“There are three kinds of death in this world. There’s heart death, there’s brain death, and there’s being off the network.”

ch^apter

Building a SOHO Network

“There are three kinds of death in this world. There’s heart death, there’s brain death, and there’s being off the network.”

—G^uy A^lmes

In this chapter, you will learn how to

Describe the major steps to

■

■

consider when designing a SOHO network

Describe and implement a SOHO

■

■

network, including solving assorted problems

Explain how security comes

■

■

into play while building a SOHO network

T he time has come for you to take what you learned in previous chapters and apply that knowledge to creating a product: a real, functioning network. This chapter walks you through the steps for building a typical small office/home office (SOHO) network from the ground up, using the tools provided in earlier chapters to handle the entire process. This network needs to include structured cabling, wireless, operating systems, Internet connectivity, and network/system security. The network must have servers, workstations, and printers installed. I’ll also add a few troubleshooting tips beyond what was discussed in other chapters.

19

Historical/Conceptual

Building a SOHO network is a big job, so let’s break it into three discrete steps. First, you need to plan the process. To do this, I’ve created my own checklist to help you think about what needs planning. Second, there’s the actual process of building the SOHO network. I’ll walk you through this process, from running the cables to installing anti-malware software. Third, I’ll discuss security and you’ll see that, although security isn’t on the check- list, it’s actually part of almost every section of the checklist.

This chapter is unique. I want you to look at an entire network and see it as a whole so you gain a broad understanding of how it all works. I won’t rehash procedures or technologies already covered in earlier chap- ters. Instead, I’ll cover the building of a SOHO network from a higher level, dealing with individual scenarios that you might encounter as you build the network after it’s running. Be warned! You’ll probably find yourself jumping back to earlier chapters to consider issues in this chapter.

Test Specific

Designing a SOHO Network

■

■

The CompTIA Network+ exam doesn’t define a list titled “The x Steps to Design and Build a Network.” As you’ve read this book, however, you’ve probably discovered what needs to happen. For this chapter, I’ll use the fol- lowing list. It may not be perfect, but I’ve built hundreds of networks using these steps.

1. List of requirements Define the network’s needs. Why are you installing this network? What primary features do you need?

2. Network design What equipment do you need to build this network? How should you organize the network?

3. Compatibility issues Are you using existing equipment, applications, or cabling that have compatibility issues?

4. Internal connections What type of structured cabling do you need?

Does this network need wireless?

5. External connections How do you connect to the Internet?

6. Peripherals How will peripherals come into play? Are you connecting any printers, fax machines, or scanners?

7. Security How will you deal with computer, data, and network security?

Although I’ve numbered them here, these steps might come in any order.

Even though network security is in the seventh position, for example,

This list happily ignores a few important issues such as costs vs. budget, time to install, and so on. While you should definitely consider these when constructing your own network, the CompTIA Network+ exam isn’t very interested in them.

you might make a decision concerning the firewall as early as Step 2. Don’t be afraid to jump around a bit as needed to construct the network. Let’s start building a network using this list. For each point on the list, I’ll use a scenario or two to consider some of the pit- falls and issues that might pop up.

Remember when we introduced you to MHTechED back in Chapter 2? Well, the prosperous folks over there have hired you to bring their network up to speed (Fig- ure 19.1). It seems that MHTechEd’s grown from 2 computers to about 15 (including servers) over the years, but the network itself is a mess. Now they want to move into new offices. They even have a new floor plan (Fig- ure 19.2).

So grab some boxes and let’s move MHTechED into their new home.

Building the Network

■

■

Designing a SOHO network isn’t too terribly challenging. There simply aren’t enough computers, switches, routers, printers, or servers to over- whelm the design process. The challenge comes in the actual implementa- tion of the network. Here, the “gotchas” come hot and heavy, no matter how well you think you’ve planned ahead. The secret is to stick with your checklist and, above all, be patient!

Define the Network Needs

MHTechED is a typical small office. They need a single file server to store

Figure 19.2

•

Figure 19.1

•

only supports their current projects. They also have a few individual serv- ers running a number of different operating systems used for research.

Every employee will get a computer running Windows 7 Ultimate and the latest version of Microsoft Office. Employees need access to shared folders on the file server for personal storage as well as shared access to customer information. All employees need to print documents as well as send and receive faxes. All employees need access to a telephone.

Two of the employees work full time on graphics, including photog- raphy and video. They need cameras, scanners, and a high-quality color printer. The nature of their work compels them to have an Apple Mac Pro computer running the latest version of OS X, in addition to their Windows systems.

Defining network needs never actually ends. All networks are highly evolving entities and new ideas, applications, and equipment appear on an ongoing basis.

Network Design

Now you need to work on the finer details. Network design quantifies the equipment, operating systems, and applications used by the network. This step ties closely with Step 3, compatibility issues.

You need to address the following equipment:

Workstations

■

Servers

■

Equipment room

■

Peripherals

■

Workstations

The company has eight employees. Each needs a late-generation Windows system (Windows 7) running Microsoft Office 2010. Additionally, two employees need a late-generation Mac running OS X; these machines will not have Office.

Servers

The network needs three file servers. You have a lot of flexibility here, as the users simply need two places to store data and some way to run multiple research and development (R&D) systems. The R&D machines

Network needs are tough to quantify. Don’t try to dig too deeply here, as many issues can be assumed such as “Everyone will want a mouse on their PC.”

Try to stay with job functions and what the network needs to do to support those functions.

Try This!

What Are Your Needs?

Imagine the coolest home network you’ve ever desired. What would that network look like? What would it do for you? Go ahead and sketch up a sample floor plan. Keep this floor plan handy for other “Try This!”

sections in this chapter.

Most people really enjoy the single sign-on convenience of a Windows domain, so you’ll use a single Windows Server domain controller. Granted, if you really wanted to do things right, you would add a second domain controller, so why not virtualize the two file servers? You can get two copies of VMware’s ESX Hypervisor.

The network now has three file servers, all virtualized with the follow- ing virtual machines:

Server #1

■

Windows Server 2008

Server #2

■

Windows Server 2008

Server #3

■

A number of virtualized operating systems from Windows 95 through Windows 7. Also two versions of Linux:

Ubuntu and Debian.

Equipment Room

An equipment room will act as the intermediate distribution frame (IDF) for the network. (See Chapter 6 for the details on the IDF.) All systems will tie into a single, managed, 24-port gigabit switch on a rack mount. The rack will be a floor-to-ceiling rack with a rack-mounted UPS.

Peripherals

MHTechEd has a small office, so you’ll pur- chase a single high-capacity, networked laser printer and a color inkjet printer. The graphics folks picked a printer that doesn’t have a NIC, so you’ll just install the printer onto one of the Macs and share the printer.

The office doesn’t do a lot of faxing or scan- ning, so a typical All-in-One device should work perfectly. I found one that shares the fax system across the network (sweet!), enabling anyone to convert almost any document into a fax. This groovy machine connects to the net- work via Gigabit Ethernet or wirelessly over 802.11g (Figure 19.3). Scanning isn’t quite as handy. All scanned documents go straight to the machine’s built-in storage, where it is shared as a folder on the network. It’s not per- fect, but for $249, the company is happy.

Tech Tip

Network Attached Storage

Many small networks avoid using a full-blown file server and instead take advantage of inexpensive and reliable network attached storage (NAS) devices.

Technically, an NAS is a computer that’s preconfigured to offer file storage for just about any type of client. Most NAS systems use the Common Internet File System (CIFS) configuration to create a plug and play (PnP) type of device. These devices include features such as RAID to make storage safer.

Figure 19.3

•

Try This!

Your Network, Your Equipment

Continuing from the previous “Try This!” decide what equipment you

want for your own home network. Surely you’re going to add a home

theater PC, but what about a separate media server? Do you want a

computer in the kitchen? Would you like a rack in your house? Can you

find a smaller rack online? Can you wall-mount it? Make a list similar to

the one in this section and keep it handy for more “Try This!” sections.

Compatibility Issues

MHTechED’s new building recently added more rooms to their office. The equipment room still has runs going to rooms 1, 2, and 6, but these runs are only CAT 5e. Three new rooms have been added, but they need CAT 6.

You could run CAT 6 into the old rooms, but the boss said “No” to save money (Figure 19.4). MHTechED has a very nice Cisco 802.11g WAP. The boss wasn’t happy when you bought a new 802.11n WAP for almost $1,000, because the old one still works fine.

Figure 19.4

•

The few existing applications the company needs to bring along will work perfectly on the new PCs and Macs: namely Peachtree 2012, Adobe Illustrator CS5, and Final Cut Studio.

Try This!

What’s Compatible?

If you were building a new home network from scratch, which of your existing parts could work in the new network? Do you have older equipment that might have compatibility issues, like an old 10BaseT switch or router?

If you needed to use all of your old equipment, visualize your new net- work connecting to it and how you might get around some of these issues.

Does your old printer have a way to connect to the network directly?

Where would you connect your Xbox 360? What if you have older TVs?

Will they work with a powerful, HDMI-equipped video card?

Create an inventory of your old equipment and jot down any com-

patibility issues you might imagine taking place.

Internal Connections

Now that you have an idea of your equipment and what you want to do with it, you need to get everything properly connected using structured cabling. You should also begin to install your 802.11 network. Once you connect all your equipment, configure your internal VLANs, IP address scheme, DHCP/DNS servers, gateway, and so on.

The Switch

MHTechED is small enough to use a single switch to handle all the interconnections. Their switch needs two features: VLAN support and Power over Ethernet (PoE) to support the WAP. They have a Cisco 3750 switch that handles all of this quite nicely, so they’ll stick with what they have.

Structured Cabling

Setting up good structured cabling for MHTechED is a breeze. Like most office buildings, this building has plenum space over everything for hori- zontal runs and simple sheetrock walls for installing drops. You shouldn’t run into any fire stops or heavy machinery.

Don’t forget what you learned in Chapter 6. Now is the time to verify the exact location of your drops as well as where all horizontal runs come into the equipment room. Estimate the distances so you don’t go over the cable length limits.

Although you can probably do the work yourself, hiring a professional can save on time and stress. Get a good floor layout, get on the phone, and call a professional installer. When he or she finishes the job, make sure you have

Clearly labeled runs

■

The length of all runs

■

CAT ratings on all runs

■

The floor plan showing all runs

■

Since you’ve hired an installer, you might as well look at your phone lines as well. Want the fax machine in the hall? No problem, but MHTechED needs to make sure it has access to an RJ-11 outlet. Running a PBX system?

Verify all the phone lines and PBX lines run to a patch panel.

Cross Check

CAT 5e in a CAT 6 Network

You learned about CAT levels in Chapter 5, so check your memory as

you read about the mixed CAT 5e and CAT 6 runs. What is the maxi-

mum throughput for CAT 5e and CAT 6? How might these different

cable runs affect your network? What would be the fastest backbone

switch to use in this network?

Electrical and Environmental Limits

You’ve got to be careful when installing racks in places where no rack has ever been. Watch out for electricity and environment issues. It’s never a good idea to run your network equipment on anything other than a very high-amperage dedicated circuit. Fig- ure 19.5 shows the dedicated circuit in MHTechEd’s equipment room. Those plugs are not in circuit with any other plugs!

Environment is an equally big “gotcha.” Don’t turn a typi- cal closet into rack space without making serious environmental changes first. For very small single racks, you can get away with the existing air conditioning. Keep in mind, however, that the same ventilation that keeps a single person cool will not be enough to keep the rack cool. If you’re making a new rack, call building ser- vices and get them to dump extra air into that room!

Wireless

MHTechED has lots of customers who walk in and need to see prod- ucts online while in the office. To make this easier, MHTechED is going to create a well-locked- down 802.11 network. Because the boss won’t let them upgrade to 802.11n, they choose to place the single WAP centrally in the office, as shown in Figure 19.6.

Given the small size of the office, this single WAP should do well.

There’s no power or network drop here, however. Good thing you hired those installers! It's time to add another drop. Power won’t be a problem because the WAP supports PoE.

Cross Check

Time for Virtual PBX?

You learned about virtual PBX in Chapter 17. With old-school PBX on its way out, should MHTechED consider a virtual PBX solution? If the company already has phone lines running to a central location, what type of virtual PBX should MHTechEd use: an in-house virtualized server solution or a NaaS solution like Virtual PBX (virtualpbx.com)?

Recheck Chapter 17 and do some online research to develop a solution.

Remember that MHTechED will want an 800 number and at least three incoming lines, plus a fax line.

Figure 19.5

•

Figure 19.6

•

VLANs

These days, you won’t find many networks that don’t use VLANs. Even though MHTechED uses a small network, the company plans to separate the wireless devices, the virtual R&D machines and special server, the switch, and the router management tools into separate VLANs from the main net- work VLAN. The wireless VLANs will make it substantially harder to hack into the main network wirelessly.

Placing all of the R&D virtual machines into a VLAN will help prevent anyone “playing” on these test machines from hurting the main network.

Figure 19.7 shows a lights-out management (LOM) program running on a Dell server being configured for VLAN200. These LOMs are special “com- puter within a computer” features built into better servers, designed to give you access to a server even when the server itself is shut off.

Figure 19.7

•

Cross Check

Install That Wireless!

Chapter 15 goes into great detail on the process of installing a wireless

network. Generate a list of steps that the installer must go through to

get the WAP properly configured. Keep in mind that this is a pure WAP,

not a wireless router. Remember to include steps for dealing with PoE,

SSID, VLAN, security, and so on. After that, go online and price out

some serious “enterprise” WAPs. You’ll have a lot to choose from, but

the Cisco Aironet series has been around for a long time. Find the WAP

that best fits your home network use.

Most managed devices have the ability to place their management screens into separate VLANs, as shown in Figure 19.7. This tool keeps peo- ple out of the most critical parts of your network.

The VLAN configuration for MHTechED is Main VLAN

■

VLAN1

Wireless VLAN

■

VLAN2

R&D VLAN

■

VLAN3

Management VLAN

■

VLAN200

Set Up the Network IP Address Scheme

Long before you start plugging in RJ-45s, you need to decide on your inter- nal IP addressing scheme. For most SOHO networks, this means picking an arbitrary, unique, internal private IP network ID and then preassigning static IP addresses to servers and WAPs. Plus, pick a DHCP server and pre- assign DHCP scope IP address ranges.

MHTechED chooses four different network IDs for the four VLANs:

VLAN1

■

10.11.12.0/24 VLAN2

■

10.11.13.0/24 VLAN3

■

10.11.14.0/24 VLAN200

■

10.11.15.0/24

Sure, the company will never need a full Class C range and could have gone with a CIDR range like /28, but they’re lazy people, and remembering sub- nets like 255.255.255.224 is harder than remembering 255.255.255.0. Here’s the rest of the IP organization:

Gateway router

■

10.11.12.1

Switches/WAP/router management

■

10.11.15.2–10.11.15.20

Server 1 virtual machines

■

10.11.12.10–10.11.12.19

Server 2 virtual machines

■

10.11.12.20–10.11.12.29

R&D server virtualized

■

10.11.14.1–10.11.14-254

Wired DHCP clients

■

10.11.12.100–10.11.12.130

Wireless DHCP clients

■

10.11.13.100–10.11.13.120

If MHTechEd is using Windows Server, then picking a DHCP server is easy because the company will just use one of the two DHCP servers that come with Windows Server 2008.

Setting up the IP addressing scheme beforehand saves you a lot of time and effort once you start installing the systems. Be sure to make multiple copies of this scheme.

Print out a copy and put it in the equipment room. Put a copy in your network documentation. Even

Try to avoid the overused 192.168.1.0/24 network ID.

Bad guys look for mistakes like these.

Try This!

Setting Up an IP Address Scheme

Now it’s your turn to set up your dream home network’s IP address

scheme. List all of the IP address assignments for your network just

like you did for MHTechEd. Here’s the big question: Which computers

get static addresses and which get DHCP? What would you use for a

DHCP server?

External Connections

No network is an island anymore. At the very least, MHTechEd needs an ISP so folks can Google and update their Facebook pages—er, I mean, get work done online. In a SOHO network like MHTechEd, you don’t have to deal with many of the issues you’d see in larger networks. A typical home-type ISP (DSL or cable) should be more than enough for them in terms of band- width. On the other hand, MHTechEd needs to be connected to the Internet all the time (or pay the price in lost business), so the company should con- sider a second ISP as a fallback plan in case the primary ISP fails.

Choose a Gateway Router

A serious business can’t get away with a cheap home router. It needs some- thing that fires up quickly, runs dependably, and never locks up. That’s

why MHTechEd chose a real battleship of a router: the Cisco 2811. This router comes with two fixed 100BaseT Eth- ernet ports (Figure 19.8) and plenty of extra slots to add even more NICs. It’s a good firewall, too, and supports NAT.

Unfortunately, the Cisco 2811 only sup- ports 100BaseT. Depending on what’s available in your area, that router might need an upgrade soon.

As you’ll see in the next section, MHTechEd wants to connect to two dif- ferent ISPs as a safety feature. To support

Try This!

Paper Router Table

Assume MHTechEd has two static Internet connections:

ISP A ISP B

IP Address: 1.5.4.3 IP Address: 11.45.27.3 Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.0 Default Gateway: 1.5.4.1 Default Gateway: 11.45.27.1 Using the internal IP address scheme discussed earlier in this chapter (10.11.12.0/24) and the predefined default gateway (10.11.12.1), write up a four-line paper routing table.

Using the Cisco naming conventions, your router has three Ethernet ports: Fa0/0 connects to the local network; Fa0/1 connects to ISP A; and Fa0/2 connects to ISP B. Run route print from a Windows command prompt to remind you of the data needed to make a routing table. Make sure you have at least three routes:

Default route to the Internet when ISP A is working

■

Default route when ISP A is

■

not working (clue: metrics)

Local traffic route

■

Figure 19.8

•

small businesses use their ASA series of “security appliances”

over the 2800 series of routers.

Go to www.cisco.com and compare a Cisco ASA 5540 to the Cisco 2811.

this, the company needs to add an extra port to the 2811. Luckily, the 2811 is designed to accept special high-speed WAN interface cards (HWICs), router expansion cards that make adding the third port easy (Figure 19.9).

Figure 19.9

•

Most good routers and switches come with interchange- able components, enabling manufacturers to make a base model device and then offer components to address each customer’s individual needs. These components come in a number of different shapes and sizes. In Chapter 5, you saw a gigabit interface converter (GBIC) that gives customers the ability to match their router and switch connections to what- ever type of fiber already exists in their location. You’ve now seen the Cisco HWIC as well. Another popular module used by Cisco is their Small Form-Factor Pluggable (SFP) connector, used in many Cisco and other brand switches (Figure 19.10).

Note that the SFP is designed exclusively for fiber networks.

You can easily install these modules. Turn off the router or switch, remove a protective plate (if one exists), plug in the

module, and turn the switch/router back on. Assuming the device is in good working order, the switch or router will automatically recognize the new connectors and you’ll be able to do whatever you’d do with any con- nector: add it to a VLAN, configure its speed/duplex, apply an IP address (on router ports), and so on.

If you install a module that doesn’t work, use the same tests that you’d perform on any port on a switch or router. The fact that these are modules doesn’t change the troubleshooting tools you’ve learned about in earlier chapters. I’ve listed some of the most common problems with modules and what to do to fix them:

Did you plug the wrong type of cable into the new port (single-mode into

■

multimode, for example)? Make sure you use the right cabling for the new connection.

Are the link lights working? Is the new port properly connected?

■

It’s just

as easy to plug a bad cable into a module as it is to plug it into a

Figure 19.10

•

Does the switch/router recognize the new module in the maintenance

■

Web page/utility/whatever? If it doesn’t, you need to contact the manufacturer. In most cases, you can “fix it” by replacing the module.

Choose an ISP

Before you choose an Internet service provider, ask yourself, “What is avail- able at my location?” If you’re constructing a network in an existing office building, also ask, “What’s already installed that I can tap into?” Once an ISP makes some form of endpoint in a building, you can easily (and inex- pensively) connect to that ISP as opposed to finding your own. Addition- ally, many office buildings offer Internet connectivity as part of the lease agreement or at least tell you what ISP already connects to the building.

After making a few calls to building management, MHTechEd learns that an ISP already provides 100BaseT, Metro Ethernet service. The ISP promises 5 Mbps throughput and is prepared to get them up and running in just a few days (they need to run a 100BaseT connection from the demarc in the basement up to MHTechED). Additionally, MHTechEd is also pur- chasing a commercial account from the local cable provider.

ISPs and MTUs

I discussed the Maximum Transmission Unit (MTU) in Chapter 8. Back in the dark ages (before Windows Vista), Microsoft users often found them- selves with terrible connection problems due to the fact that IP packets were too big to fit into certain network protocols. The largest Ethernet packet is

Try This!

Customizing Your 2811

Do some research to see how many different types of HWICs are avail- able for the 2811. You’ll find quite a few! Also check out a single series of Cisco router. Try the 2800 series, if you’d like, but also consider investigating another series such as the 3800 line. Pick three routers in the series and determine the difference among the three. Answer this question: What is the significance of the last two digits of a router’s model number?

Try This!

What’s Available in Your Building?

Home networks won’t have a preexisting ISP. You need to determine

which ISPs provide service in your neighborhood. Fortunately, there’s

a great Web site designed to help you see what you can get: www

.broadbandreports.com. Go the site, select the Find Service menu, and

enter your ZIP code (sorry—USA only). Even if you already have an

Internet connection at your house, see if you can find a better deal

than the one you have. How much money can you save per month?

1500 bytes, so some earlier versions of Windows set their MTU size to a value less than 1500 to minimize the fragmentation of packets. The problem cropped up when you tried to connect to a technology other than Ethernet, such as DSL. Some DSL carri- ers couldn’t handle an MTU size greater than 1400.

When your network’s packets are so large that they must be fragmented to fit into your ISPs packets, we call it an MTU mismatch.

As a result, techs would tweak their MTU set- tings to improve throughput by matching up the MTU sizes between the ISP and their own network.

This usually required a manual registry setting adjustment, although some older versions of Win- dows used third-party programs like Dr. TCP (Fig- ure 19.11). This process is called “matching up” mis- matched MTU settings.

Around 2007, Path MTU Discovery (PMTU), a new method to determine the best MTU setting automatically, was created. PMTU works by adding a new feature called the “Don’t Fragment (DF) flag” to the IP packet. A PMTU-aware operating system can automatically send a series of fixed-size ICMP packets (basically just pings) with the DF flag set to another device to see if it works. If it doesn’t work, the system lowers the MTU size and tries again until the ping is successful.

You can imitate this feature by running a ping yourself. Open a com- mand prompt and run the following command:

ping www.totalsem.com -f -l 1500

You should get results similar to the following:

Pinging www.totalsem.com [216.40.231.195] with 1500 bytes of data:

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.

Ping statistics for 216.40.231.195:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Try running the ping command again, this time setting the MTU size smaller:

Dr. TCP is an old program and does not work on Windows Vista or 7. Don’t use it anymore;

you don’t have to, either, because of Path MTU Discovery.

Figure 19.11

•

C:\>ping www.totalsem.com -f -l 1400

Pinging www.totalsem.com [216.40.231.195] with 1400 bytes of data:

Reply from 216.40.231.195: bytes=1400 time=81ms TTL=51

Reply from 216.40.231.195: bytes=1400 time=85ms TTL=51

Reply from 216.40.231.195: bytes=1400 time=134ms TTL=51

Reply from 216.40.231.195: bytes=1400 time=144ms TTL=51

Ping statistics for 216.40.231.195:

Imagine the hassle of incrementing the MTU size manually. That’s the beauty of PMTU—you can automatically set your MTU size to the perfect amount.

Unfortunately, PMTU runs under ICMP; most routers have firewall features that, by default, are configured to block ICMP requests, making PMTU worthless. This is called a PMTU or MTU black hole. If you’re having terrible connection problems and you’ve checked everything else, you need to consider this issue. In many cases, going into the router and turning off ICMP blocking in the firewall is all you need to do to fix the problem.

Peripherals

The MHTechEd requirement list defined the following peripherals:

One high-speed laser printer hooked directly to the network

■

One color printer connected to a machine to be determined

■

A combined fax/copier/printer (All-in-One) device primarily

■

used for faxes

A single scanner connected to a system

■

This doesn’t mean that other printers won’t be installed, but these are the base needs in terms of peripherals.

Since the color printer and the All-in-One have already been purchased, or at least already decided upon, MHTechEd only needs to purchase the big laser printer. MHTechEd chooses a Hewlett-

Packard M9050 like the one shown in Figure 19.12. These are very popular, high-speed, and network-capable out of the box. They’re also built like tanks and will last a long time.

Only the big laser printer and the All-in-One box will connect directly to the network. To make things con- venient, install both of these in Office 2 (Figure 19.13). Oops! I forgot yet another drop for a run to the laser printer. Even though the fax machine can run wirelessly, let’s go ahead and just run a second drop for the fax machine.

The CompTIA Network+

objectives use the term MUT/

MTU black holes. There’s no such thing as “MUT” so, hopefully, CompTIA will have fixed this by the time you’re reading this book.

Figure 19.12

•

Try This!

Make Your Own Networked Printer

Putting a printer directly onto the network as opposed to sharing it through a PC has some big benefits. First, the printer doesn’t need a run- ning PC to be accessed. Second, heavy print jobs won’t slow down any PCs. Third, less running equipment saves purchase costs and energy.

But what if your printer on your home network doesn’t have an Ether- net connection? Go online and see if you can find devices that enable

Figure 19.13

•

Security

■

■

Thinking about network security is like thinking about network electricity:

security is not really a single step but an integral part of all the steps. Two chapters of this book, Chapter 11 and Chapter 16, already do a great job of covering these issues. Now I need to describe how to secure the MHTechED network. Going forward with that idea, here are the previous six steps with some of the security issues that come into play during each step:

List of requirements

1. What are MHTechED’s security needs?

Here’s a small subset:

Anti-malware on all systems A.

Firewall with ACL capacity B.

Security from equipment theft C.

Wireless encryption D.

Wireless network isolation E.

Network design

2. You need to make sure MHTechEd has the equipment that satisfies the requirements listed in Step 1.

Microsoft Security Essentials on all systems A.

A built-in firewall on the Cisco 2811 B.

Door locks, deadbolts, motion sensors all tied to a security C.

monitoring company WPA Personal Shared Key D.

WAPs that support isolation E.

Compatibility issues

3. Will there be security issues with the older equipment? Can the old WAP support WPA2 PSK?

Internal connections

4. What do you need to do to protect the internal network from threats and failures?

Verify anti-malware is installed and updated—install Microsoft A.

Security Essentials and configure for automatic updates.

Document the location of all PCs and their associated B.

connections.

Configure servers to use RAID 5.

C.

For power failure, use four 5000-joule, rack-mounted standby D.

power supplies in the equipment room: three for servers and one for all routers, switches, and so on.

Install removable hard drives for backup. Contract for offsite E.

backup.

Configure domain for strict password security.

F.

External connections

5. How do you connect to the Internet?

The network uses the 2811 router’s firewall features, but how A.

exactly do you keep it up to date? What, if any, manual ACLs must you configure?

Be ready for some fairly complex scenario questions on the CompTIA Network+ exams.

CompTIA does a great job giving you some clues about the scenario questions you’ll encounter with the details of Domain 2.6, as you can see in Appendix A. Like any CompTIA question, take your time when reading the scenario questions.

In many cases, the question itself hinges completely on a single word or statement, making the entire scenario actually incredibly simple to answer.

Chapter 19 Review

■

■

Chapter Summary

■

After reading this chapter and completing the exercises, you should understand the following about SOHO net- works and troubleshooting.

Describe the major steps to consider when designing a SOHO network

List of requirements

■

Define the network’s

needs. Why are you installing this network? What primary features do you need?

Network design

■

What equipment do you need to

build this network? How should you organize the network?

Compatibility

■

issues Are you using existing equipment, applications, or cabling that might cause compatibility issues?

Internal

■

connections What type of structured cabling do you need? Does this network need wireless?

External

■

connections How do you connect to the Internet?

Peripherals

■

How will peripherals come into play? Are you connecting any printers, fax machines, or scanners?

Security

■

How do you deal with computer, data, and network security?

Describe and implement a SOHO network, including solving assorted problems

Reference the list of requirements to verify that

■

you are building the network to meet those requirements.

Network design defines the number of

■

workstations and servers as well as the operating systems you choose to run.

Decide if virtualization is a good option for your

■

server, and, if so, what virtualization hypervisor to use.

Know what’s in the equipment room and how you

■

will power it.

Determine if existing equipment might cause

■

compatibility issues and if you can work around any limitations.

Decide if it is less expensive in the long run to

■

replace questionable equipment.

Decide what type of switch to use based on

■

your needs.

Use structured cabling.

■

Determine the CAT level installed and if you need

■

to upgrade any cabling.

Equipment rooms need good air conditioning to

■

perform well.

Equipment rooms should have at least one

■

dedicated circuit.

Determined the placement of the WAP in your

■

SOHO network.

Determine how your network uses VLANs and

■

what VLANs you will create, along with their specific jobs.

Pick a DHCP server.

■

Determine what gateway router makes the most

■

sense for your network and why. Also determined if you need to customize your gateway router for your ISP.

Know what Internet connection options are

■

available. Your building might already have an Internet connection. If so, determine if you can access it and if it is fast enough for your needs.

Most MTU black holes are fixed by enabling ICMP.

■

Decide what peripherals—printers, scanners, and

■

so on—are called for by the list of requirements, where they should be located, and how they will connect to the LAN.

Explain how security comes into play when building a SOHO network

Verify anti-malware is installed, updated, and

■

configured for automatic updates.

Implement a firewall with ACL capacity.

■

Protect yourself from equipment theft. Use door

■

locks, deadbolts, and motion sensors that are all tied to a security monitoring company.

Encrypt wireless connections and isolate the

■

wireless network from the main network. Verify that your WAPs support isolation.

Configure a security key for your network.

■

Document the location of all PCs and their

■

associated connections.

Configure servers for data security.

■

For power failure, use standby power supplies in

■

the equipment room.

Install removable hard drives for backup. Contract

■

for offsite backup.

Configure domain for strict password security.

■

Keep your firewall up to date and configure ACLs

■

as necessary.

Peripherals are not a traditional security issue.

■

Key Terms

■

compatibility issue (535) external connection (535)

high-speed WAN interface card (HWIC) (545) internal connection (535)

lights-out management (LOM) (542) list of requirements (535)

MTU black hole (548)

MTU mismatch (547) network design (535)

Path MTU Discovery (PMTU) (547) peripheral (535)

security (535)

Small Form-Factor Pluggable (SFP) (545)

Key Term Quiz

■

Use the Key Terms list to complete the sentences that follow. Not all the terms will be used.

Determining the type of printers and their 1.

location is under the _______________

checklist item.

A(n) _______________ connector is an 2.

interchangeable feature of many switches and routers that makes it easier to connect to different types of fiber networks.

_______________ is a part of every point on the 3.

build-your-own SOHO network checklist.

Determining the type of gateway router is under 4.

_______________ in the checklist.

Unblocking incoming ICMP requests will often 5.

repair a(n) _______________.

Concern that an old printer may not work with 6.

your new Windows 7 computers is an example of _______________.

You can add ports to many Cisco routers with 7.

a(n) _______________.

The section of the checklist where you determine 8.

the exact make and model of switch you’ll use is _______________.

A new VPN that runs incredibly slowly might be 9.

suffering from _______________.

If an operating system uses _______________, 10.

you have no reason to adjust the MTU settings

manually.

Multiple-Choice Quiz

■

Staci’s network runs both CAT 6 and CAT 1.

5e cabling. All horizontal runs plug into her 100BaseT switch. If she upgrades the switch and the NICs in all systems to 1000BaseT, what will she need to consider with the cabling?

Nothing, it will work perfectly.

A.

The CAT 5e won’t work with 1000BaseT.

B.

You’ll get an impedance mismatch with two C.

different cable types.

She should force all the 1000BaseT ports to D.

half duplex if they connect to a CAT 5e cable.

What switch is added to the ping command to 2.

prevent the system from fragmenting packets?

A. -l B. -t C. -f D. -d

The first step in designing a new SOHO network 3.

is to

Define a list of requirements.

A.

Determine the type of ISP you will use.

B.

Check the existing cable.

C.

Determine what security you need.

D.

Harley is mapping out the cable runs for her new 4.

office space and realizes that the cable run to the new warehouse will be close to 200 meters. The warehouse PC works very hard, pushing over 500 Mbps on the existing network. She already has a nice equipment room and wants to avoid moving any switches. Which of the following is the best solution for setting up one PC in the warehouse on the same broadcast domain as all the other computers?

Run multimode fiber to the warehouse.

A.

Give the warehouse its own Internet B.

connection and run a VPN.

Run a 1000BaseT horizontal run to the C.

warehouse.

Use an 802.11g wireless connection.

D.

Steve is helping a local county prosecutor 5.

set up a network. The prosecutors must give defense attorneys access to any electronic evidence in a case. The evidence is stored on an evidence server that police and prosecutors access continually during the day. Which of the following solutions could Steve implement to give defense attorneys the best access to data stored on a single server yet still best protect the rest of the network from potential threats from the single RJ-45 connection provided to the attorneys?

Put all evidence on Blu-ray Discs.

A.

Keep the evidence server disconnected from B.

the rest of the network.

Give every defense attorney his or her own C.

account on the prosecutor’s domain.

Use a VLAN to separate the defense D.

attorney’s connection from the rest of the network, implementing an aggressive firewall between VLANs.

Donna has paid $150/drop to have four 6.

new CAT 6 horizontal runs installed. The installer should provide a floor plan and what documentation for each run?

Length, labeling, and CAT rating A.

Length, impedance, and TIA/EIA 568 B.

information

Length, near-end crosstalk, and CAT rating C.

Length and CAT rating D.

Gary has installed a new laser printer. He wants 7.

everyone on the wired network to be able to print to the new printer but he doesn’t want anyone on the wireless network to print to the printer. Which of the following would best accomplish this?

Put the wireless clients on a separate VLAN.

A.

Put the printer on the wireless network and B.

use wireless isolation.

Install the laser printer on a wired computer C.

and do a Windows share.

Printers can’t be shared over wireless D.

networks.

What Cisco device is used to add ports to a Cisco 8.

product?

SFP A.

HWIC B.

GBIC C.

Repeater D.

Which of the following is a dedicated computer 9.

that’s preconfigured to offer file storage for many types of client computers?

Active Directory A.

NAS B.

PAN C.

SPAN D.

What type of electrical setup is ideal for a 10.

network closet?

Circuits shared with no more than two other A.

locations

Dedicated circuit B.

High-voltage circuit C.

Any circuit will do.

D.

Essay Quiz

■

Give a walk though of all the steps to configure 1.

a WAP on an existing network. Include adding a VLAN just for wireless clients.

Using a real-world example with a router that 2.

can block incoming ICMP, show how to diagnose an MTU black hole. Include screen grabs of the problem and show how to turn off ICMP blocks on your sample router.

Write an employee training tool for MHTechED 3.

that describes to the users what to expect on their systems in the new office. Create a name for the printers and show the users how to access them. Create shares for the servers and give them instructions on what is stored where. Feel free to use your own creativity to make this as complete as possible.

Lab Project 19.1

•

Working with multiple partners, build an entire network, with each person adding a single component. Have each person add an item to a sheet of paper. You have ten workstations,

but feel free to add anything else. Draw a logical diagram of the network and add an IP addressing scheme.

Lab Projects Lab Projects

Lab Project 19.2

•

Go on a shopping trip to purchase every item to build a new SOHO network. You must use a router, two WAPs, a switch, a better laser printer,

and a scanner. Then go on eBay and see how

much you save by buying the same or similar

equipment used.