Networking

 

A computer network is a setup where two or more computers communicate with each other. The connection between the computers is some kind of electrical connection, whether it be copper wire, fiber optic or radio waves. You might not have though about it before, but networks are everywhere. When you watch TV, you are getting data over a network. When you are talking on the telephone, you are using a network. When you are on the internet, you are using a network.

These networks are obviously very large and this book is not intended to go in depth into any of these types of networks. The type of network you are likely to be using is smaller and is usually terms a Local Area Network (LAN). A LAN is a network of computers which are located close to one another – usually in the same building or house. In contrast, the internet is considered a wide area network (WAN). A WAN is an interconnected network of smaller LANs. So, take everybody’s LAN and link them up and you have a WAN. That’s all the internet is.

A LAN is a single set of computers in a network. A WAN is many LANs connected together.

The Absolute Essentials

Any LAN has to have computers on it. Each computer must be equipped with a network interface card (or NIC). Sometimes, the NIC is a separate expansion card installed into the computer. Many modern PCs have the NIC integrated right in with the motherboard. The NIC acts as a gateway for the computer to “talk” with the network.

Plugged into each NIC is a network cable. The cables are what connect each of the computers together. The connections are not usually direct computer-to-computer.

Some LANs do not use wires but instead use wireless Ethernet. A wireless network uses radio waves to allow the computers to “talk” to each other. Wireless networks provide more freedom of movement because the computer does not need to sit where the network cabling is. It uses to be that Wifi networks were expensive, slow and unreliable. But, modern technologies as well as agreement on standards means wireless networks today are pretty reliable.

The most simplistic LAN would be a direct computer to computer connection. In this case, the network cable would simply directly connect two computers, with each end of the network cable being plugged into an NIC. However, this type of network is not all that useful because it only allows two computers and does not have any internet capability. In order to add more computers to the network, you will need to install a Switch on your network. A switch acts as a splitter for the Ethernet signal. Routers can also be used to share your single internet connection. The difference between a router and a switch is that a switch controls traffic within a network. A router acts as a bridge between one network and another network and controls incoming traffic to the network. Most routers today have built-in switches, so your router can connect your network internally as well as control traffic to and from your network to the outside (the internet in most cases). More on this will be discussed later in the book.

The last major component of the network is the software itself. Later in this book I will discuss the underlying technologies, however at this point just know that each computer on a network does not natively know how to communicate over a network. After all, the computer is just a lump of circuitry at it’s bare essential. So, software is required to make the computers “talk” to each other. This software does the equivalent of teaching a child to talk. Fortunately, in the case of your computer, the operating system usually takes care of all of this for you. All versions of Windows from Windows 98 onward have built-in networking capability. Mac OS/X and Linux also have such capability built-in.

Placing any computer on a network opens it up to potential attack. Most home networks are connected to the internet via a router and a cable/DSL modem. The internet is a very large network and you don’t know everybody on it. You need to make sure you guard your network against attack from the outside. This is where a firewall comes in. A firewall acts as a wall of protection between your own network and outside networks. Out-going connections are usually allowed through as if nothing is there (unless you specify otherwise) however incoming connections are subject to a set of rules on what to allow and what to block.

Why Use a Home Network?

The most common reason for forming a home network is to share an internet connection. With broadband internet access becoming almost as common as television, people are today commonly sharing that single pipeline to the internet with all of the computers in their home. This is very easy to do with a home network. You can also do a lot of other things with a home network.

  • Share your internet connection
  • Share files between computers without using CD-ROMs or USB drives
  • Share printers among all of your PCs
  • Share multimedia (music and video)
  • Play network games

The uses of a home network change every day. Today, some people use their home network for telephone communications. Some people use their home network for home monitoring or even remote control of the electrical systems in their home (turn lights on and off from your computer on a schedule).

Internet Connection Sharing

Sharing an internet connection is the most common request for users of a home network. There are several ways to share a single internet connection among multiple computers.

  • Ethernet switch
  • Proxy server
  • Router

By using an Ethernet switch, you are connecting each of your computers to each other via a switch. Your modem is plugged directly into the switch as if it is another computer. Each computer (and the modem) has it’s own IP address. The benefit of this setup is that each computer will have it’s own, publicly accessible IP address (an IP address is a numerical address representing a computer on a network). This is good if you want each computer on the network to be independently available via the internet, as in the case of a server, for instance. The downside of this setup is that most ISPs do not allow this type of setup. For this to work, your ISP would need to provide several different IP addresses to your account, each being static. This capability is usually something available only to more expensive business accounts.

A proxy server is a computer which acts as a go-between for other computers on the network and the internet. When using the Internet Connection Sharing (ICS) system in Windows XP, you are essentially setting your computer up as a proxy server. This turns your computer into a host. A proxy server must have two NICs installed or one NIC and a modem plugged directly into the computer via a second NIC. This allows one NIC to be used for the uplink to the internet and the second to be used to connect to the rest of the network. All network computers use the host computer as the gateway to the internet. Obviously, the host computer needs to be up and running for any internet access to be had. Proxy server setups are not as common as they used to be for home networks today due to the easy availability of routers.

Routers are the most common method of sharing an internet connection on a network. They are convenient because they combine switch, router and firewall setups all into one unit. The broadband modem is connected directly to the router and the individual computers are connected to their own ports on the router. Like a proxy server, the router communicates with the outside via a single IP address meaning that your ISP does not need to provide multiple IP address. Internally, the router’s switch functionality assigns each network computer an internal IP address, allowing communication between all the computers. In most cases, sharing an internet connection is as simple as plugging in the modem and the PC. Usually, little to no configuration is necessary for something as simple as sharing an internet connection.

Sharing Files and Printers

Before home networking was popular, you would commonly need to make use of CDs or even floppy diskettes to move files between your computers. We all recall what a pain that was, especially when the file you were moving was too big to fit on a floppy diskette. File sharing is incredibly easy today using a network.

I routinely make use of my network to keep me from having to even move files. For example, we use Quickbooks for our internal accounting. The data file for our accounting resides on my computer. However, when my assistant goes into Quickbooks to do some accounting, she opens the data file directly on my computer. We don’t even have to move it.

You can also easily set up a backup server over your network. I will discuss this a little later in the book, but you can actually take an old computer and set it up on your network and use it to backup all of your network files. You would use your network and it’s file sharing capability to perform these backups.

I will discuss how to set all this up later, however today’s operating systems make file sharing very easy. In Windows, when you share a file or folder, it will appear in My Network Places. You can even “map” a drive letter to the network resource, making it even easier to access. As you can tell, opening up file sharing on your network can open up a wide security hole unless you set up some security. Without security, sharing any file on your network effectively shares that file with the entire world. Your firewall is what keeps this from happening.

Sharing a printer is another very useful application for a network. You can buy a single, nice printer and then allow all computers on your network to easily print using the same printer. There are three ways to connect a printer to a network:

  • Using a Client PC
  • Using a network-enabled printer
  • Using a print server

When using a client PC, the printer is directly plugged into one of the PCs in the network. Then, by deciding to share that printer, the host PC opens up access to that printer to other computers in the network. This allows the computer to take print commands via the NIC. This method of printer sharing is very easy to set up and is free (no hardware required). The drawback is that the client computer needs to be on for the printer to be accessible.

A network-enabled printer is a printer which has an NIC built right into it. This allows the printer to connect to your network as if it were another computer. No other computer is required for it to work. I plugs directly into your network.

A print server is a separate network device which interfaces directly with your network (either wired or wireless) and then allows you to plug any printer into it. This method is quite flexible because you can take any printer and turn it into a network-enabled printer. Using wireless technology, you can place the printer anywhere in your home or office and print to it over the network. The printer doesn’t even need to be in the same room as a computer. As long as the network can reach it, you can print. There are some potential inconveniences associated with this setup, but it does allow flexibility of location.

Multimedia Sharing

Multimedia is really the new wave of home networking. The idea is that you can connect your TV, your stereo, your computers all into a single network. What kinds of things can you do with all this?

  • Watch TV on your PC
  • Use your PC as a digital video recorder
  • Stream internet audio to your home stereo
  • Play PC-based MP3 files on your home stereo
  • Watch TV using your home cable connection via remote access
  • View PC-based video files on your TV

Using a media hub, you can connect your home entertainment center to your home network. A media hub will allow you to perform capabilities like those listed above.

Many of us are familiar with the TiVo, the big black box people plug into their entertainment system that allows them to record and pause live TV. The TiVo is a digital video recorder (DVR). You can view the TV schedule on your TiVo and easily choose to record any show you want. You can get a “season pass” to any show whereby the unit will automatically record every instance of that show whenever it plays. You can, through the use of voting, “train” the system on what kind of programs you like and have it automatically record them. The current TiVo models also make use of the internet to allow viewing of some internet content, playing podcasts, etc. The unit can use a standard phone line to retrieve program schedules, but you can also connect it right to your network and use your internet connection to download schedules. Under the surface of the box, it is actually a Linux-based computer.

Another concept that is relatively new is the Media Center PC. A Media Center PC is a computer which runs a special version of Windows called Windows Media Center Edition. The computer is usually equipped with a large hard drive, lot of memory and a fast processor. The computer can play DVDs and work with digital cameras easily. Many times they have radio and TV tuners. The computer can b e used as a digital video recorder, digital music library, etc. The Media Center edition of Windows works just like any other version of Windows XP, however it can be controlled using a wireless remote control using a very simple on-screen interface which looks kind of like a TiVo.

Network Gaming

Computer games are a favorite pastime for kids as well as adults. They are fun to play sometimes by yourself (you play the computer), however playing over the network adds a level of interactivity to it. You can play your friends and many times have an internet chat while you play. Gaming has always placed high demands on the performance of computer hardware, and it is no different for network components. Since firewalls are designed to block incoming connections, they can easily stop online gaming. It is important that you have a firewall which is configurable, allowing you to allow certain applications through (namely, your games).

Networking Basics

Networking has a reputation for being a complicated topic. Many people can work on their PCs all day long but throw their hands up in frustration when it comes to networking. This subject brings technical types to the point of calling their neighborhood geek to the house with the order “just make it work”. Many times, this frustration is born out of simply misunderstanding the basics of networking. So, in this section, I will explain the basics of networking in simple terms.

The Connection

We know that networking allows computers to talk to one another. We know they are connected using cables in some cases or using radio waves in other cases. The rate of data flow in network cables is very fast. And it has been said that if you could see all the network traffic in the air around you, the air would be black. So, how do computers actually talk to each other? What allows a computer to know that a particular signal is meant for it and not another device?

The first thing to understand is the idea of the protocol. A protocol is a set of rules which are programmed into computers using software. These rules form the agreement by which two devices talk to one another. A protocol is similar to a language between two human beings. If you take a person from mainland China and a person from the United States and place them in a room, they will have an environment in which to communicate but most likely they will not know the other’s language. Therefore real communication cannot take place. However, if you could “program” into each person the rules of language, they would then be able to talk. A network protocol works very much the same way.

There are many different protocols out there for networks, just as human beings have many different languages. Some of the common protocols are:

  • Internet Protocol (IP). This is the underlying protocol behind the Internet itself. It provides a system of addresses known as IP addresses. It is often used in conjunction with TCP.
  • Transfer Control Protocol (TCP). Used most often with IP to form a common name of TCP/IP. TCP enables two devices to form a connection between themselves over an internet. The protocol contains features of error checking and retransmission in case of broken connections.
  • Hypertext Transfer Protocol (HTTP). An extension of the IP protocol, this is the protocol used for making internet connections to web servers for retrieving HTML data.
  • Post Office Protocol (POP3). Another extension of IP for the purpose of e-mail.
  • File Transfer Protocol (FTP). An extension of IP for the purpose of file transfer over an internet.
  • Simple Message Transfer Protocol (SMTP). A protocol used for sending email.

Each of these protocols (and others) works in conjunction over the internet to provide a traffic system on which data packets travel. A packet is a small block of information sent as a single unit over a network. Some simple computer-to-computer network connections used to transfer data as single, long streams of bytes. IT was basically a raw data feed between the computers. The problem was that this is not a dependable method to transfer data when you are talking about large amounts of data over longer distances. To get around that problem, protocols began breaking data into smaller chunks known as packets.

Each packet contains a “lump” of data along with addressing information such as where that packet is going. In fact, each data packet has three parts to it:

  • Header. Marks the beginning of the packet and identifying information about the payload.
  • Payload. The data itself which is being transferred.
  • Trailer. Marks the end of the packet.

Packets are streamed across networks, one after the other, at incredibly fast speeds. The headers and trailers on the packets allow the network components to tell the different between them. The protocol uses provides the rules for the computers to interpret the data packets and act accordingly on them at the receiving end.

IP Addresses

Every single device connected to the Internet has an IP address. An IP address is simply a unique numerical address assigned to a network device. Think of it like a street address for your computer. Each IP address is comprised of 4 numbers between 0 and 255, separated by periods. For example, 192.168.1.1 is a common IP address.

There are two kinds of IP address: public and private. A public IP address is an IP address which is viewable to the public. A private IP address is an IP address assigned to a network device within your network. For instance, a common home network setup will be several PCs connected to the internet via a router. The router provides a single public IP address for outside use. That IP address is YOUR IP address on the internet, and any device connected to the internet anywhere in the world could connect to your home network using that IP address. Inside your network, though, is a pool of private IP addresses that are used only inside your network. In most cases, the IP addresses assigned internally to your computers are the same as other home networks. IP addresses starting with 192.168, for instance, are very common inside home networks. However, that IP address would not be public otherwise half the internet would share the same IP address (which isn’t possible).

As said above, every device on the internet has a unique IP address. However, remembering IP addresses would be difficult indeed, so to make it easier IP addresses can be given a host name, also known as a domain name. For example, www.pcmech.com has a unique IP address, but chances are you did not access our site using our IP address. You typed www.pcmech.com into your browser. This translation is done by a domain name server (DNS). A DNS server stores a database of domain names and their associated IP addresses. Typing a domain name initiates a lookup on your ISPs DNS server, gets the IP address, and then connects you to that IP address.

Being that the amount of devices on the internet is so enormous, there is actually a coming shortage of unique IP addresses. The current IP system allows for 4 billion unique IP addresses worldwide, however with current internet growth rates it is estimated we will run out of IP addresses in the next decade. One solution to this is the proposed IP version 6 (IPv6) which will upgrades the worldwide IP system to 35 trillion possible addresses. This switch will occur, however in the short run ISPs have devised ways to get around the potential shortage. Two such technologies are Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).

DHCP is a method of allowing an ISP to distribute reusable IP addresses, basically temporarily providing an IP address to a device on an as-needed basis. Your ISP has a certain block of IP addresses delegated to it. When you connect to the internet, your ISP assigns you a public IP address on a temporary basis. That IP address remains your public IP address either until you disconnect from the internet or until the address is “renewed” by the ISP. When you drop an IP address, it opens it up for another user on your same ISP to connect and use that IP address. DHCP is convenient for allowing ISPs to get a large number of users online using a limited range of IP addresses. Also, because the protocol is automatic, the end user (you) doesn’t need to worry about manually configuring IP addresses into your computer. All you need to do is log on and start browsing the web. All the work of IP address assignment is done automatically.

Network Address Translation (NAT) is used by routers in order to converge traffic from several private IP addresses into a single public IP address. Through the use of NAT, your router can allow several computers on your network to all access the internet at the same time even though, from the outside, your network appears as one Computer.

When your router is online, it acts as a DHCP client for your ISP. The router will make a DHCP request from your ISP in order to get a public IP address. Internally, the same router will act as a DHCP server, assigning IP addresses automatically to the computers on your network. In Windows, you can override all of this and specifically assign IP addresses not only to your own machine but for the DNS server as well. However, in most cases, you can just have your router do the work for you and set Windows to “Obtain an IP address automatically”.

Client-Server and Peer-to-Peer Networks

These are the two main structures for a network. A client-server network means that one computer on the network acts as the server and then all the other computers act as clients (or terminals) for the server. All files are located on the server. Usually users log into the server with a username and password using a client computer. Sometimes the client are referred to as dumb terminals because, in some networks, the terminals have little hardware and no real capability on their own but act simply as terminals for the server. A peer-to-peer network connects all computers on the network together in a democratic fashion.

Client-Server Networking

The primary difference is one of control. For a client-server network, the person who administrates the server controls the entire network. On a peer-to-peer network, each computer is independently controlled.

Client-server networks are used very often in internet settings or in large, business networks. It is not commonly used in smaller home networks, however. The internet is based on the concept of a web server “serving” a web page to a web browser. In this case, the end user uses a web browser to control the server. Hence, this is a client-server setup.

In LAN setups, peer-to-peer is the normal way to go. Any computer on a peer-to-peer network can act as both client or server. In fact, this is what allows simple file sharing or printer sharing on a home network. If you share a file from your computer with your network, your PC acts as server for that file. Any other network computer which accesses the file acts as the client. However, any PC on the network is capable of playing either role depending on what you set up.

Bottom of Form

Planning Your Network

Putting together your network can be an interesting experience given all the different types of hardware out there. Print servers, routers, switches, bridges, cabling, NICs…it’s enough to make a lot of folks very confused. I’ve shopped for networking things several times. The folks who work the stores are not always that knowledgeable (although they like to act like they are). In this chapter, I’ll cover:

  • Designing a wired network
  • Designing a wireless network
  • The parts you will need

Wired Versus Wireless

Wireless networks are very easy to set up today, however that doesn’t mean that that is always the best way to go. Wireless networks are rarely as fast or as dependable as wired networks. On my network, my primary PC is connected directly to the router via a cable. The connection is very fast. However, using the network wirelessly from another PC or my laptop is nowhere near as fast and sometimes there are problems making the initial connection. Also wireless signals are subject to interruption by microwaves, 2.4 GHz wireless phones and some other common electrical devices. These devices can cause signal degradation or even total blackout from your LAN. Also, your home itself could degrade the network signal. Lots of walls, or even metal in the walls rather than 2x4s (like many newer homes use) can degrade the signal.

Wireless networks are convenient, but the reliability issue is one you definitely need to take into consideration.

Wired networks are cheaper in terms of hardware required. Wired network equipment is typically much cheaper than wireless networking equipment. However, the cabling is what you can blow a lot of money on. If your home or office comes with pre-wired Ethernet cables in the walls, then that saves you a lot of hassle. Otherwise, you’re going to need to purchase a lot of cabling (which can be expensive) and then run it into the walls, through the attic, and around your house. Depending on your location, you may need to pay attention to special requirements on the use of cabling in your walls, too.

Installation aside, wired networks are cheaper and more dependable. They are also more secure. A wireless network is, by nature, accessible via any device within range of the signal. A wired network is only accessible by those devices plugged into it using a cable.

Many wireless routers have the ability to run a wired Ethernet network as well. I generally recommend a router that can go both ways, leaving the option to you.

Ethernet

Ethernet is one of the oldest networking technologies for a LAN. It is therefore tried and true, cheap and fast. Most networking hardware comes ready for Ethernet use, as do most computers. The earliest type of LAN operated at a speed of 10 Mbps (that’s mega bits per second). At first, it worked over a variety of kinds of cabling, making it difficult to set up. However, as standards progressed, a single cabling standard known as 10Base-T arose. Today, all Ethernet networks operate on some variation of 10Base-T (most much faster than the original 10 Mbps).

The original 10Base-T network worked using an unshielded twisted-pair (UTP) cable with an 8-pin connector at each end. Unshielded refers to the lack of a protective shielding around the wires. Twisted Pair simply refers to the fact that the cable is comprised of two lengths of copper wire twisted together into a single cable.

In the 90’s, 100Base-T was released. It operated at 100 Mbps and made use of CAT5 cabling. CAT5 (short for Category 5 because this was the fifth version of UTP cabling) cables look like telephone cables, only a little bigger. There is a newer version of CAT5 called CAT5e, as well.

When 100Base-T came out, most people were still using 10Base-T. So as not to alienate all of them, 100Base-T was made backward compatible with 10Base-T. You’ll commonly see “10/100 Ethernet” on hardware and this refers to the fact that it can work on 100 Mbps or 10 Mbps speeds. Almost every network item sold today can work at 100 Mbps. Even 10 Mbps is much faster than a DSL or cable modem, so the speed difference only concerns internal network operations, not the speed at which you can connect to the internet.

Next in the lineup is Gigabit Ethernet, which (as you probably guessed) operates at 10X the speed of 100Base-T. Gigabit Ethernet uses CAT6 cabling rather than CAT5. Again, the speed is only a concern for internet network operations. Gigabit is really only useful if you are moving huge files around (such as in a business setting). For everybody else, 100Base-T is perfectly adequate. If your home network is going to perform large file transfers or multimedia streaming, you may want to consider Gigabit Ethernet for the home.

All devices on an Ethernet network connect together using a switch. The switch is the center of the network and acts as a hub for all devices on the network. All network traffic travels through the switch. Each device has its own cable connecting that device to a port on the switch. Switches come in small 5 port versions (suitable for most home networks) to much larger 20+ port versions (used in office buildings many times). Switches are also used to expand networks, being that they basically act as splitters. So, if you are using all 4 ports on your switch and you decide to add another PC, you can simply purchase another switch, plug it into the first switch and you just got yourself another set of ports you can use. Switches can be “stacked” without any signal degradation, meaning you can extend your network easily by nesting switches.

In order to iron out a potential point of confusion, let me clarify that there is a difference between a switch and a hub. A hub acts simply as a repeater. Any data sent to the hub is repeated to all other ports on the hub. This is not good because it can lead to a lot of unnecessary network traffic. For example, a call to computer A would also be “heard” by computers B, C and D is they are on the same hub. A switch, on the other hand, intelligently analyzes the packets of data it receives and then sends the packet only to that port to which it is intended. Today, hubs are essentially obsolete, but sometimes you will hear the two terms used interchangeably.

Routers have built-in switches, so it is easy to get the idea between a switch and a router mixed up. The difference between them is that a switch simply connects devices on a network whereas a router can also connect the network as a whole to the outside world (the internet or another network). You would not buy a switch to share an internet connection (unless you intend to use a proxy server) – you would buy a router. Likewise, you can use a router as a switch. In fact, you can even “stack” routers to expand your network just as you can with switches. You can usually disable the “router” portion of the router in the settings, making it act just as it if were a switch only.

Wireless Networks

I discussed above the drawbacks of wireless. Those drawbacks aside, wireless is extremely convenient. You do not need to tie down your PC to only where the wires can reach. As long as you are in range of your network, you can access it.

The first thing that can make you go cross-eyed with shopping for wireless products is all the different standards out there. The standards are managed by The Institute of Electrical and Electronic Engineers (IEEE). A group called the Wifi Alliance issued something called the WiFi Seal which means that the product has been approved for backward compatibility. This assures that wireless products from one manufacturer will work with products from another manufacturer. Even though the different wireless standards will work with one another, it is still easy to get confused by the names. Here’s the general breakdown:

Name

Max Speed

Range

Frequency

Performance

802.11b

11 Mbps

Good

2.4 GHz

Good

802.11g

54 Mbps

Good

2.4 GHz

Very Good

802.11a

54 Mbps

OK

5 GHz

Very Good

MIMO (802.11n)

108 Mbps

Very Good

2.4 GHz

Very Good

As I said, all of this stuff is compatible with each other, with one exception. 802.11a operates at a different frequency than the other standards and hence is not compatible with the others.

Each device on your network which is going to connect wirelessly is going to need a wireless network card. These cards come in various forms, including expansion cards for the PC (installs just like a regular card and you’ll see an antenna coming out the back of the computer), a PCM/CIA card for the laptop computers, or external USB adapters. Many notebook computers come with wireless adapters built right into the unit, although most desktop computers do not.

A wireless network can operate in ad hoc mode or infrastructure more. Ad hoc mode means two devices can connect directly with each other wirelessly. Infrastructure mode (as is the case with most LANs) means there is a central device (called an access point) which manages all the wireless traffic. An access point (AP) performs the same basic functions as a switch does for an Ethernet network.

Getting adequate range is the chief concern for any wireless network. Most access points will advertise a range (such as 300 feet), but you will find that these claims rarely hold up in practice. The thing to keep in mind is that it is best to place your access point somewhere centrally in your home. Additionally, just like switches, you can “stack” access points in order to extend your wireless range further than a single access point could reach.

Going to the store to pick out your equipment can be a little confusing. Usually, you’re looking at a bunch of boxes each promoted to be the best thing and it is hard to tell the difference. Well, I’m going to help you out as much as I can.

Network Adapter

Each computer that will be on your home network must have a network card, also known as a NIC (Network Interface Card). The network card must have an Ethernet interface. Ethernet looks similar to a phone jack, except that it is larger.

Any new computer bought today comes with a built-in Ethernet NIC. If any one of your computers does not contain a NIC, one can be purchased at your local computer store usually for fewer than twenty dollars. NIC’s are not expensive.

There are other types of NICs available for different applications. There are USB network adapters available. They will work on any computer which has a USB interface. They are convenient as well. I would recommend using this on a USB 2.0 interface (most modern computers use USB 2.0). The original USB 1.1 interface may limit your network traffic speed due to its bandwidth limitations.

For notebook computers, you have CardBus network adapters that will plug into the CardBus slot on the side of your machine. These are ideal for laptops that do not already have wireless networking built into it. Also, if your laptop does not already have wireless built in, chances are it is an older unit that may not have USB 2.0. USB 1.1 is too slow to take full advantage of Fast Ethernet, so CardBus is definitely the best option.

When it comes to wireless networks, you also have the same set of options. You can pick up a PCI card which will provide wireless capability for your desktop computer. When installed, your computer will have a small antenna coming out the back of it. This will put your desktop onto your wireless network, however sometimes you might get some interference issues due to the placement of the antenna (on the back). Since many of us keep our computers on the floor or stacked up against a wall, the placement of the antenna can degrade the signal and keep you from getting a strong connection to your network.

Another option for getting your desktop onto your wireless network is to use a USB wireless adapter. They come in two styles. One looks similar to a USB drive and the entire adapter is on one stick. This is good for notebook machines, although they can be a little fragile because one bump or pull could break the thing by placing too much strain on the USB connector. You can also get an adapter with a small antenna on it that will plug into your computer via a USB cable. There are nice because they are portable and because you have more flexibility on where the antenna goes. You can even Velcro it to the wall if you want.

The adapter choice is a matter of preference and obviously whether you are going wired or wireless.

Switches

I’ve already covered what switches do. Besides that, there is little to discuss. There are really no flavors of switches. They all are boxes with ports on the back. The main thing to consider is how many PCs will be on your network. Get a switch with enough ports to cover your network. Keep in mind, too, that you can stack switches – plugging one switch into another switch to extend your network. When you connect a switch to a switch, you would make use of the Uplink port on the switch.

Routers

More than likely, you will be purchasing a router rather than a switch. This is because most people are interested in connecting their network to the internet. This is the main function of a router: to connect one network to another network. In this case, your LAN to the Internet. However, as I said, all routers have built-in switch functionality. So, by buying a router you are also buying a switch. Additionally, all routers have a firewall built into it. Some routers also combine the functionality of a wireless access point. So, routers today are essentially all of these major networking components in one box.

In my opinion, your best bet is to buy an all-in-one router which combines all of the above functionality, including wireless access point. This gives you all the speed of a wired network (using the switch built in), but the flexibility of the wireless network if you so choose.

Wireless Access Points

If you buy an all-in-one wireless router, then your network router will work also as an access point for wireless devices. In this case, you’re good to go. However, you can also purchase stand-alone wireless access points in order to provide wireless access to an existing Ethernet network. A stand-alone access point will plug into your network router via a cable, then allow wireless devices to connect to your network. Most access points offer browser-based configuration just like routers.

Print Servers

If you wish to have a network printer (accessible via all computers on your network), you may want a print server. As stated before, a print server can allow your printer to plug directly into the network rather than being plugged into one of the computers on your network. When purchasing, you need to pay attention to wired versus wireless. Additionally, you will need to choose based on the connection method of your printer: parallel port or USB.

In general, wireless print servers are convenient but may not be fast enough for larger print jobs such as color graphics. If you mainly print text documents, wireless will probably be fine. For larger print jobs, you are better off using a wired Ethernet print server so that you have enough network speed to transmit the data to the printer quickly.

Cables

NIC’s requires cables to be inserted in order for them to connect to somewhere. These cables are called “Category Five”, better known as CAT-5 cables. They are much thicker than phone cords and have the larger Ethernet plug on each end.
With the NIC and CAT-5 cable in place, the other end of the cable for each computer need to connect to an Ethernet router.

Setting Up a Wired Ethernet LAN

OK, now it’s time to actually start doing some networking. Setting up an Ethernet network is usually very easy. The hard part usually comes in running the cables. If you are networking PCs that are in different rooms, then you have the joy associated with running wires through your attic, walls, etc. I’m not going to go into how to tear holes in your wall, but I will show you how to do the actual network setup. The good part is that most Ethernet networks are plug-and-play.

Cable Preparation

As stated, running the cable for your Ethernet LAN may involve routing cables into your walls and attic. And as promised, I don’t intend to show you how to work with drywall or run cabling. However, there are a few guidelines you can keep in mind when planning the network:

  • Think ahead of time of which rooms you are going to want network cabling in
  • Think about whether you can somehow run the cable between the computers or if you are going to want to install actual network jacks in your walls (like a phone outlet)
  • Choose a central location for your router/switch. Regardless of where the cabling goes in your home, all cables will need to route back to the router. So, your router needs to be situated in a place where all cables can easily get to it, minimizing the amount of cabling required as much as possible. Also bear in mind that the router will require an electrical outlet. In your case, you might want to spend the money on extra cabling so that you can hide the router in an inconspicuous location such as a closet, garage, basement, etc. By placing the router in some unseen area, you can also minimize the amount of cable clutter visible around your computers.

Most stores which sell networking supplies sell network cables in lengths up to 100 feet or so. If these lengths will work for you, this is really convenient because the connectors are already on the cable. If you intend, though, to run Ethernet cabling through the whole home, you might need to purchase Ethernet cabling in bulk. If you do, you will most likely need to attach the connectors yourself.

If you need to prepare your own network cabling, there are a few tools you will need:

  • Cable stapler. Useful for stapling network cabling to your wall baseboards. A standard staple gun does not use the right size staples and can damage the cable.
  • Cable Crimper. Used to attach the RJ-45 connector to the network cable. The RJ-45 connector looks just like the connector on a phone cord, although bigger.

Using a cable crimper is fairly easy, but you might want to get a little practice with it on some spare cable before trying to do the real thing. The general procedure is as follows:

  1. Cut the cabling to the length you will need.
  2. Use a cable stripper or a knife to shave about 1” of the outer insulation from the cable. Be careful not to damage the underlying cable.
  3. There will be several wires inside the cable, orange/white, orange, green/white, blue, blue/white, green, brown/white, and brown. Separate these wires from each other.
  4. Use a wire cutter to trim each wire so that it is about 5/8” from the end of the insulating sleeve on the cable.
  5. Place the connector over the wire and insert the wires into the connector. The order of the colored wires is exactly as listed in above, from left to right.
  6. Insert the connector into the crimping tool and squeeze the handle.

If you don’t want loose cabling, you can use wall jacks instead. This is good to having presentable connectors in each room of your home. The wall outlets will look just like phone jacks, only with bigger holes. When using a wall jack, you will not need a crimping tool unless you need to crimp connectors at the switch-end of the cable. Connecting a cable to the back of a wall-jack is easier.

  1. At the computer end of the Ethernet cable, cut off the connector if there is one already attached.
  2. Separate the wires inside the cable just as above.
  3. Connect each wire into the appropriate connector on the back of the wall plate. The connectors are usually numbered and color-coded. Simply separate the wires, plug each wire into the right hole, and then close the connection. You do not need to strip the insulation from the wire first because the connectors usually have small blades which will pierce the cable and make connection with the copper wire.
  4. Mount the wall jack.
  5. Use a shorter Ethernet cable to plug your computer into the wall jack.

If you want to place more than one computer into a single room, bear in mind that you do not need to run two cables to that room from the central router. All you would need to do is run one cable then put a switch into that room to provide extra ports.

Lastly, if running cables throughout your home or office, it would be a good idea to label each cable in some way so that you can tell which room that cable goes to. With long cabling going throughout the home, it will be quite a bit of trouble to trace down which cable goes to which room if they are not labeled.

Setting Up Your Switch

Routers and switches are essentially completely plug-and-play. So, in most cases, setting up your switch is as simple as plugging in the power cord and plugging in all your computers to it using CAT5 cabling.

When installing a router/switch, many times you can simply place the unit on a flat surface and be done with it. However, in some instances, you may want to mount the unit on a wall. Most of them come with some hardware for mounting on the wall. Often when plugging in a bunch of network cables, the weight of the cables will cause the router/switch to lean backwards or even fall off the surface it is sitting on. Wall mounting can get around this issue if it is a problem.

Most switches will have a port on the back called an “Uplink” port. This is for connecting other switches to it. If you wish to use a second switch on the network, you would plug that switch into the Uplink port on the first switch. Some switches have a dedicated Uplink port. Others will use the highest-numbered port as the Uplink port, along with a small switch to select whether that port is operating as an Uplink or a normal port for another computer.

The port labeled “WAN” or “Internet” is reserved for internet connectivity from your cable modem or DSL modem, where it’s CAT-5 cable goes directly from the modem to the “WAN” or “Internet” labeled port.

Setting Up Your Network Adapters

Above I discussed the different styles of network adapters. Assuming you have already installed the adapter, you now need to set up your computer to use it. Windows XP and some other operating systems will automatically detect the Ethernet device and automatically set it up. No additional drivers are required. If your operating system does not do this, however, you will need to use the floppy or CD-ROM that came with the device to install drivers to your computer.


When you are done, open up the Network Connections dialog in your Control Panel. You will see a list of all available methods for your computer to connect to a network. Active connections will be blue, inactive connections will be grayed out. If the connection is active but disconnected, you will see a red X over it. When the cables are plugged in properly to your Ethernet connection and the power is turned on, you should not see a red X on the “Local Area Connection”. If you do, you may have a wiring problem. To isolate whether it is a wiring issue, try another cable and see if the X goes away. If it does, then you know it is an issue with the original cable. Otherwise, look at your router. If the activity light is not blinking, you may have a software or driver issue.

Checking for a “live” connection

All NIC’s have a green or amber light that will indicate whether or not connectivity is present. If the light is on, connectivity exists. If it is off, connectivity does not exist.

On the router, when a computer has successfully connected, a light will appear next to the port it’s connected to. For example, the first computer is plugged into port 1. Port 1 on the router should be on to indicate a successful connection. Note: A computer’s NIC will not connect to a router unless it is physically turned on.

If for any reason the status light is off on the NIC, check to make sure the CAT-5 cable is connected properly.

If for any reason the status light is off on the hub or router, check the make sure the CAT-5 cable is connected properly, and that the router is turned on.


Setting Up Wireless LAN

I discussed previously the benefits and the downfalls of a wireless network. Now, let’s put one together.

Installing Wireless Adapters

In order to access a wireless network, each computer needs to have a wireless adapter installed. As discussed previously, there are different styles of them available. Each one comes with instructions for installation and this should be your main guide. However, I will try to provide some basic outline of how to go about it.

If you get a PCI card for your wireless adapter, you will need to install it in your computer. Installing it is done just like you would install any other expansion card in your PC, roughly:

  1. Look at the manual that came with the card and see if it tells you to install drivers before installing the actual card. If so, use the CD-ROM that came with it to install your drivers.
  2. Turn the PC off and unplug it.
  3. Remove the cover from the case of your computer using a screwdriver.
  4. Locate an empty PCI slot on your motherboard. PCI slots are white.
  5. Remove the guard plate from the hole on the back of the case which corresponds to the slot you have selected.
  6. Gently slide the card into the slot with the antenna facing the back of the PC. It may be necessary to unscrew the antenna from the card in order to install it.
  7. Secure the card using a screw.
  8. Put the cover back onto your case.
  9. Secure the antenna onto the back of the wireless card. Leave it so that the antenna is pointing upward.
  10. Unless you installed drivers in step 1, do so now.

As with any installation inside your computer, if you lose a screw into the unit while working, make sure to get it out before powering up again. A loose screw could short something out inside the computer and cause damage.

If you are using a CardBus or USB adapter, no physical installation is required. You simply plug the cards in. Couldn’t be easier. As with PCI cards, you may need to install your drivers before actually plugging the unit into your computer. If so, do that now using your CD-ROM that came with the adapter. When all is set up (reboot may be required), simply plug the adapter in and your computer should automatically detect it and be ready to go.

Configuring Your Wireless Adapter

Regardless of how your wireless adapter was installed (even if it was factory-installed), you may need to perform some configuration before it can be used to connect to your network.

Windows XP is very automatic when it comes to wireless. Usually, plugging in a wireless adapter will cause Windows to automatically install the drivers and then start searching for a wireless network to connect to. No user intervention is required. However, again, look at the manual to see if any additional software or configuration is necessary for your adapter. Using manufacturer drivers rather than Windows drivers usually entails a process like the following:

  1. Connect the adapter to your computer.
  2. Windows will detect the new hardware and give you a “Found New Hardware” window.
  3. The option “Install the software automatically” is usually pre-selected. Unless your manual says to override this, leave that as is and insert the CD-ROM that came with your adapter.
  4. Windows should locate the driver on the CD-ROM. If it finds more than one, you may be asked to select which driver to use. Select the correct driver and click Next.
  5. Windows will install the driver. You will see the final screen saying your hardware is installed.
  6. At this point, you should be done.

Installing the Access Point

Next it is time to set up your network so that the wireless adapter you just set up will have something to connect to. The outline for this process will be:

  1. Decide where to put your access point or wireless router.
  2. Set up the router, plug it in and turn it on.
  3. Configure the access point.
  4. Put some wireless security into place.

The first step is to determine where to put the router. As said previously, the actual range you will get from a wireless router is usually far less than advertised. Various items in your home will interfere with the signal and reduce the range. If you plan to use a wireless-enabled computer somewhere close to the router, then the location does not matter that much. However, if you want to be able to use the network anywhere in your home, you need to think about placement.

A good way to determine where to place your access point is to do a site survey. Basically, what you will be doing is using some wireless device to walk around the house or office and find strong areas of signal and weak areas of signal. The easiest device to use would be a notebook computer with a wireless adapter. If you don’t have one, you can use a network sniffer which will look for wireless signals, or you can even move the wireless router around the building and see when you signal drops off.

  1. Decide what the ideal location in the home is for your router.
  2. Set it up there, plug it in, and get it set to actually be wireless accessible.
  3. Go somewhere within sight of the router and check out your notebook computer (or whatever you are using) to see if you are getting a wireless signal. If you are, you will get a popup dialog in the lower right notifying you that it has found a wireless network. If you get nothing, then it is not getting a wireless signal.
  4. Double-click on that popup balloon. If it has disappeared, double-click on the network icon (two little computer screens that will cycles on and off). You will get the wireless connection dialog box.
  5. You should see the name of your network. Select it, check “Allow Me to Connect” and then click “Connect”.
  6. You should not be connected to the network. Click on the network icon again and get the “Wireless Network Connection & Status” window. This window will provide a readout on your signal strength.
  7. Now, walk around the house and observe the signal strength in various locations. Pay close attention to the Speed reading as well.
  8. If you have other computers on the network, check their signal strength and speed rating as well.
  9. If the signal is weak in key areas, try moving your router and trying again. If you are satisfied with the coverage, leave as is.

Some general notes on access point placement:

  • Many times mounting the access point high up on the wall will provide the best coverage.
  • If you don’t want to wall-mount it, at least place it as high as possible.
  • Try placing the access point in the middle of your home as close as possible.
  • Keep the antennas pointed straight up.
  • Try not to place the access point next to any major metal object, such as a filing cabinent.
  • Keep it as far away from microwaves or 2.4 GHz phones as these are interference sources for the wireless signal.
  • Keep it away from water beds or aquariums. Large water collections can impede the signal.
  • Try to keep it away from exterior walls.

If you are using a stand-alone access point, it will be necessary to plug that access point into a port on your Ethernet router. If your router has a wireless access point built-in, then you’re good to go.

When configuring your access point or router, you will usually do so via your web browser. You will type in an IP address in your web browser (provided in the manual) and you will access the configuration settings. The layout of configuration is different depending on which brand of hardware you are using. I will cover router settings in more detail later, however there are certain key settings you will need to configure for your wireless network:

  • Password. Set up a password to protect your network configuration. Too many people leave their access information default for the hardware. Anybody within range of your wireless network who knew the common IP addresses and logins would then be able to get into your configuration settings.
  • SSID. This is the name for your network. You can call it anything you want. I definitely recommend changing it. It is an on-going joke to make fun of all the “linksys” networks out there simply because “linksys” is the default SSID on LinkSys routers and many people forget to change it.
  • Channel. Select a channel for your network, between 1 and 11. Usually this will be pre-set to channel 6. Unless you experience interference (perhaps from a neighbor’s network), you can leave it as that. If you intend to install a second access point in your home, choose different channels for each.
  • Encryption. This is the security feature for the network. During initial setup, I recommend leaving this disabled. When first getting everything set up, you do not want to introduce another element to go wrong – security. So, leave this disabled until you see that your network is functioning properly. Then, do not forget to go back and enable security.

On the computer you want to connect to the network, you will need to enter the SSID you chose so that Windows can connect to the network. Usually, the computer will detect the network and provide the “One or more wireless networks are available” dialog. Simply choose the SSID from the list and connect.

Securing Your Wireless Network

If everything is working well on your wireless network, it is now time to secure it. The nature of wireless is that anybody within range can access the network. But, unless you’re feeling especially charitable, you probably don’t want people to be able to sit outside your house and use your network. If those people are knowledgeable and mischievous, they can use that access to do any number of bad things.

The two major types of security are Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA). WEP works by requiring a password which is used to decrypt encrypted data sent across the network. The password is a key which is used to successfully decrypt the signal. The encryption key needs to be entered identically on both the access point and any computer wishing to connect to the network. This is much better than nothing, but unfortunately, hackers have found a way to bust through WEP encryption. Obviously, most people walking around your home probably have no idea how to do that, however, it can be done. So, the WiFi Organization developed WPA.

WPA combines encryption with user authentication. Instead of simply sharing an encryption key like WEP, WPA requires a client computer to log in with a password, called a shared key. If the user passes this test, the access point will then send the user a unique encryption key that is valid for a finite amount of time. All data between the access point and the client computer is decrypted using this temporary key. When the key expires, the access point and the client computer set up between themselves a new key and the process is continued.

To set up wireless network security, you should access your configuration via a web browser. It is best to do this via a computer which is connected to your network via wires. Once you enable wireless security, any wireless connected PC will be disconnected from the network until you set up the access information on those computers. A computer connected using wires is not subject to this security.

In your router settings, locate the WPA settings. If you have options to select a mode, choose “Pre-Shared Key” or PSK. Set a key, which can be any combination of letter and numbers of your choice. In most cases, the renewal period is set to 900 seconds (15 minutes) and this is adequate as is.

Once this is set up on your router, you need to go to each computer and enter the WPA shared key. Whenever you try to connect to the LAN, you will be prompted to enter the shared key.

If you don’t wish to use WPA security, you can use WEP security. As said, it is not as secure as WPA, but it is far better than nothing at all. To configure this, access the WEP settings on your router. Select to Enable WEP security. If the router offers different encryption levels, choose the highest level. Next, you need to choose an encryption key. Most routers allow you to use either hexadecimal or ASCII keys. ASCII means regular letters and numbers, so unless you’re feeling especially dorky, I would use ASCII. Enter your key. You need to enter at least one key, although many routers offer the option to enter several keys. This allows you to easily switch between keys later on.

Last, go to your computers and enter the encryption key for your network. You will need to enter it twice and then click Connect. It will remember the key so you should not need to enter it again unless you change the key.

Network Configuration

In order to get your PC’s to talk, it is necessary to perform some simple configuration. Here are the items that will need to be visited:

  • IP Addresses. Each network adapter needs to have an IP address. Luckily, this functionality is usually taken care of automatically by your switch or router.
  • Installation of Microsoft Network Client software. This is the software that allows your computer to share files and printers.
  • Give your computers each unique names. Each computer will get a computer name and that will identify the computer on the network. Each computer on the network needs to have a unique name.
  • Assign workgroup. Windows organizes computers on a network into workgroups.
  • Blah blah blah

Luckily, all this is taken care of automatically when you run the Network Setup Wizard in Windows. To start the wizard, click the Start button / Accessories / Communications / Network Setup Wizard. You will get a welcome dialog. Click Next. Windows will then detect to make sure all your network hardware is installed. Click Next.

This screen is important. You will have options to choose your connection method to the internet. If you choose the first option (computer directly connected to the Internet), you will be setting your PC up as an Internet Connection Sharing (ICS) server. If your modem is connected directly to the computer and you wish to use that computer as a proxy server for the rest of your network, then choose this first option. The second option (computer connects through another PC or a gateway), you are telling Windows that it is not using ICS on that computer. If you are using ICS as a client (another of your computer’s is the proxy server) or you are using a router to which is attached the modem (most people do it this way), then choose this second option. The last (Other) option is only used in circumstances that are less than usual, such as when the computer is connected directly to the net without a firewall or if you have a LAN and no internet connection. Upon selection, hit Next.

On the next screen you will choose which network connection to use. The top option is usually selected to let Windows automatically make the choice for you. However, Windows does not always get it right. You can also choose “Let me choose the connection to my network” and then you can pick the connection yourself (such as “Local Area Network”).

On the next screen, you will select a description and name for the computer. The description field if optional and is just for your reference. The computer name is important, however, as that is how the computer will appear on the network. Try to choose something memorable and which makes sense for the computer you are using.

On the next screen you will choose a Workgroup. The workgroup is the grouping of computers on the network. Computers in the same workgroup can easily “see” each other and share files, printers, etc. It is important that you choose a Workgroup name that make sense and that you can easily enter onto every other computer which is going to be on your LAN.

The next screen will give you a chance to confirm your choices. Hitting Next will apply your changes.

Lastly, Windows will ask you about creating a Network Setup disk. This is a disk that contains all of the settings you just configured. By running that disk on other computers on the network, you will ensure that they all share the correct settings to actually work together on your LAN. It is not really necessary to create a diskette if all other computers are using Windows XP because you can just as easily go to each computer and just run the Network Setup Wizard and do the same thing. If, however, you intend to set up some computers on your LAN with older versions of Windows (namely 95, 98 or ME), you can create the disk and then go run the Network Setup Wizard (not normally a part of those older OSes) on those machines.

When the wizard is complete, you will almost always need to reboot the computer for your changes to take effect.

Now go and run the Network Setup Wizard on all other computers on your LAN. Make sure you select the exact same Workgroup name for all machines. Since a Workgroup is a P2P, a login is not required. A workgroup does not need a primary central server. Any computer that is active on the network with a specific Workgroup name is automatically joined to that group.


Above: Any computer on your home network with the same workgroup name
will be able to “talk” to each other

The default workgroup name that Windows® uses is called WORKGROUP or MSHOME. It is suggested you change it to something familiar to you and also change the name of the computer.

Changing These Settings

At any time after running the Network Setup Wizard, you can still go back and change the settings. The easiest way is simply to run the wizard again, making any changes you want along the way. In the interest if showing you your way around Windows a little bit, here is how you would do the same manually:


In the Control Panel, click Performance and Maintenance


Click System


From the tabs that appear, click Computer Name, then click the Change button.


Next to Computer Name, enter a name for the computer. Next to Workgroup, enter a name for your workgroup. Remember this name as you will have to use it again on any other computer that participates on your network. The workgroup name you select should be a single word that is small and easy to remember, such as HOME.

When finished, click OK, and then restart your computer when prompted.

Assigning IP Addresses

Most people use a router to share internet access and act as a switch for their LAN. In this case, your computer should already be set up to use automatic IP addressing. As I talked about before, all routers have a built-in DHCP server for managing a pool of IP addresses and each computer on the LAN will automatically be assigned an IP address. If, for some reason, you are not using a router, you won’t have a DHCP server. Windows XP, though, contains a feature called Advanced Private IP Addressing which will act as a DHCP server for you.

Automatic addressing is just that – automatic. The way it works is when you boot up your computer, the computer will look for a DHCP server. IF it finds one, it will request an IP address. If Windows cannot find a DHCP server, it will attempt to use the manually entered IP addresses (described below). If that doesn’t work, Windows will create an IP address for itself.

You can set up an alternative IP configuration for Windows. With this, you can hand-type some IP addresses into your configuration. If Windows cannot use a DHCP server, Windows will attempt to use the alternative configuration. To set this up:

  1. Open the Control Panel and go to Network Connections.
  2. Right-click the connection you want to change and select Properties. Usually the connection you are after is your “Local Area Connection”.
  3. Select the “Internet Protocol (TCP/IP)” item and click Properties. This will take you to the TCP/IP properties dialog.
  4. On the General tab, you will usually see that the computer is set to obtain an IP address automatically. In almost all cases, this is what you want. To specify an Alternative Configuration, choose the tab of the same name.
  5. Manually enter the IP addresses for the computer itself, the subnet mask (always 255.255.255.0), the gateway and the DNS servers. You might need to contact your network administrator to get this information (especially considering you will rarely need to use this feature on home networks).

This feature is useful on laptops which, at home, might use DHCP on your own network, but at the office might need to make use of a corporate network that does not use DHCP.

Troubleshooting and FAQ

Q: (Wired/Wireless) All my router’s lights are on and will not go off. When I try to connect to the router, no network connectivity is present. What should I do?

A: On all routers there is a “reset” option. It is a button physically on the router. If after a reset this does not work - power off the router, wait ten seconds and then turn it back on.

Q: (Wired) My router can’t seem to establish a connection to the internet or to my home network. All the lights are on but the data does not seem to be transferring. What can I do?

A: 99% of all network problems start with cables. Replace the CAT-5 cables connecting to your router and the computers on your network. If that does not fix the problem, try another computer on your network to confirm the NIC isn’t the problem. If you have confirmed the NIC isn’t at fault, the router may need replacement.

Note: Routers do not give any “warning” when they start to fail. Either they are working or they are not. If not, replace the unit.

Q: (Wireless) When connected to my wireless router, the connection sometimes drops. What can I do to fix this?

A: Distance is a factor. As a general rule of thumb, the most distance your wireless router can transmit is 100 meters (328 feet, slightly longer than the length of a football field). However, if there are other things that may cause interference, such as televisions, walls, washers, dryers and anything else that could block or impede the signal, this can cause signal degradation.

If you are in the same room as the wireless router and it drops connection, check for anything that would interfere with the signal (anything electric). If nothing appears to be interfering, your wireless card may be failing. Try connecting with another computer to confirm whether the wireless card is at fault or not. If you confirm the wireless card is not the problem, the router itself may be failing.

Note: Like wired routers, wireless routers do not give any “warning” when they start to fail. Either they are working or they are not. If not, replace the unit.

Q: (Wireless) My wireless router is more than 100 meters away from me (or I have very thick walls). Is there any way to boost the signal so my computer can connect to it?

A: Yes. You can purchase an additional piece of hardware called a Wireless Access Point (WAP). A WAP will “extend” the signal of your wireless router. It is essentially a “bounce” point where your computer connects to the WAP which then connects to the router which then connects to your home network and the internet.

Note: Most wireless routers can also function as WAP’s. Check your wireless router documentation to see if it can function as one. If so, purchase a second wireless router of the same make and model as your existing one, and configure as a WAP.

Placement of a WAP is done by trial and error. You will have to experiment to see what location suits best so it will be able to connect successfully to both the wireless router and the computer that needs the connection.

Q: (Wireless) Is there any way to boost the signal without using a WAP?

A: Yes. There are wireless antennas available for purchase which will boost the signal of your existing wireless router. They are inexpensive, but will not extend the range as good as a WAP.

Q: (Wireless) Can I use both a WAP and an antenna for signal boost?

A: Yes.

Q: (Wireless) I think someone may be “stealing” my wireless internet. What can I do about it?

A: See “Wireless Security” and “More Security Tips”. If after enabling WEP/WPA/WPA2 and disabling SSID you find that someone is still “borrowing” your internet without your permission, you do have a few options:

  1. Configure your router to only accept static IP addresses from incoming connections. Your router by default is set to dynamically assign network addresses for computers that connect to it. You can alternatively have it set to only accept specific IP addresses assigned per each computer. Each computer will need to be manually set to request a specific IP address.
  2. Configure your router to only accept specific MAC addresses. Note: This is not to be confused with the Apple® Macintosh computer. A MAC address is your NIC’s “signature”. Every NIC has one. You can configure your router to only accept specific NIC MAC addresses.
  3. Turn off the router at night. All unwanted intrusions will be stopped at the source because there will be no way to access the router if it is turned off.

Sharing Internet Access

I have discussed previously in this book how IP addressing and DHCP servers operate. If you are interested in some of the technologies behind this, back up and have a read. For now, let’s just get down to business and get you sharing an internet connection.

The first thing you might need to do is configure your router. The good thing here is that many routers will automatically configure themselves to work with most cable services. More times than not, when I have set up a simple network, all of my computers can simply get online as soon as I plug them into the router. However, if you are using DSL or if your cable modem provider requires username/password authentication, you will need to perform a little router configuration. Also, if your ISP is providing you with a static (fixed) IP addresses, you will need to configure your router to use this.

To access your router’s configuration, you simply type in the IP address for the router in a web browser. That IP address can be found in the manual for the router. Note that your network needs to be fully set up and functional for this to work. To make sure your Windows computer is properly connected to the router, perform the following steps:

  1. Go to the Control Panel and click on Network Connections. Right-click the connection (such as “Local Area Connection”) and click Status. Then click the Support tab. You should see a window which provides your computer’s IP addresses.
  2. If you do not see an IP information, click the Repair option. This will re-request an IP address from the DHCP server on the router. IF it is successful, you will receive a notice for it. If it fails, you will be notified as well. On failure, double-check all connections and that your router is powered on. Also note that if you are using wireless, the Repair action might fail if your wireless signal is too weak for the computer to make contact with the router.
  3. Now that you have a working IP configuration, write down the IP address for the Default Gateway. This is your router.
  4. Start your web browser. If you can already get online, you’re done. Otherwise, you’ll need to continue with configuration.

Router configuration varies from router to router, although many of the common themes apply. I will try to cover the basics in as general a way as possible. To configure the router, perform the following:

  1. Access the router using the manufacturer-set IP address. You can get this IP address from your manual, however it is also the Default Gateway address found in step 3 above. Enter the login information to access the router’s configuration.
  2. Usually the router will have some central setup screen or tab. Some routers use a wizard. In either case, go the appropriate section of the router settings.
  3. You will see options for host name and domain name. These are optional and in most cases you can just leave them blank.
  4. The LAN IP is usually pre-selected for you and can almost always be left as is. The only reason you would need to change it is if that IP conflicts with another device on your network. The subnet mask likewise will always be left at 255.255.255.0. That never needs to be changed unless you have over 253 computers on your network, and I rather doubt that is the case.
  5. The WAN Connection Type is important as this determines how the router will get it’s public IP address for accessing the internet. If you are using cable or DSL and your ISP does not require any username/password, then you can have your router obtain the IP address automatically (called Dynamic IP addressing). If your ISP requires authentication, then you will need to choose PPPoE from as the connection type. You will be promoted to enter a username and password which are both supplied by your ISP. The service name is not necessary and can be left blank unless your ISP specifically tells you to enter something. Settings for “Connect on Demand” and “Keep Alive” can be left as default. If your ISP is assigning a static IP address for you, you need to select Static IP as your connection type and then enter the IP addresses provided by your ISP.
  6. Click the Apply button. If your router requires restart, then select the Restart button and the router will restart itself.

Rarely, an ISP will require that you enter a specific computer host name to verify that you are one of their customers. A select few actually make use of MAC addresses, which is a unique numerical identifier for your computer. They will log the first MAC address which connects to the account and then expect all subsequent connections to come from the same MAC address. If this is the case, your router can “clone” your MAC address, basically giving the ISP the impression that your computer is making the connection when it is in fact your router.

Sharing Files and Folders

Sharing files and folders between computers is one of the most common applications for a network. You can share single files, folders, even whole drives (bad idea!) if you want to.

Sharing a folder is convenient because you simply have to tell Windows to share the folder rather than tell it to specifically share every file in that folder. Windows will automatically create a folder called “Shared Documents” which has been designated to be shared on your home network. To view this folder, launch the Windows® Explorer (Start / All Programs / Accessories / Windows Explorer) and then select My Computer. Your Shared Documents folder will be present. ANY FILE you place in this folder will be available on your home network to other participating computers.

You might not want to be limited to moving everything into “Shared Folders” in order to share it, however. So, you can tell Windows to share any folder you want on your hard drive. Before continuing, please note:

  • Do not share all of Drive C.
  • Do not share the Windows folder or any folder under it.
  • Do not share the entire My Documents folder.
  • Do not share the Program Files folder.
  • Do not share the Documents and Settings folder.

Sharing any of the above will present a large security risk that could compromise your system.

OK, lt’s say you have a folder called “Music” on your computer you wish to share. Do the following:

You would first launch the Windows® Explorer (Start / All Programs / Accessories / Windows Explorer), navigate to the “Music” folder and right-click the folder once, then left click Properties.


Locate the music folder you created on drive C from the Windows® Explorer, right click and select Properties

From the window that appears, click the Sharing tab.

Check the box to Share folder on the network.

The default share name will be the name of the folder. You can change this if desired.

If “Allow network users to change my files” is checked, any user on the network can modify, rename or delete any file in the shared folder. If it is not checked, network users will be able to view and download files only, but not change them.

Once finished, click Apply then OK. The folder will then be immediately shared on the network.


Example of the instructions above for sharing a folder on your home network

You can share any single file or an entire drive using the same basic procedure: right-click, go to Sharing, and enable it by checking the box and hitting OK.

Now that you have shared some files and folders on your network, you need to know how to access them from other computers on the network. There are a few ways to do this:

  • My Network Places. This folder, accessible via Explorer, contains icons that represent every shared folder it can find on your network. Opening any of these folders will show you the files contained in that folder.
  • Inside Applications. The “Open File” dialog in most applications will allow you to directly open files across your network. When you select the file, just navigate to “My Network Places”, navigate to the file you want, and open it as usual.
  • Mapped Network Drives. If you frequently use one of the shared resources on your network, you can reference it more conveniently if you assign an arbitrary drive letter to it. More on this below.

The files and folders available in “My Network Places” are, by default, automatically discovered by Windows. This means that when you share a new folder on your network, that folder should appear automatically in “My Network Places”. On small home networks, this is fine. However, on large networks, this feature could prove annoying as Windows will have long lags while it searches for all shared resources. Luckily, you can turn off the auto-discovery. To do so, open “My Computer” and select “Folder Options” from the “Tools” menu. Then click the View tab. The top option will read “Automatically search for network folders and printers”. Uncheck the option and save. In the future, you can still add a new resource by using the “Add Network Place” option on the left side of the “Network Places” window.

You can view all the computers currently connected to a network via the Windows® Explorer. Note: This is not to be confused with Internet Explorer, which is a web browser. To launch Windows® Explorer, click Start, All Programs, Accessories, Windows Explorer. In the left pane, click My Network Places, Entire Network, Microsoft Windows Network, Workgroup Name (this is the workgroup name you chose earlier). All computers in the network will be visible.

Note: It is normal for Windows® to pause momentarily while it examines the network to check for participating computers.

Drive mapping, as mentioned above, is a convenient tool for arbitrarily assigning a drive letter to any network resource. This is convenient for quick access, but it is also a way for making older, non network-aware, applications be able to use a shared file or folder. The process of assigning a drive letter to a shared resource is referred to as “mapping”.

To create a drive mapping, do the following:

  1. Right-click on My Computer or “My Network Places” and select “Map Network Drive” in the pop-up menu. You can also access this from the Tools menu in Windows Explorer.
  2. Select the letter you wish to assign to the shared resource. Windows will only allow you to select letters which are not already in use. Letters range from A to Z, however your hard drives and CD drives will all take up drive letters as well.
  3. For Folder, you can type in the name of the resource you wish to share. Alternatively, you can use the Browse button to go find the folder. The resource name will be in the form of \server\folder. “server” will be the name of the computer on which the folder actually resides, and “folder” will be the name of the folder.
  4. If you want Windows to automatically connect to this resource, select “Reconnect at Login”. This will make Windows re-form the same mapping every time you boot up, using the same drive letter

Sharing a Printer

Sharing a printer on your network is another very useful feature of a network. Allow all of your computers to use the same printer.

There are three ways to accomplish this:

  • Have the printer plugged directly into one of the computers on the network and simply use the operating system to share it.
  • Plug the printer directly into the network using a print server
  • Use a printer which is network-capable on it’s own and plug it directly into the network.

Setting up The Printer

The easiest and most common way to go about it is the first method, having the printer plugged directly into the computer. The only drawbacks to it are that the printer needs to be close to the computer it is attached to and that computer needs to be running for the printer to be accessible. To share a printer, though, follow these steps:

  1. Install the printer on the computer just as you would any printer: plug it in, install the drivers, etc.
  2. From the Start menu, choose “Printers and Faxes”. You’ll see an icon for each printer driver installed on your computer.
  3. Right-click on the printer you want to share and select “Sharing” from the pop-up menu.
  4. Click the “Share This Printer” checkbox and type a name for your printer. The name is up to you and is simply a name that will appear on your network for the printer.
  5. Click the General tab.
  6. Enter a location and a comment if you want.
  7. Click OK.

Your printer will now be on the network. To use the printer from another computer, you should be able to select this printer from any program’s print dialog window. It will be referenced by the server name followed by the name you assigned to the printer above.

If you intend to use a print server, the procedure is different. Also, the exact procedure you will follow varies widely depending on the model of print server you bought. Most of them come with a setup program on a CD-ROM. This will allow you to assign an IP address to the print server, after which you can access the server’s configuration via that IP address in your web browser (just like you do for a standard router). Most print servers are configured to work with DHCP, meaning they will automatically negotiate with the router to get an IP address. It is recommended, though, that you assign an IP address specifically to your print server so that it will not change. This way Windows will not have a hard time finding your printer.

If your print server is wireless, you will need to connect it to your router via Ethernet first so that you can set up the wireless capabilities. You will set up the IP address, the SSID for your wireless network, and any WEP/WPA security keys you have set up (see above where I discuss setting up a wireless network). Once these settings match up with your wireless network, the print server will be accessible on the network.

Bear in mind that some printers will not work well when attached to a print server. Some printer drivers are programmed such that they require a direct connection to the computer in order to operate. Also, any status monitors for the printer (such as ink levels) will usually not work when attached to a print server.

Setting up a network-ready printer is similar to using a print server. In fact, the print server is built into the printer. The setup on these printers is usually pretty easy and you perform the configuration via a web browser. Windows XP provides built-in support for network-ready printers so you don’t usually need to install any additional software (other than the driver, of course).

Most network-ready printers are designed for Ethernet. Rarely do printers have wireless built into them. However, you can still purchase a wireless “Bridge” which will bridge the Ethernet printer over to wireless, allowing you to access the printer wirelessly over the network.

Accessing the Printer

In order to use a networked printer across the network, it will be necessary to add that printer to the list of available printers on each computer. Here is how to do that:

  1. From the Start menu, go to “Printers and Faxes”.
  2. Click the “Add a Printer” icon.
  3. In the wizard, click Next.
  4. Select “A Network Printer, or a printer attached to another computer” and hit Next.
  5. Leave “Browse” selected and click Next.
  6. You will get a list of printers on the network, in the format \server\printer. Select the printer you wish to add and press Next.
  7. If the printer is connected directly to another machine, Windows will give you a warning about installing a driver and the risk of viruses, etc. Just click Yes.
  8. Windows will copy and install the printer driver from the serving computer. When it is done, you will see the printer on the list of printers for access.
  9. You will be given the option to use this new printer as your default printer on this computer. This choice is up to you. Make your selection and hit Next.

If you are using a print server or a network printer, the procedure is almost exactly the same. The only difference is that you will need to install the printer drivers yourself rather than have Windows do it automatically for you. Here is the procedure:

  1. From the Start menu, go to “Printers and Faxes”.
  2. Click the “Add a Printer” icon.
  3. In the wizard, click Next.
  4. Select “Local printer attached to this computer” and hit Next.
  5. Click “Create a New Port” and then select “Standard TCP/IP Port” from the dropdown menu.
  6. Click Next.
  7. Enter the IP address for the network printer or print server. The port name will be filled in automatically by Windows as you type in the IP address. Click Next.
  8. Leave “Standard” selected for the device type and click Next.
  9. Confirm the information and click Finish.
  10. Windows will take you back to the normal “Add Printer” wizard.
  11. Choose your printer from the list of printers. IF it isn’t on the list, you’ll need to install the printer drivers that came with your printer. When done, hit Next.
  12. Enter a name for the printer and decide if you want it to be the default printer.
  13. On the printer sharing screen, select “Do not share this printer”. I know its counter-intuitive, but this is already on your network so it is shared by nature.
  14. Select whether you want to print a test page. I recommend doing so.
  15. Windows will display the details. Click Finish.

Sharing Multimedia

Merging the computer with your home entertainment system on your home network is not only cool, it is one of the new things in the world of networking. Let’s look at how you can use some of those MP3 files and digital video and images that are sitting on your computer and stream them to your home entertainment system.

Media Adapters

A media adapter is used to act as a bridge between your home network and your entertainment system. Essentially, it plugs into your LAN but, on the back, provides traditional hookups for home entertainment equipment. Most of them come with remote controls as well. There are now many different units available from most networking equipment manufacturers.

When installing a media adapter, it is done not at your computer usually but at your entertainment center. You connect the audio and video cables to the unit and use a network cable to connect it to your LAN. If you are going to use wireless, you need to connect the antenna to the adapter. The antenna and all the cables are included with the unit when you buy it. Working with all the cables and integrating this into an already-complicated home entertainment center can prove to be a daunting experience, however this book is not really in a position to help you there. This is a networking book, not a book on how to hook up your stereo.

The adapter will usually come with a CD-ROM for installing some software to your computer. This will set your computer up as a server for the media adapter as well as provide a utility for selecting what to share on the network.

Like any network device, you will need to tell the adapter how to communicate with your network. This is the same as any other network device (previously described), entering the IP address, subnet mask, SSID, WEP key, etc. You will need to configure it using the remote control that came with the adapter. This is a home entertainment system piece of equipment and as such uses a remote control rather than a keyboard. This makes it harder to type because you need to use the remote control to scroll through an on-screen keyboard in order to type. If you are not using a wireless connection, it is much easier. Since your router likely has a DHCP server built-in, your adapter will simply automatically get an IP address and you’re good to go.

Once set up, you will be able to play MP3 files from your PC, but play them on your home stereo over the network. Any MP3 or image file you choose to share will be accessible.

TiVo

TiVo is a cool little device. I have one myself. It is essentially a digital video recorder, or DVR. You never have to worry about missing a TV show. You can record any show you wish with the click of a button. You can also pause live TV for up to 30 minutes. In all ways, the TiVo blows the traditional VCR away.

Even through a TiVo is a simple looking box with a very easy interface, under the surface it is an actual computer with a CPU and a fast hard drive. Being that it is a computer, it can be networked just like any other computer.

In order to work with your program schedule, the TiVo needs to be able to regularly get updates from the TiVo service. If you do not have a home network, you can always plug the device into a phone jack and it will periodically dial in to the TiVo service for updates using it’s built in dial-up modem. However, if you do have a LAN, you can have the TiVo connect to your LAN and connect to the internet using your broadband connection. Using your LAN rather than the phone line gives several advantages:

  • You can use the TiVo to view photos and listen to MP3s that are stored on your computer.
  • If you have more than one TiVo device, you can view programs on either one that are recorded on the other.
  • You can transfer recordings from the TiVo to your computer (using free software available from TiVo).
  • Watch your TiVo recordings on your PC.
  • Access to TiVo Central Online, which allows you to schedule recordings via your TiVo account on the TiVo website. The next time your TiVo connects to get updates, it will see the items you added to the to-do list and will then act upon that.

Connecting your TiVo to the LAN is really easy because the interface on a TiVo is incredibly user-friendly. The device does not have an Ethernet port but it does have USB. So, you would use a USB Ethernet or wireless device to get the TiVo on the network. In my case, I use a wireless adapter that plugs into the USB interface on the TiVo. You will need to consult the TiVo website to make sure the adapter you use is compatible with the TiVo. To configure the settings on the TiVo, you will need to navigate to the “Phone & Network Setup” screen. Consult your TiVo manual for where to find that, but I bet you can find it very easily.

Once the TiVo is on the network, you can install TiVo’s Desktop software (free on their site) to share media between your computer and the TiVo. The software sets your computer up as a media server for the TiVo as well as provides a desktop application for sharing media. Once you have shared music and images with the TiVo on the network, you can access those files on the TiVo by going to “Music & Photos” in the TiVo Central menu.

To watch recorded TiVo content on your PC, you need to use the TiVoToGo program that comes with the TiVo desktop program. The program will show you a list of those programs recorded on the TiVo. To download one, check it off and hit the “Start Transfer” button. Once you are done downloading it, you can watch it on your computer using any media player. Note that video files are very large, so it will take some time to transfer any video to your computer. If you are connected via wireless especially, don’t expect the transfer to be super fast.

Media Center PCs

A Media Center PC is a new concept in personal computing. The idea behind it is that the computer will serve as the center of your entire home entertainment system. A Media Center PC is typically pretty fast, with a large hard drive, a DVD drive, maybe a TV Tuner, a network connection, etc. It also has the ability to be controlled via a wireless remote control and it also has standard connections for audio and video input. The big thing, too, is that the standard Media Center PC is a Microsoft-created concept centered around Windows Media Center Edition. This is a special brand of Windows XP which has some of these special multimedia capabilities built in. Other than that, Windows Media Center is simply standard Windows XP. My computer has Media Center installed and I never use any of the home entertainment aspects of it.

When using Media Center Edition (MCE) in media center mode (rather than computer mode), you will operate the computer via a full-screen menu system. The menu system is actually just another Windows application and can be minimize and maximized as you want. The menu system is very user friendly and is operated by remote control. The system is very TiVo-like in how it works.

As mentioned, the idea behind the Media Center PC is that it will be a central part of your home entertainment system. As you probably surmised, that would usually mean that the PC has to be situated right next to the home entertainment system. A Media Center Extender is a piece of equipment that allows you to have the PC somewhere else in the house and still use it’s Media Center abilities on your home entertainment system. It essentially uses your LAN to connect the PC to the entertainment system.

Router's Basic Settings

A router is any device that acts as a gateway between 2 or more separate networks. In our case, that means that the local network is connected to the Internet, and vice versa. The router ignores traffic local traffic or traffic it is not configured to handle, but when Internet access is attempted from within the local network, it springs into action. With NAT (Network Address Translation), the router shares the Internet connection to all the computers connected to the local network. The router keeps track of the originating local computer and manages the connection with the outside Internet server. If a computer on the Internet attempts a connection with the router or to a local computer past the router, the router denies the connection unless the router was specially configured to allow that connection.

Many routers can treat the wireless LAN (WLAN) as a separate network from the wired LAN. This is often done because wireless networks are easy to break into. The idea is that people can keep their wired computers away from the untrusted wireless network. The router will still share the Internet connection (WAN) to both the wireless and wired LANs, regardless of this configuration.

WAN Settings

WAN stands for Wide Area Network. With a wireless router, it is used for the Internet connection. All of the WAN settings are the settings for the Internet-facing side of the router.

Router MAC Address (Clone MAC address)

A MAC address is a hardware identifier that is roughly unique. Many companies, especially cable ISPs, must store the MAC address of the router or Internet-facing computer, and they are configured to only allow that MAC address to connect to their network. If that is the case, your two options are to notify your ISP of the new MAC address or set the router's MAC address to the MAC address of the previously Internet-facing router/computer.

Routers will show the router's current MAC address and offer a form to change the MAC address. Enter the MAC address if needed.

DHCP client

All routers have a DHCP client (also called "Dynamic IP address"). DHCP is the protocol that automatically configures an IP address, netmask, gateway, and DNS addresses. The DHCP client gets the router's IP address and other network info. Usually, this is just a radio button to select if this is how your ISP offers connection info. Most cable ISPs use this method.

Static IP

If your ISP provides a static IP, then fill in the IP information they provided you with when you signed up. This includes the IP address, netmask, gateway, and DNS addresses. Most T1/T3-type connections and business DSL services provide static IPs and use this method.

PPPoE

PPPoE stands for Point-to-Point Protocol over Ethernet. PPP is the technology used for dialup Internet access. PPPoE works similarly except it works over a network connection. Most DSL ISPs now use PPPoE. You'll need to enter your PPPoE username and password. Some ISPs also require a service name to be entered. Usually, you do not need to enter the IP/DNS addresses. However, if you have a static IP through PPPoE, then you will need to enter your IP and DNS addresses your ISP provides.

PPTP

Not every router supports PPTP connections, but many do. PPTP stands for Point-to-Point Tunneling Protocol. PPTP is used to join 2 networks using the Internet as an intermediary network. It allows your home computers to connect to your work network over the Internet. It is also commonly used by xDSL ISPs in Europe. The key is to enter the PPPTP userID, password, and PPTP Gateway IP address. The IP addresses, subnet mask, and default gateway may or may not be required.

DNS

Some routers break the DNS addresses into their own setup. Just enter the IPs for the DNS servers your ISP provides. There are also many DNS servers that can be used from any connection. You can search for those DNS servers with Google.

LAN Settings

The LAN settings are for your Local Area Network. This is the settings section for the local computers connected to the router. This includes setting up the local IP for your router and configuring the DHCP server so your computers can be automatically configured via DHCP, rather than requiring manual static configuration.

Set router IP

This IP is the IP your local computers see the router as. Generally, you'll want to use an IP inside one of the reserved IP address ranges. Router IPs typically end in .1 or .254. The most common home router IP is 192.168.2.1.

DHCP server

A DHCP server provides automatic configuration to computers that are connected to it. It assigns an IP address to the computer, and gives it the network netmask, gateway IP, and DNS IPs. If you choose to disable the DHCP server, you can configure your computers manually to use the router. That is generally more complicated, so I generally recommend enabling the DHCP server.

The starting and ending IP addresses determine what the range of IP addresses will be assigned to the local computers. It is a good idea to give a larger range than the computers you have. Doing that means you won't have to worry about running out of IP addresses.

The lease time determines how long a specific computer will be assigned a specific IP. This can be as short as a few minutes or as long as months. If you want to make sure that your computers keep the same IPs for a long time, then set a long lease time.

Wireless (WLAN)

This section lets you configure the wireless part of the router. This usually includes the SSID, channel, and encryption settings.

Channel and SSID

The SSID sets the name for your wireless router. Pick a fairly unique SSID. When you're traveling, you'll see many "linksys" "default" "smc" and other router names where the owners didn't change the SSID. This draws people who believe the network may be easily accessible. SO CHANGE IT.

Even though you'll see several options for channels (1-11 in US/Canada and 1-13 in Europe/Australia). The channels overlap so most people only end up using the 3 non-overlapping channels: 1, 6, and 11. Overlapping channels might work, but it's generally best to stick to the non-overlapping channels.

Encryption

With encryption disabled, everything is transferred wirelessly in plaintext. This means that anyone that is within range of your access point can view all traffic to and from the access point. This includes email and forum logins and passwords. HTTPS/SSL traffic (online stores, credit cards, and banks) is pretty well encrypted and pretty tough to break, but everything else is wide open.

The advantages of having encryption disabled are 1) It's usually a little faster than with encryption enabled and 2) It's easier to configure because you don't have to worry about typing the key perfectly into every client computer. Nearly all public wireless access points are unencrypted for this reason.

It is generally best to enable encryption. However, it is not perfect solution because current wireless encryption is weak. It is estimated that encryption can be broken on the order of a few days to a month or so. So if someone really wants into your access point, they'll probably be able to get it without too much effort.

Current encryption has two levels: WEP and WPA. WEP is the original form of encryption, and WPA makes WEP more difficult to crack and also adds user authentication. You can also use WPA in a standalone form.

WEP

WEP Encryption is the standard for wireless encryption. The two most common levels of encryption are 64-bit and 128-bit. 192-bit and 256-bit are also out there, but many routers and wireless cards don't support them, so they aren't commonly used. However, if both your router and wireless cards support stronger encryption, such as 256-bit WEP, then by all means use it.

The key is important to be as random as possible. Many routers have programs in their control panel to assist with creating a random key. Others require you to type in the key. The key is longer if the encryption is stronger. Once you've created the key, it's best to write it down so you always have it available. It might be a good idea to tape the key to the bottom of the wireless router, unless someone who you don't want to have wireless access might have physical access to the router.

You'll need to enter this key into each wireless computer's setup so that computer can connect to the router.

WPA

WPA's two main advantages are that it uses the Temporal Key Integrity Protocol (TKIP) and 802.1x user authentication. This means that in order to connect to your wireless network, a user will have to enter their user ID and password, and it's more secure because the keys are temporary. That makes it more challenging for an attacker to break. To have 802.1x authentication, you do need to have a RADIUS server installed on your network. Setting up a RADIUS server is well beyond the scope because you'll need a computer dedicated to authentication for your wireless network.

802.1x authentication

If you do have a RADIUS server on your wired network, you'll need to configure the router to use it. The re-authentication period sets the amount of time until you require a user to log in again. The shorter this time is, the more secure it is but also the more annoying it is. I'd recommend leaving the setting at at least an hour or two.

The rest of the config is simply to set up the IP, port, and key for the RADIUS server. The key is a text string that must be the same on both the RADIUS server and the router. The NAS ID defines the request identifier for the Network Access Server (NAS).

Firewall and Filtering

These features let you control what you let connect to your wireless network and what can pass through from the Internet to the local networks. By default, anyone and anything can connect to your wireless network, and there is no traffic from the Internet allowed to pass through to any computer on the local network.

Common Features

Firewall features can vary from router to router. Most routers have these basic features:

  1. Restrict access to WLAN (or sometimes both WLAN and wired LAN) by MAC address
  2. Internet IP/Domain blocking so certain Internet websites are blocked to local computers
  3. Port Forwarding so Internet clients can access a machine on the local network
  4. Port Filtering so certain Internet ports/services are blocked to local computers
  5. De-Militarized Zone (DMZ) makes it appear that a local computer is directly connected to the WAN connection so it has full 2-way Internet access.

Some routers also have intrusion detection and notification so that the router will send you an email if it believes someone attempted to bypass the firewall. Another possible feature is DoS (Denial of Service) detection and dropping connections to try to keep your Internet access up. Some malicious hackers will initiate a DoS attack to try to knock your network off the Internet. This feature helps combat that.

Restrict access by MAC address

Each network card or device has a MAC address that is roughly unique. Because of that, you can restrict connection to your network card to a specific MAC address. The downside to this is that it can be tedious to implement, and the MAC address for any network device can be changed. MAC addresses are generally transmitted in plaintext so someone sniffing your network can simply find your MAC address and then change their network card's MAC address to the same value.

Using this feature requires you to enter the MAC address for every computer on your wireless network. Some routers also have the capability to restrict wired network connection by MAC address. The method to get the MAC address varies by OS and device. Generally, single-use devices (such as a network hard drive) will print their MAC address on a sticker on the bottom or back of the device. In Windows XP, you can get the MAC address by pressing the Start button and then going to Run. In Run, type in "cmd" and press ENTER. That will pop up the command line. Now type "ipconfig /all" and press ENTER. That will print out information for each network card in your computer. The "Physical Address" is the MAC address.

Port Filtering and IP/Domain blocking

Most routers have some means of blocking a specific ports or services from being accessed by LAN clients. This is done by setting up access rules. The amount of control varies from router to router. Some routers let you enter the exact ports while others only let you select from certain pre-configured ports. Some routers let you specify a specific client PC for the rule to act on while others allow you to specify an Internet IP address or IP range for the rule to act on.

Usually, there is a separate section for IP/domain blocking but sometimes it is integrated into the port filtering rules. Just enter the domain or IP that you want to block access to. You can also usually block websites based on keywords in the URL. This will block any URL that keyword is found in.

Most routers also offer some sort of scheduling control for the rules. For instance, if you want to have certain limited access rules all the time except after 9pm (when the kids have been put to bed) to 2am, you can do that. If you want to only allow wide open web surfing during lunch hour and the rest of the time have limited surfing ability, you can often set that up as well.

Port Forwarding (aka Virtual Servers and Special Applications)

Port Forwarding allows Internet computers to connect to an open port on a local computer. For instance, if you wanted to offer an FTP server from a local computer to the Internet, then you'd configure a port (could be 21, 9250, or whatever) on the router to forward to port 21 on the local computer where the FTP server is running. This allows Internet traffic through to the local network so some caution should be taken when implementing this as it could open your local network up to someone on the outside.

Some applications, such as some Internet games, videoconferencing, IP telephony, require multiple connections. Sometimes, that application will not be allowed to work through the router. A few routers have a feature where you can configure the server to open multiple public ports when a certain port is triggered by the application. This gets pretty advanced and requires knowledge of what ports an application needs to use and what port to specify as a "trigger port." If you are having problems with an Internet application, the vendor may bring this up as a solution for solving the problem.

Generally, if your router doesn't have this multiple connections feature (sometimes called Special Applications), you may have to put that computer into the router's DMZ so it will allow the application to work.

De-Militarized Zone (DMZ)

The De-Militarized Zone means that the router offers no protection for a specific local computer. The computer appears to the Internet as though it is directly connected to the Internet so all incoming traffic goes directly to that computer. It is not protected at all by the router. It is also possible someone could compromise that computer and gain access inside the local network. Using the DMZ is generally considered as a last resort to get an application working.

Just enter the IP of the local computer that you want to be in the DMZ and enable DMZ.

Virtual Private Networks (VPN)

Some routers have special means of handling Virtual Private Networks (VPN). Other routers may require putting the client computer for the VPN in the DMZ, which has reduced security. VPN features vary widely from router to router, and many routers do not have any VPN-specific features at all.

VPN Passthrough

A VPN passthrough detects PPTP and IPSec protocols and passes those through the router automatically. All you have to do is enable PPTP and/or IPSec in the VPN Passthrough section. The is the easiest means of handling VPNs because it requires minimal configuration effort, but it's not quite as secure as a VPN tunnel.

VPN Tunnel

The VPN router creates a tunnel between two endpoints (your home network and your work network) so that the data and information between those points is secure.

You will need to configure both a local group and remote group of IPs (computers) that are allowed to access the VPN tunnel. Enter the IP address for the Remote Security Gateway, which is the VPN device (second VPN router, server, or computer with VPN IPSec software) on the remote end of the VPN tunnel.

VPN Tunnels allow encryption, and DES and 3DES are generally the two choices. 3DES is more secure, so it is generally recommended. The remote end of the tunnel needs to be configured to use the same type of encryption. The key exchange is either handled automatically through IKE or manually by typing in the encryption key into the form on the router.

VPN Tunnels can also be configured with authentication if you want an extra level of security.

Using Your Router to Secure Your Network

Having a secure home network is your best defense against unwanted intrusions from the internet. Two methods (with multiple options) can be used to secure your home network. The first is hardware and the second is software.

Note before continuing: All the hardware and software in the world you use to protect your home network will not protect you against ignorance. You need to use common sense when using the internet. If there’s an e-mail you think looks suspicious, don’t open it. If there is a web site you think is suspicious, don’t browse that web site, and so on.

Your router, in addition to being able to connect the computers on your network, is also a firewall. A firewall is logical “barrier” that is designed to prevent unauthorized and/or unwanted entry to your home network. By design, a router will not allow unauthorized computers from the internet (i.e. “from the outside”) to browse your network and the computers connected to it unless you specifically program it to do so.

Notes for parents with children who participate in online gaming: Many games for purchase allow for online play, however, several of these require that you open specific network ports in order for the game to be used properly over the internet. Use caution when doing this. Do not let your child go into your router’s settings and “open everything up”. This will cause an extreme security risk. Always make sure to modify any router settings concerning network ports YOURSELF. If your child complains, STAND YOUR GROUND. It is not worth it to allow your network security to be compromised just so your child can play a game – the risk is too great.

Configuring your Router for Optimum Security

The router was usually considered the optional piece to the home LAN. This marvel of technology not only facilitates an efficient way to split one connection to the ISP to multiple computers without the need for software solutions, but also provides for a number of key functions, most notably providing hardware firewall security. With the rise in popularity of wireless networks, routers have evolved to include a wireless AP (Access Point).

Do I need a router?

If you answer yes to any of the following questions, it is highly recommended that you use a router:

  • Do you have a wired or wireless LAN with one or more computers connecting to a WAN or the Internet?
  • Do you have a non dial-up connection to the internet?

If you have a single computer dialing into an ISP to connect to the internet, you likely do not require a router for a firewall; however it is highly recommended that you use a software solution as your firewall. Windows XP provides a software firewall that can be used efficiently. With the release of Service Pack 2, the firewall has undergone a number of improvements that make it a good choice. Some antivirus offerings (like Norton and PC-Cillin) have evolved into internet security suites providing adequate firewalls. If you want a dedicated software firewall, ZoneAlarm, Kerio Personal Firewall or Sygate Personal firewall provide adequate protection.

Does a router provide perfect security?

Using a computer behind a router is definitely a step up in securing a network or a computer, but it does not provide perfect security. Let's face it, there is no perfect security; as with the ying-yang of our species' creative and destructive tendencies, perfect network security is a myth that no good system administrator will believe in. There are various levels of security, and a router's firewall is one that will provide adequate security at a reasonable price. The firewall forms a restrictive barrier for incoming traffic; unfortunately there are many kinds of threats out there that cannot be completely blocked out by a firewall. It is highly recommend that you complement the router with a good, updated real-time scanning antivirus program. A router's firewall also has a limitation on monitoring and restricting only incoming connections; if your computer has already been infected with a rogue code (virus, Trojan or spyware), and is sending out information that you'd rather keep to yourself, the router will do nothing to stop this flow. A software firewall, however will likely point out when a specific program tries to send out information.

14 Step Network Security Checklist

This simple checklist of tasks should get you started on using your router to its best ability, enhancing your LAN security. These are generic features that should be on most routers out there; consult your router's user manual if you have doubts about where to find these settings. If you are still in the market looking to buy a router, a good idea is to go through the online manual to see if these settings are available on the router in your budget. Some of these security settings are to be used in conjunction with others; some provide an additional layer of security to what another setting already provides.

1. Administrative password

Establish an administrative password, there are far too many users out there running their routers on the factory default password. Make sure you choose a strong password, remember if your router password gets compromised, your entire LAN could be compromised. On the plus side, even if you forget your admin password, resetting the router will default your password to factory settings (and will remove all your other configurations). If you are administering a LAN that is frequented by people whom you do not entirely trust (or it is your job not to trust them); make sure that you set your browser not to save your username and password to the router's configuration page. In addition, it is good practice to clear the history and cache of the browser you use to configure the router - using this in conjunction with a router IP address that isn't the factory default 192.168.0.1 (see 3. Router IP address) will add an additional layer of security.

2. Firmware version

Your router's abilities are determined by software embedded, your router may have shipped with an older version of this software. Always check with the manufacturer's support website for that product for the latest versions of the firmware. Newer firmware versions are usually released to fix bugs, refine features or provide entirely new capabilities to your router. I'd recommend using this step as one of your first for your new router; updating your router firmware may erase all your configuration, so update before proceeding with the rest of the steps.

An important note: Firmware flashing for your router is a rather straightforward step; consult your router's manual before attempting it. If you are using a wireless network, do not attempt to make changes to your router's firmware over a wireless link. Any random set of variables might cause your wireless link to break, and you may have a router with an unusable partially loaded firmware (almost like trying to drive your car midway through an oil change).

I'd also recommend keeping two versions of your router's firmware on one of your local computer's hard drive - the new one that you uploaded and the one your router came with. In case of unforeseen bugs and you aren't able to get back to the internet, you still have the firmware with you. Additionally, some routers have a crash recovery mechanism that allows you access to the router in cases where you are unable to connect to the router and the reset button does not work. Go through your manufacturer's knowledge base to see if there is a crash recovery method for your router.

3. Router IP address

Most routers out there have a default IP address of 192.168.0.1, some of them even allow you to change the router's IP address to one of your choice. While, it's real easy to determine what the router's IP address is from within the LAN (hint: check the gateway address or DHCP server), it will help your router from being bothered by curious LAN users with lower than average network skills.

4. The router DHCP Server

One of the great features of routers is the ability to assign an address to computers on your LAN as they show up on the internet. This is especially wonderful when you consider a number of network devices popping up on your LAN and your router automatically welcoming them in with an IP address. It can also be a source for an exploit because your router has got its welcome mat out for anyone it thinks is a member of your LAN. A good security measure is to disable your DHCP server and assign IP addresses statically. Let's face it, most routers are used in home LANs where you just need one hand to count the number of NICs connecting. So why run a DHCP server when you know exactly how many machines you have. Disable the DHCP server if you can provide static IP addresses to the machines on your network.

If for some reason you must run a DHCP server, limit the number of machines that can be connected to it to one that is realistic of your network size. For example if you have just 5 regular NICs connecting to the router, then allow your router to assign IP addresses from 192.168.0.100 to 192.168.0.107. This ensures that 2 additional machines can get addresses from your router without having to go through the router configuration to accommodate your guests. Some routers now sport static DHCP in addition to the Dynamic DHCP; allowing the router to assign or reserve the same IP addresses to a specific NIC. This is a useful tool especially when you are familiar with the machines that will be connecting to it.

5. Access to Virtual Servers or Port Forwarding: DISABLE

Virtual servers are those that reside in the LAN but need to allow interaction with users from the internet. For example, if you are running your own web server from the LAN; you must open up a virtual server or port forwarding allowing traffic from the internet to a specific computer on your LAN. Most home users do not use that feature, and it is best to actively disable such servers or port forwarding.

6. Exclusive Applications: DISABLE

Some routers ship with configurations allowing specific applications access to and from the internet for their own needs. They may involve allowing access to a certain range of ports or specific protocols. If you aren't going to be using these applications it is highly recommended that you disable access rights for these programs; if you are using one of these, allow access to the specific software only.

When software is not able to establish a connection through a router to the internet, most people consider it to be an annoyance or a failing of the router. I believe that this is actually a confirmation that your router is providing adequate security, because it doesn't allow just any program to have free access to and from the internet. Most software developers that code programs with specific port or protocol requirements will enumerate exactly what they need to function correctly. I would also caution against using programs that do not spell out their network needs and recommend searching for other solutions that perform the same tasks - not only is this disclosure necessary to configure your security settings, but it is also information that you need to know, after all it is your computer and your network; you need to know what program is trying to access what feature.

Some routers prefer to bunch together games that require online access under a different setting, if you aren't an online gamer then these must be closed down till you actually require it.

7. MAC filters: ENABLE ACCESS TO KNOWN MACs

Every network device ships with a physical address hardcoded into it, called the Media Access Control or 'physical address' (MAC) address. This usually follows a format like 00-3A-BF-EF-B1-4E. While a network device may get a variety of IP addresses from different networks, its MAC address does not change. (Of course given the ying-yang of security and insecurity, I should have rightly said that the MAC address does not usually change. MAC addresses can be spoofed, but it requires a higher level of expertise than most average hackers care to possess.)

Tip: If you are using Windows XP or 2000, you can get the MAC address of your network card by typing: ipconfig/all in a command prompt window.

Enable MAC filters to deny all computers from access to your router except those that you recognize as coming from your LAN. Since the popularity of MAC filters, I've noticed a number of people on wireless connections disabling WEP or WPA security believing that MAC filters will do just as well. I would like to stress that this is ENTIRELY untrue; a MAC filter was never designed to replace WPA or WEP and must never be thought to be one and the same. Consider owning an oil refinery (hey if we're going to dream big…) with pipelines running to various locations. As anyone who's read the news in apprehension of their SUV's fuel gauge hovering over the 'E', it isn't enough just to protect the refinery; the pipelines must be secured from breaches. Well a MAC filter is designed along the same lines, it protects your router (refinery) from intrusions; however your wireless data is hovering all over its vicinity, you need to ENCRYPT the data from being read from somewhere along the way.

8. Remote Management: DISABLE

Your router may have settings to allow you to access these settings and administer changes from a computer outside your LAN. If you aren't going to perform these activities outside your LAN - disable it.

9. Discard Ping from WAN side: ENABLE

A ping is a utility that sends a packet of information to a specific IP address and waits for a reply. The ping (packet internet groper) sends an ICMP echo request to test reachability of a particular computer and looks for a response. Under ideal security situations, your computer or your network should appear non-existent to others outside your network. It is best to set your router not to respond to these ping requests.

10. UPnP: DISABLE

Universal Plug and Play is a feature especially used in newer versions of Windows to allow your operating system to recognize and manage stand alone devices like routers. However, real world tests have shown that UPnP can be a vulnerability that is best closed. Ideally your router should be allowed to handle decisions on what to allow and what to deny, and your OS to send data out without trying to dictate needs to the router. Unless you have very specific program requirements UPnP must be disabled by your router as well as your OS.

11. Wireless AP

Most routers now come with the ability to function as a wireless access point. If you do not have any computers that connect without wires, then it stands to reason that you should DISABLE the wireless AP.

The proliferation of Wireless networks has revolutionized our thinking of where we can sit with our PCs. However, I should point out that in the interests of security - NOTHING beats wired networks. The rule of thumb should be that, wherever possible you should be using a wired network, and a wireless network should be employed only under circumstances that make physical wiring or maintenance a severe limitation. A cable running around your room might upset the feng shui, but a wireless network opens bigger security holes; and you must make an informed decision about whether you need to be wireless. Granted mobile computing devices have become all the rage today, I recommend using wireless only when you need to be beyond the range of your network cable, and if you are performing activities on the net that shouldn't be subject to prying eyes (like internet banking etc). Given that wireless security protocols, authentication and encryption are a work in progress, we do have a relatively secure working model out there, but it is by no means perfect. The following list of security settings concentrate on using good security practices for wireless networks

12. SSID Broadcast: DISABLE

SSID (Service Set Identification) is a wireless broadcast network name, akin to a porch light. It allows your (and others) to home in on your specific address and start receiving data. SSID broadcast has some demonstrated vulnerabilities, and it is an increasingly secure option to disable it.

Tip: for best results configure your router to broadcast the SSID, configure your wireless computers to authenticate themselves to the network for the first time; then disable SSID broadcast.

13. SSID Name: change from default

Most routers ship with a default SSID name, usually the highly imaginative 'default'. Change away from it, and use something that is unique. It prevents other users on other networks from erroneously trying to connect to your network (even if they are unsuccessful you still shouldn't have to be bothered with the incessant knocking on your router).

14. Authentication: WPA or WEP

WEP (Wired Equivalent Privacy) was the first step to establishing secure Wireless LANs (WLAN) by allowing an administrator to create a master key string and share it between the nodes that will access the WLAN. Without any sort of encryption, anyone can potential see the packets and look at the contents of the packets being exchanged across the wireless network. WEP in typical routers of today come in 2 flavors - 64bit and 128bit encryption (the greater bits represent greater encryption). However this method of encryption was later deemed rather insecure; and unauthorized decrypting proved to be quite simplistic.

WEP has now given way to WPA (Wi-Fi Protected Access) as a more robust standard for encryption, and as an improvement over WEP. WPA uses a Temporal Key Integrity Protocol (TKIP); TKIP takes a master key string as a starting point and then derives its encryption keys mathematically from the key; further changes these encryption keys regularly so that the same encryption keys are reused. While WPA typically requires a central authentication server to identify a user, for our intents and purposes WPA has a PSK (Pre-Shared Key) implementation that allows you to set a password on your router; and then share it with the users. TKIP then takes over and generates encryption keys.

Set up your router to use WPA-PSK and a strong pass phrase to go with it. If you find that your router does not have WPA as an option, look for a firmware upgrade (you might need to check for newer driver versions and WPA supplicants for your wireless NIC to get WPA-PSK to work on non Windows XP computers - windows XP ships with a WPA-PSK supplicant. It should be noted here that Windows XP Service Pack 2 has shown remarkable advances in the use of wireless networks that users will benefit from - especially in the stability of connections using WPA). If you really cannot use WPA, then WEP at 128bit encryption is a passable solution for that occasional wireless node; however at no time should you be running a wireless network that is insecure.

Software Firewalls

In addition to hardware based firewalls (like routers) there are also software based firewalls. These typically come in the form of an anti-virus software package with a firewall built in.

Software based firewalls, while good, are susceptible to some issues. They may:

  • Inadvertently block access to web sites, such as for online banking.
  • Cause file and printer sharing on your home network to be blocked accidentally.
  • Slow down Windows® whenever trying to use the internet.

The best thing to do when using a software based firewall is to read the documentation that comes provided with it carefully. This will ensure that the software does its job effectively.

Very important notes on software based firewalls:

  • If you do use a software based firewall, be sure that it has the ability to update itself via an online subscription
  • Software based firewalls are not meant to be your only firewall solution. You should also have hardware in place to protect you as well.

The Software

There are several choices in software firewall out there, ranging from free to paid versions. Obviously, any company which offers a free version will attempt to upsell you to their paid version. The paid version has more robust features, but the free versions will still provide adequate protection.

All of them share some common key features and take the same basic steps to set them up. Windows XP users are a bit different because Windows XP offers a built-in firewall. This is always an option for users, but Microsoft's firewall is pretty barebone and it is generally recommended that you just turn this off and install a third party package. To enable the Windows XP firewall, go to right-click on My Network Places in the start menu and choose Properties. Right-click on the connection you wish to protect ("Local Area Connection" for example) and choose Properties. Go to the Advanced tab. Then, enable the check-box next to the option to protect the computer. Pressing OK will then turn on the built-in firewall. To set up a third party firewall, follow the instructions from that vendor. Ensure that the software is enabled to start when Windows starts. Most will place a small icon in your taskbar to notify you that it is running. Most firewalls also have an option to automatically check for updates. I generally recommend to enable this option so that you can keep your software current for the newest types of attacks.

Firewalls have multiple levels of protection, and they are set separately for the network and the programs which run on your machine. These levels of protection range from High/Medium/Low/Off. When it comes to the "internet zone", I would recommend using the High setting. This provides maximum protection by blocking all internet access to Windows services and printers, blocking all unused ports, and enforcing strict control over the software. As you reduce the level of protection, your computer opens up to the internet. For example, the medium level will still protect your PC but will leave unused ports open for use from the internet. In some instances (such as servers), this may be desired in which case you would need to configure your firewall with more detail and using a more professional level firewall. The typical PC user though is not using their PC as a server and there is no need to have the PC listening to certain ports. To therefore leave them open to the internet just opens up a potential inbound road for hackers.

There is similar protection levels available for securing the software on your PC. Not only do these firewalls protect from inbound traffic, they also manage the outbound traffic. So, you can set the security level and control the level of internet access to your PC's applications. Usually, setting this option to Medium is a good option. The software will then ask you each time a new piece of software asks for internet access. When you first install your firewall, it might take a little time to "train" the software on which applications are allowed to access the internet. Once you tell it that it's OK, it will remember and not ask you again.

Some firewalls have what is called a "Trusted Zone" or a local zone which corresponds to your own local network. You generally want to have a lower level of security on this zone than on the internet so that you can communicate with other machines on your network and allow those machines to talk back to you. A medium setting will generally allow this.

Most firewalls have some additional features such as email scanning, cookie control or popup blocking. If you wish to use these settings, simply follow the instructions of your vendor.

Technical Description of Ethernet

Category 5 UTP, token ring, twisted pair, hub, switch, gigabit..........What do all these items have in common? In case you didn't figure it out right away, all the above listed items are related to Ethernet in some way or another. During the mid to late 1990's as prices of commodity PC Hardware began to decline, households began to acquire more than one PC, and networking them together became increasingly popular. It wasn't long thereafter that the Internet really gained steam, resulting in explosive growth of companies that produced networking and home networking products. Most people that own a home network don't give Ethernet or network cabling too much thought these days. It's just a cable that plugs into the network interface card on one end and into a modem/switch on the other, and then things work. While it is true that DIY (Do-It-Yourself) home networking has simplified immensely over the years, there is still a lot that must go on behind the scenes for a network to work properly. So, how does Ethernet really work on the technical level and how has it evolved since its invention almost 30 years ago? Is there really Ether involved? What's the difference between a hub and a switch and how these work together with Ethernet? The purpose of this article serves to answer some of these questions by providing a historical background of Ethernet, an in-depth discussion of how the protocol works, advancements in Ethernet technology, and finally a short discussion of common Ethernet network building blocks, namely hubs and switches.

It should be noted that this is not meant to be a definitive guide to Ethernet. It is mainly my intent to provide a more in depth look of how Ethernet works and how the technology has evolved since its inception. Naturally, given the extensiveness of the subject, I can't cover every little thing in detail, but I will hit on many of the main points and ideas in the discussion that follows. Should you need/want more information after reading this article, I ask that you please consult the sources I'm listing at the end of the article.

With that bit of a disclaimer out of the way, let's get started looking at the history of Ethernet.

Part I: Beginnings of Ethernet

The original Ethernet topology was invented in the 1970's by Bob Metcalfe and David Boggs and was called 10base5 or "thick" Ethernet (thick because it used thick coaxial cabling). What does the notation 10base5 mean? Well, the 10 represents the maximum bandwidth (in this case 10Mbit/s), base just means that baseband signaling is used, and 5 tells the maximum permissible distance (in this case it is 500m). A 10base5 Ethernet setup essentially works as follows: A "tap" or connection is made to the core of the "Ether" (which is really coaxial cable). This tap actually contained in the transceiver that is fastened around the cable. A transceiver is really nothing more than a device that can both receive and transmit electrical signals. Certainly, a device such as this would be critical to have two-way network communication.


A 10base5 Transceiver

Moving along further now, a cable runs from the transceiver to an appropriate interface, which is part of the PC's controller expansion card. The transceiver/controller cable itself can have up to five twisted copper pairs. Two of these pairs are used for data transfer, two more for control signals, and the last pair may or may not be used to power the transceiver. Besides being able to send and receive signals, the transceiver is also capable of detecting collisions; however, I will examine this concept more later in this article. Suffice it to say at this point that this primitive setup by Metcalfe and Boggs was the first successful Ethernet network. As the matter of fact, their original 10base5 setup ran at a blazing 2.94Mbps with 256 hosts connected over a 1 mile interval. Quite impressive given the time period.

After 10base5 technology had emerged, a couple other Ethernet technologies were invented as well, and deserve to be mentioned here. One of these, 10base2 or "thin" Ethernet (due to the fact that is used thin coaxial cable as opposed to 10base5's thick cabling), has a few key differences. Most notably is the fact that now simple Bayonet Neill-Concelman (BNC) connections were used to connect to the ether (coaxial cable) as opposed to tapping into the cabling as was done by a transceiver. The transceiver portion itself was now part of the PC's controller expansion card. As you might have picked up on already, the range of 10base2 Ethernet is significantly shorter than 10base5, coming at just under 200m (185m actually to be exact).


A 10base2 Cable


Closeup of "T" connector w/terminator

While 10base5 and 10base2 Ethernet are similar in that they both allow nodes connected to them to share a common transmission medium, the emergence of 10baseT Ethernet (T meaning twisted pair) brought with it a new device called a hub where data cables would come together (the details of hubs will be discussed later in this article). The advantage of such a setup was that if a cable broke, only the machine with the broken cable would be affected instead of having the whole network go down with a shared medium topology like 10base5 or 10base2. It should also be noted that 10baseT used twisted pair copper cabling from the PC's controller card to a device called a hub (to be discussed in detail later on), eliminating the need for bulky coaxial cable and BNC connectors. The figure below shows a common 10baseT hub:


A 10baseT Hub

Part II: Technical Details of Ethernet

While in the previous section I established a brief overview of the early history of Ethernet technologies, the purpose of this section is to dig a little deeper and explore what really makes Ethernet work. In particular, I'll expand on Ethernet encoding scheme called Manchester Encoding, the structure of Ethernet frames, and finally the Carrier Sensing Multiple Access/Collision Detection protocol, or CSMA/CD for short.

Manchester Encoding

A logical question someone might have at first when considering the technical details of Ethernet could be, how does Ethernet turn the data that comes from the host PC into 0's and 1's that the receiving PC can then decode? It's actually similar to how transistors work on a central processing unit (CPU). Ethernet works by varying the voltage when passing electrical signals. While a transistors either have none or low voltage (off or 0) or a high voltage (on or 1), Ethernet in the same way transmits an electrical signal of varying voltage levels (high or low) to represent 1's and 0's. Naturally, a few problems may arise during the transmission process. For instance, what happens if the sender and the receiver become out of sync with each other? In other words, how does one guarantee that the bit string 0101000 passed by sender is not interpreted as 0000101 by the receiver? The early developers of Ethernet realized this possibility of ambiguity and consequently Manchester encoding was developed. A diagram with of the Manchester encoding scheme together with the corresponding binary encoding scheme is shown below:


Diagram representing Straight Binary (top) and Manchester Encoding (bottom)

As the reader can see, there are some obvious differences between straight binary encoding and the improved Manchester encoding. To explain these differences, let the time between adjacent 1's and 0's be a called a bit period (the amount of time needed to transfer one bit). In Manchester encoding, a 0 is marked by a transition from low to high in the middle of the bit period, while a 1 has a transition from low to high in the middle (see the diagram above to verify this). Notice that with binary encoding no such transition occurs in the middle of the bit periods. This simple, yet effective, Manchester encoding scheme with its characteristic transitioning in the middle of bit periods allows for synchronization between the sender and the receiver. However, let it be said that Manchester encoding is not perfect; it has some distinct disadvantages as well that the keen reader may already have picked up upon: Since the pulse changes every half a bit period (i.e. from low to high or high to low), Manchester encoding requires twice as much bandwidth than normal binary encoding. To put this into perspective, for a transfer speed of 10Mbit/s the signal would have to change 20 million times per second or equivalently, 20Mhz. Early Ethernet technologies, namely 10base5 and 10base2, readily embraced Manchester encoding to keep things synchronized, while more recent Ethernet technologies such as 100baseT and 1000baseT (which will be discussed later on), have adopted different schemes to assure synchronization.

In sum, even if you are confused with the technical details, the one important thing to remember about Manchester encoding is that it allows for the sender and receiver of the data to stay synchronized with one another, removing any confusion that may arise in interpreting strings of 1's and 0's.

Ethernet Frames

Moving down the street of abstraction a little ways now, let's consider what kind of traffic is actually sent through an Ethernet network. Certainly there is the data from the program on the host PC that is destined to another program on the receiver PC, but there has to be some mechanism ensure that the data actually gets to the proper or "right" receiver. Furthermore, how about error checking? All this is taken into account in an Ethernet "frame" that is sent from host to another. The figure below shows the general organization of one of an Ethernet frame:


Diagram of an Ethernet frame

Let's now examine these different fields in more detail:

Data (46-1500 bytes) - The maximum transmission unit or MTU of Ethernet is 1500 bytes (we can also refer to this as the payload of an Ethernet frame). If this level is exceeded, the data will have to be fragmented into separate packets or transmission units (frames). Also notice that the minimum size for the data field is 46 bytes. Why not just be simple have 0 bytes be the minimum? It turns out that a minimum size is necessary so that proper collision detection can take place (collision detection will be discussed in the next section).

Destination Address (6 bytes) - This field is six bytes or 48 bits in length and refers to the media access control (MAC) address of the receiving adapter. Recall that MAC addresses are hexadecimal and each pair of numbers of such an address requires 8 bits - 0-15 (0-F) for the first 4 bits and (0-F) for the second 4 bits. This applies to each of the 6 pairs that together form the entire MAC address.

Source Address (6 bytes) - Also six bytes in length, this field refers to the MAC address of the host/sender adapter.

Type (2 bytes) - This field references the type of network protocol being used. Besides the commonly used IP protocol (recall, TCP/IP), there are other protocols as well, including Apple's AppleTalk and IPX/SPX. Each of these protocols has unique identification number for this field.

CRC (Cyclic Redundancy Check)(4 bytes) - The CRC field allows the adapter receiving the frame to determine whether any errors were introduced into the frame since it was first sent. The CRC value is calculated by the sender using the other bytes in the frame and then inserted into the CRC field. When the Ethernet frame reaches the receiver adapter, it does the same calculation that the sender did and compares this value to the value in the CRC field. If these fields do not match, the receiver discards the Ethernet frame.

Preamble (8 bytes) - The purpose of the preamble field is to alert the receiving adapter and to synchronize the clocks of the host and receiving adapter. The first seven bytes of this field have value 10101010, the eighth byte 10101011.

This sums up the structure of Ethernet frames. Again, realize that I just went a few layers down the abstraction hierarchy to explain this concept. In reality all this information is just sent as 0's and 1's (high and low voltages), but packaged by the sender PC in the above described way and then interpreted in the same way by the receiver PC.

Collision Detection - CSMA/CD

While by this point I have covered various aspects of the workings of Ethernet, one major issues still remains. What happens when the nodes are sharing the transmission medium and a collision occurs (e.g. two nodes try to send data at the same time)? Luckily, this scenario was taken into account as Ethernet was developed and the CSMA/CD protocol was deployed to handle this type of conflict. CSMA/CD stands for Carrier Sensing Multiple Access/Collision Detection and while this probably sounds confusing to a lot of you right now, it will be cleared up in just a bit. While I could now take a time out and explain this protocol in great detail, I've instead decided to keep things within the scope of this article and instead focus on how it ties in with Ethernet, and also why exactly it is necessary. The main components of the CSMA/CD protocol basically breakup as follows:

  1. An adapter on a host can start transmitting data at any time.
  2. The adapter possesses a means to sense whether other adapters are transmitting and will not do so if this is the case. This is what the term "carrier sensing" refers to.
  3. If an adapter does transmit and a collision occurs, that transmission is aborted and a jam signal is sent into the transmission line by the sender making sure other nodes also transmitting on the same transmission medium are aware that a collision has just occurred. Right here is the place now where we need to backtrack just a little bit and explain things in a little bit more detail. Recall that I mentioned earlier that the Ethernet frame's data field needed to be a minimum size, namely 46 bytes. The reason for this is solely that the sender of the frame can detect that a collision has occurred. Consider the scenario now where the frame sent is too small (e.g. 0 byes). In this case the sender might be done transmitting before the collision occurs in the medium (especially if the transmission distance is long enough, i.e. a long transmission medium). The end result: The sender of the frame thinks the frame was successfully sent, the receiver of the frame senses the collision and drops the frame and the data is not resend. A smart reader might at this point begin to scratch his/her head: If the receiver of the frame senses the collision (e.g., since it's sending data at the same time), consequently sending a jam signal into the medium, how can the sender of the original frame not be aware of the collision since it would sense the jam signal? The problem with collision detection is that the sender has to be transmitting to properly detect there was a collision with the frame it sent.


    Diagram of a collision during data transmission

    In other words, if the sender of a frame is done transmitting and a collision occurs it is already too late because the sender only becomes aware that there was a collision. It has NO means of knowing that its frame was the one involved in the collision unless the collision happened while it was still transmitting. Thus the only way that a frame will get resend by a sender is when a collision occurs when the sender is still transmitting (allowing the sender to successfully detect the collision). If the frame has already been sent and the collision occurs, the frame is dropped and not resend. Hence a minimum frame size is necessary given a certain specified transmission distance. As can be seen later on the in this article, this whole dilemma of collision detection provides a major hurdle for increased Ethernet speeds. What does one do? Increase the frame size as speeds increase, or decrease the distance between adjacent hosts? More on this later on when I discuss 100baseT and 1000baseT ethernet technologies.
  4. If a collision is detected by an adapter, the adapter waits a finite random time interval before transmitting again. The random wait interval is chosen from the following set:

    (0…….2^n-1)

    Where n is the nth collision number and can range from 0 to 10. After the 10th collision, n remains at value 10. To put all of this into perspective, after the first collision occurs each adapter chooses a random time from to 0 to 2^0, i.e. (0,1). For the 2nd collision it will be from 0 to 2^2, or (0,1,2). As you can see, when the number of collisions increases, the pool of wait times increases exponentially. Why not increase linearly instead? The main reason for this is that there is no awareness of how many nodes are hooked into the same transmission medium when the collision occurs. By increasing the pool of wait times exponentially, the odds that another collision will occur in the future will decrease since the chance that each of the nodes will pick different wait times increases.

In Conclusion, the CSMA/CD protocol is pretty extensive and well thought out. While it does have its drawbacks it does allow for traffic to flow smoothly across a shared medium. Enough with the technicalities now though, let's move on to talking about faster Ethernet technologies.

Part III: Faster Ethernet Technologies

In the early 1990's the IEEE's 802.3 committee (the committee put in charge of Ethernet standards since 10base2) met again to develop a faster Ethernet. Discussion was carried out as to how this new Ethernet should be structured. Should everything be redone from scratch? Should core attributes stay the same? It was eventually decided do just that and allow the new, faster Ethernet backwards compatible with current Ethernet setups. Thus the only major change from 10Mbit Ethernet to 100Mbit Ethernet, or "fast Ethernet", was to decrease the time it takes transfer one bit from 100 nanoseconds to 10 nanoseconds (1 bit takes 100 nanoseconds to transfer on 10Mbit Ethernet -- verify this simple calculation if you have doubts). This could easily have been done by utilizing a wiring scheme such as the old 10base5 or 10base2 and decreasing the distance by a factor of ten (recall the discussion in the previous section as to why this would have needed to be done). However, 10baseT Ethernet with its twisted copper pair topology and inclusion of hubs provided enough advantages at the end and won out. Thus, 100baseT Ethernet would not be supported on the tap/transceiver or BNC connections of the older 10base5 and 10base2 technologies. However, the real question after deciding to go with 10baseT became what kind of wiring should be supported? Category 3 UTP (unshielded twisted pair) became the obvious choice as it was deployed widely in offices and as phone cables at the time.

The downside was that CAT 3 UTP used a signal speed of only 25MHz (10base5 and 10base2 already used 20MHz!). How is it possible then to achieve the necessary transfer rate of 100Mbit/s? The solution was to use all four twisted pairs of CAT 3 UTP cabling. Doing so would allow for the ability to transfer 4 bits in parallel in each of the 25 million cycles per second (MHz), equaling a transfer rate of 100Mbit/s (4bits x 25MHz). Furthermore, it should also be noted that Manchester encoding is no longer used in fast Ethernet, as technology had improved and distances were short enough, allowing sender and receiver to stay synchronized with one another without it.

Besides category 3 cable, category 5 UTP cable could also be used for fast Ethernet. The advantage of CAT 5 UTP cabling is that the signal rate is increased by factor 5 to up to 125MHz. Consequently, only two twisted pairs would need to be used to achieve the same kind of transfer rates that required four twisted pairs with CAT 3 UTP cable.


Category 5 Ethernet Cable

Manchester encoding is not used here either, but instead a technique called 4B/5B. This basically takes a group of 5 clock periods (e.g. 10101) which can have a total of 32 combinations (2*2*2*2*2). 16 of these combinations are used for transmitting data, while the other 16 are used for control purposes (e.g. determining the frame cutoff etc..). Another advantage of this setup is that it supports full duplex transfers if a switch utilized, i.e. 100Mbit/s receive and 100Mbit/s send at the same time. Why is a switch required for full duplex data transfers? More on this in the next section.

Not soon after the fast Ethernet standard was developed (also known as 802.3u) the IEEE 802 committee got together again to develop an even faster Ethernet. This Ethernet was to be 10 times faster than "fast Ethernet" and still be backwards compatible. Just as 100baseT Ethernet, the new Ethernet would not support the sharing of a transmission medium for multiple devices. Instead if would be point-to-point, i.e. machine to machine or machine to hub/switch. The new Ethernet was born and given the 802.3.z standard. Its transfer rate was 1000Mbit/s and so was quickly dubbed "gigabit" (the metric prefix for 10^3 is Giga). Gigabit, like its predecessor, uses category 5 UTP cabling, however this time all four twisted pairs are used in data transfer. Each pair of copper cables represents two bits, and since there are 4 pairs to choose from there's the ability to send 4x2 bits = 8 bits in parallel. Recall that the signaling speed of CAT 5 cabling is 125MHz, and after carrying out some simple math we will see that the transfer rate of 1000Mbit/s is achieved (8bits x 125MHz).

Part IV: Hubs and Switches

Hubs first gained popularity as the 10baseT standard was developed. To describe what hub is, another name might fit better, and that is repeater. A hub takes a signal from a node connected to it, boosts the signal's strength and broadcasts it to all other nodes also connected to the hub. The downside of this becomes that the CSMA/CD protocol still has to be used as collisions will frequently occur. This is what the collision light on all hubs symbolizes in case you were ever wondering. 10Mbit and 100Mbit hubs have been developed, however there are currently no 1000Mbit hubs. Also, hubs only allow for half duplex operation. That is to say traffic can only flow at 10 or 100Mbit/s one way and not at these speeds simultaneously both ways. The figure below shows a common setup with hubs:


A hub based network topology

Notice the inefficiency of this setup. As the node on the right sends traffic into the network it will reach the first hub where it will then be transferred into all outgoing channels including the channel to the 2nd hub, where the signal will once again be strengthened and broadcast further on all outgoing channels. This can lead to a major amount of broadcast traffic as well as numerous collisions.

A switch is similar to a hub, but it does not broadcast the traffic received from one connected node to all the other connected nodes. Rather, the traffic only goes to the node for which it is intended. The advantage of this is that each node is now on its own collision segment and does not have to worry about running the CSMA/CD protocol.


A switch based network topology

Since the traffic can now also be full duplex (full speed send and receive at the same time) collisions can really only occur inside the switch. Thus the switch itself handles all of the collisions and also has buffers for incoming and outgoing traffic for each of the nodes. Furthermore, a switch has the ability to filter traffic. That is to say if the traffic is not meant to go through this particular switch it will not be passed on. To pass or forward data on, a switch builds a table with MAC addresses and the corresponding port on the switch the data traffic would need to go through to reach that corresponding MAC address. At the end, all these novel improvements over hubs present a more efficient network topology that offers better overall performance.

This article's attempt has been to demystify the workings of Ethernet and provide an insight of how far this networking technology that millions use daily has come from its conception in the 1970's. What does the future hold in store for Ethernet? 10 gigabit is on the horizon, but will copper be able to provide the necessary signal rate? There's no doubt in my mind that speeds will continue to ramp up as computers become more powerful and the Internet continues to grow with multimedia content.