the default settings are often good enough, many have additional capabilities for the truly paranoid. So if you're worried about intruders sneaking into your network, ratchet up all the settings on your hardware firewall.
Troubleshooting

I can offer some general troubleshooting tips here, but hardware and software combinations can vary widely. Be prepared to contact your ISP, your router manufacturer, or tech support for each piece of client hardware as appropriate. (For more tips, check out "How to Fix Anything.")

Plug it inPhotograph: Kevin Candland Can't set up the router: Sometimes, you can't even connect to the router or access point for initial configuration. Make sure you've connected to the correct port; some older routers may allow you to perform initial setup only by connecting to a specific port. Similarly, older routers and most access points may require a crossover ethernet cable.

In addition, you may need to first set up your PC for a specific IP address, and then reboot to actually connect to the router.

The router doesn't see the ISP: This often happens if the router is set to automatically receive an IP address from the ISP, but you've asked for one or more static IP addresses (or if you've entered a static IP address incorrectly). Also, if your modem doubles as a gateway, you'll have to configure your router differently.

The client hardware can't connect: Make sure DHCP is enabled. If you're using a Wi-Fi connection, make sure that security and encryption are set up correctly. For example, many laptops ship with tools from the manufacturer to streamline the configuration process. I've seen some of these tools incorrectly detect the type of security being used, so you may have to go to Windows' own networking utilities to set that.

All Plugged In
A wiring panelNow for a look at one particular network: the one in my home. Our family's network is relatively complex in scope, but while we do some online gaming, we don't run a Web server or an FTP site from within the house.

As I mentioned, we have bundles of Cat 5e wiring at the baseboards in one home office, plus structured wiring to several key rooms in the house. All this is tied together into a central structured-wiring panel, which houses a pair of Netgear 16-port gigabit ethernet switches.

The room has a single Cat 5e wired drop, which connects to a compact Linksys eight-port gigabit ethernet switch. All of the wired devices connect via the switch.

Prior to putting a wired drop in the family room, we were using a D-Link DAP-1522 802.11 wireless bridge. The bridge connected to the router via Wi-Fi, and has four gigabit ethernet ports. Now that we have five wired devices, having a physical drop and an eight-port switch has been incredibly useful.

The Internet connection is through Comcast's Business ISP service, which connects via a cable connection to an SMC gateway. While the gateway also has a built-in router, that's limited to 10/100 fast ethernet, so the router is disabled.

A single cable runs from the gateway to the D-Link DIR-655, which has four gigabit ports. Another cable runs from one of the gigabit ports to one of the Netgear 16-port switches, and the two switches are bridged through a short cable.

The Case Network
Overall, the network itself has been pretty reliable. In addition to the Nintendo Wii, we have an iPhone and an iPad connecting via Wi-Fi, as well as a couple of laptop PCs. We've never had a problem with network throughput to any device in the house, even with multiple large downloads.

One of us is often taking part in videoconferencing while the other is downloading a large game through Valve Software's Steam gaming service at the same time; neither of us has experienced issues with connectivity, apart from the rare occasions (twice in the past nine months) that the Comcast connection has dropped for brief periods (the longest was about 2 hours).

.