chapter
Building a SOHO Network
“There are three kinds of death in this world. There’s heart death, there’s brain death, and there’s being off the network.”
—Guy Almes
In this chapter, you will learn how to
Describe the major steps to
■
■
consider when designing a SOHO network
Describe and implement a SOHO
■
■
network, including solving assorted problems
Explain how security comes
■
■
into play while building a SOHO network
T he time has come for you to take what you learned in previous chapters and apply that knowledge to creating a product: a real, functioning network. This chapter walks you through the steps for building a typical small office/home office (SOHO) network from the ground up, using the tools provided in earlier chapters to handle the entire process. This network needs to include structured cabling, wireless, operating systems, Internet connectivity, and network/system security. The network must have servers, workstations, and printers installed. I’ll also add a few troubleshooting tips beyond what was discussed in other chapters.
19
Historical/Conceptual
Building a SOHO network is a big job, so let’s break it into three discrete steps. First, you need to plan the process. To do this, I’ve created my own checklist to help you think about what needs planning. Second, there’s the actual process of building the SOHO network. I’ll walk you through this process, from running the cables to installing anti-malware software. Third, I’ll discuss security and you’ll see that, although security isn’t on the check- list, it’s actually part of almost every section of the checklist.
This chapter is unique. I want you to look at an entire network and see it as a whole so you gain a broad understanding of how it all works. I won’t rehash procedures or technologies already covered in earlier chap- ters. Instead, I’ll cover the building of a SOHO network from a higher level, dealing with individual scenarios that you might encounter as you build the network after it’s running. Be warned! You’ll probably find yourself jumping back to earlier chapters to consider issues in this chapter.
Test Specific
Designing a SOHO Network
■
■
The CompTIA Network+ exam doesn’t define a list titled “The x Steps to Design and Build a Network.” As you’ve read this book, however, you’ve probably discovered what needs to happen. For this chapter, I’ll use the fol- lowing list. It may not be perfect, but I’ve built hundreds of networks using these steps.
1. List of requirements Define the network’s needs. Why are you installing this network? What primary features do you need?
2. Network design What equipment do you need to build this network? How should you organize the network?
3. Compatibility issues Are you using existing equipment, applications, or cabling that have compatibility issues?
4. Internal connections What type of structured cabling do you need?
Does this network need wireless?
5. External connections How do you connect to the Internet?
6. Peripherals How will peripherals come into play? Are you connecting any printers, fax machines, or scanners?
7. Security How will you deal with computer, data, and network security?
Although I’ve numbered them here, these steps might come in any order.
Even though network security is in the seventh position, for example,
This list happily ignores a few important issues such as costs vs. budget, time to install, and so on. While you should definitely consider these when constructing your own network, the CompTIA Network+ exam isn’t very interested in them.
you might make a decision concerning the firewall as early as Step 2. Don’t be afraid to jump around a bit as needed to construct the network. Let’s start building a network using this list. For each point on the list, I’ll use a scenario or two to consider some of the pit- falls and issues that might pop up.
Remember when we introduced you to MHTechED back in Chapter 2? Well, the prosperous folks over there have hired you to bring their network up to speed (Fig- ure 19.1). It seems that MHTechEd’s grown from 2 computers to about 15 (including servers) over the years, but the network itself is a mess. Now they want to move into new offices. They even have a new floor plan (Fig- ure 19.2).
So grab some boxes and let’s move MHTechED into their new home.
Building the Network
■
■
Designing a SOHO network isn’t too terribly challenging. There simply aren’t enough computers, switches, routers, printers, or servers to over- whelm the design process. The challenge comes in the actual implementa- tion of the network. Here, the “gotchas” come hot and heavy, no matter how well you think you’ve planned ahead. The secret is to stick with your checklist and, above all, be patient!
Define the Network Needs
MHTechED is a typical small office. They need a single file server to store
Figure 19.2
•
Floor plan for the new MHTechEdFigure 19.1
•
MHTechED’s gotten biggeronly supports their current projects. They also have a few individual serv- ers running a number of different operating systems used for research.
Every employee will get a computer running Windows 7 Ultimate and the latest version of Microsoft Office. Employees need access to shared folders on the file server for personal storage as well as shared access to customer information. All employees need to print documents as well as send and receive faxes. All employees need access to a telephone.
Two of the employees work full time on graphics, including photog- raphy and video. They need cameras, scanners, and a high-quality color printer. The nature of their work compels them to have an Apple Mac Pro computer running the latest version of OS X, in addition to their Windows systems.
Defining network needs never actually ends. All networks are highly evolving entities and new ideas, applications, and equipment appear on an ongoing basis.
Network Design
Now you need to work on the finer details. Network design quantifies the equipment, operating systems, and applications used by the network. This step ties closely with Step 3, compatibility issues.
You need to address the following equipment:
Workstations
■
Servers
■
Equipment room
■
Peripherals
■
Workstations
The company has eight employees. Each needs a late-generation Windows system (Windows 7) running Microsoft Office 2010. Additionally, two employees need a late-generation Mac running OS X; these machines will not have Office.
Servers
The network needs three file servers. You have a lot of flexibility here, as the users simply need two places to store data and some way to run multiple research and development (R&D) systems. The R&D machines
Network needs are tough to quantify. Don’t try to dig too deeply here, as many issues can be assumed such as “Everyone will want a mouse on their PC.”
Try to stay with job functions and what the network needs to do to support those functions.
Try This!
What Are Your Needs?
Imagine the coolest home network you’ve ever desired. What would that network look like? What would it do for you? Go ahead and sketch up a sample floor plan. Keep this floor plan handy for other “Try This!”
sections in this chapter.
Most people really enjoy the single sign-on convenience of a Windows domain, so you’ll use a single Windows Server domain controller. Granted, if you really wanted to do things right, you would add a second domain controller, so why not virtualize the two file servers? You can get two copies of VMware’s ESX Hypervisor.
The network now has three file servers, all virtualized with the follow- ing virtual machines:
Server #1
■
Windows Server 2008
Server #2
■
Windows Server 2008
Server #3
■
A number of virtualized operating systems from Windows 95 through Windows 7. Also two versions of Linux:
Ubuntu and Debian.
Equipment Room
An equipment room will act as the intermediate distribution frame (IDF) for the network. (See Chapter 6 for the details on the IDF.) All systems will tie into a single, managed, 24-port gigabit switch on a rack mount. The rack will be a floor-to-ceiling rack with a rack-mounted UPS.
Peripherals
MHTechEd has a small office, so you’ll pur- chase a single high-capacity, networked laser printer and a color inkjet printer. The graphics folks picked a printer that doesn’t have a NIC, so you’ll just install the printer onto one of the Macs and share the printer.
The office doesn’t do a lot of faxing or scan- ning, so a typical All-in-One device should work perfectly. I found one that shares the fax system across the network (sweet!), enabling anyone to convert almost any document into a fax. This groovy machine connects to the net- work via Gigabit Ethernet or wirelessly over 802.11g (Figure 19.3). Scanning isn’t quite as handy. All scanned documents go straight to the machine’s built-in storage, where it is shared as a folder on the network. It’s not per- fect, but for $249, the company is happy.
Tech Tip
Network Attached Storage
Many small networks avoid using a full-blown file server and instead take advantage of inexpensive and reliable network attached storage (NAS) devices.
Technically, an NAS is a computer that’s preconfigured to offer file storage for just about any type of client. Most NAS systems use the Common Internet File System (CIFS) configuration to create a plug and play (PnP) type of device. These devices include features such as RAID to make storage safer.
Figure 19.3
•
MHTechEd’s cool All-in-One machineTry This!
Your Network, Your Equipment
Continuing from the previous “Try This!” decide what equipment you
want for your own home network. Surely you’re going to add a home
theater PC, but what about a separate media server? Do you want a
computer in the kitchen? Would you like a rack in your house? Can you
find a smaller rack online? Can you wall-mount it? Make a list similar to
the one in this section and keep it handy for more “Try This!” sections.
Compatibility Issues
MHTechED’s new building recently added more rooms to their office. The equipment room still has runs going to rooms 1, 2, and 6, but these runs are only CAT 5e. Three new rooms have been added, but they need CAT 6.
You could run CAT 6 into the old rooms, but the boss said “No” to save money (Figure 19.4). MHTechED has a very nice Cisco 802.11g WAP. The boss wasn’t happy when you bought a new 802.11n WAP for almost $1,000, because the old one still works fine.
Figure 19.4
•
CAT 5e and CAT 6 drops in the MHTechED officeThe few existing applications the company needs to bring along will work perfectly on the new PCs and Macs: namely Peachtree 2012, Adobe Illustrator CS5, and Final Cut Studio.
Try This!
What’s Compatible?
If you were building a new home network from scratch, which of your existing parts could work in the new network? Do you have older equipment that might have compatibility issues, like an old 10BaseT switch or router?
If you needed to use all of your old equipment, visualize your new net- work connecting to it and how you might get around some of these issues.
Does your old printer have a way to connect to the network directly?
Where would you connect your Xbox 360? What if you have older TVs?
Will they work with a powerful, HDMI-equipped video card?
Create an inventory of your old equipment and jot down any com-
patibility issues you might imagine taking place.
Internal Connections
Now that you have an idea of your equipment and what you want to do with it, you need to get everything properly connected using structured cabling. You should also begin to install your 802.11 network. Once you connect all your equipment, configure your internal VLANs, IP address scheme, DHCP/DNS servers, gateway, and so on.
The Switch
MHTechED is small enough to use a single switch to handle all the interconnections. Their switch needs two features: VLAN support and Power over Ethernet (PoE) to support the WAP. They have a Cisco 3750 switch that handles all of this quite nicely, so they’ll stick with what they have.
Structured Cabling
Setting up good structured cabling for MHTechED is a breeze. Like most office buildings, this building has plenum space over everything for hori- zontal runs and simple sheetrock walls for installing drops. You shouldn’t run into any fire stops or heavy machinery.
Don’t forget what you learned in Chapter 6. Now is the time to verify the exact location of your drops as well as where all horizontal runs come into the equipment room. Estimate the distances so you don’t go over the cable length limits.
Although you can probably do the work yourself, hiring a professional can save on time and stress. Get a good floor layout, get on the phone, and call a professional installer. When he or she finishes the job, make sure you have
Clearly labeled runs
■
The length of all runs
■
CAT ratings on all runs
■
The floor plan showing all runs
■
Since you’ve hired an installer, you might as well look at your phone lines as well. Want the fax machine in the hall? No problem, but MHTechED needs to make sure it has access to an RJ-11 outlet. Running a PBX system?
Verify all the phone lines and PBX lines run to a patch panel.
Cross Check
CAT 5e in a CAT 6 Network
You learned about CAT levels in Chapter 5, so check your memory as
you read about the mixed CAT 5e and CAT 6 runs. What is the maxi-
mum throughput for CAT 5e and CAT 6? How might these different
cable runs affect your network? What would be the fastest backbone
switch to use in this network?
Electrical and Environmental Limits
You’ve got to be careful when installing racks in places where no rack has ever been. Watch out for electricity and environment issues. It’s never a good idea to run your network equipment on anything other than a very high-amperage dedicated circuit. Fig- ure 19.5 shows the dedicated circuit in MHTechEd’s equipment room. Those plugs are not in circuit with any other plugs!
Environment is an equally big “gotcha.” Don’t turn a typi- cal closet into rack space without making serious environmental changes first. For very small single racks, you can get away with the existing air conditioning. Keep in mind, however, that the same ventilation that keeps a single person cool will not be enough to keep the rack cool. If you’re making a new rack, call building ser- vices and get them to dump extra air into that room!
Wireless
MHTechED has lots of customers who walk in and need to see prod- ucts online while in the office. To make this easier, MHTechED is going to create a well-locked- down 802.11 network. Because the boss won’t let them upgrade to 802.11n, they choose to place the single WAP centrally in the office, as shown in Figure 19.6.
Given the small size of the office, this single WAP should do well.
There’s no power or network drop here, however. Good thing you hired those installers! It's time to add another drop. Power won’t be a problem because the WAP supports PoE.
Cross Check
Time for Virtual PBX?
You learned about virtual PBX in Chapter 17. With old-school PBX on its way out, should MHTechED consider a virtual PBX solution? If the company already has phone lines running to a central location, what type of virtual PBX should MHTechEd use: an in-house virtualized server solution or a NaaS solution like Virtual PBX (virtualpbx.com)?
Recheck Chapter 17 and do some online research to develop a solution.
Remember that MHTechED will want an 800 number and at least three incoming lines, plus a fax line.
Figure 19.5
•
Dedicated circuitFigure 19.6
•
Placement of WAP in networkVLANs
These days, you won’t find many networks that don’t use VLANs. Even though MHTechED uses a small network, the company plans to separate the wireless devices, the virtual R&D machines and special server, the switch, and the router management tools into separate VLANs from the main net- work VLAN. The wireless VLANs will make it substantially harder to hack into the main network wirelessly.
Placing all of the R&D virtual machines into a VLAN will help prevent anyone “playing” on these test machines from hurting the main network.
Figure 19.7 shows a lights-out management (LOM) program running on a Dell server being configured for VLAN200. These LOMs are special “com- puter within a computer” features built into better servers, designed to give you access to a server even when the server itself is shut off.
Figure 19.7
•
Lights-out managementCross Check
Install That Wireless!
Chapter 15 goes into great detail on the process of installing a wireless
network. Generate a list of steps that the installer must go through to
get the WAP properly configured. Keep in mind that this is a pure WAP,
not a wireless router. Remember to include steps for dealing with PoE,
SSID, VLAN, security, and so on. After that, go online and price out
some serious “enterprise” WAPs. You’ll have a lot to choose from, but
the Cisco Aironet series has been around for a long time. Find the WAP
that best fits your home network use.
Most managed devices have the ability to place their management screens into separate VLANs, as shown in Figure 19.7. This tool keeps peo- ple out of the most critical parts of your network.
The VLAN configuration for MHTechED is Main VLAN
■
VLAN1
Wireless VLAN
■
VLAN2
R&D VLAN
■
VLAN3
Management VLAN
■
VLAN200
Set Up the Network IP Address Scheme
Long before you start plugging in RJ-45s, you need to decide on your inter- nal IP addressing scheme. For most SOHO networks, this means picking an arbitrary, unique, internal private IP network ID and then preassigning static IP addresses to servers and WAPs. Plus, pick a DHCP server and pre- assign DHCP scope IP address ranges.
MHTechED chooses four different network IDs for the four VLANs:
VLAN1
■
10.11.12.0/24 VLAN2
■
10.11.13.0/24 VLAN3
■
10.11.14.0/24 VLAN200
■
10.11.15.0/24
Sure, the company will never need a full Class C range and could have gone with a CIDR range like /28, but they’re lazy people, and remembering sub- nets like 255.255.255.224 is harder than remembering 255.255.255.0. Here’s the rest of the IP organization:
Gateway router
■
10.11.12.1
Switches/WAP/router management
■
10.11.15.2–10.11.15.20
Server 1 virtual machines
■
10.11.12.10–10.11.12.19
Server 2 virtual machines
■
10.11.12.20–10.11.12.29
R&D server virtualized
■
10.11.14.1–10.11.14-254
Wired DHCP clients
■
10.11.12.100–10.11.12.130
Wireless DHCP clients
■
10.11.13.100–10.11.13.120
If MHTechEd is using Windows Server, then picking a DHCP server is easy because the company will just use one of the two DHCP servers that come with Windows Server 2008.
Setting up the IP addressing scheme beforehand saves you a lot of time and effort once you start installing the systems. Be sure to make multiple copies of this scheme.
Print out a copy and put it in the equipment room. Put a copy in your network documentation. Even
Try to avoid the overused 192.168.1.0/24 network ID.
Bad guys look for mistakes like these.
Try This!
Setting Up an IP Address Scheme
Now it’s your turn to set up your dream home network’s IP address
scheme. List all of the IP address assignments for your network just
like you did for MHTechEd. Here’s the big question: Which computers
get static addresses and which get DHCP? What would you use for a
DHCP server?
External Connections
No network is an island anymore. At the very least, MHTechEd needs an ISP so folks can Google and update their Facebook pages—er, I mean, get work done online. In a SOHO network like MHTechEd, you don’t have to deal with many of the issues you’d see in larger networks. A typical home-type ISP (DSL or cable) should be more than enough for them in terms of band- width. On the other hand, MHTechEd needs to be connected to the Internet all the time (or pay the price in lost business), so the company should con- sider a second ISP as a fallback plan in case the primary ISP fails.
Choose a Gateway Router
A serious business can’t get away with a cheap home router. It needs some- thing that fires up quickly, runs dependably, and never locks up. That’s
why MHTechEd chose a real battleship of a router: the Cisco 2811. This router comes with two fixed 100BaseT Eth- ernet ports (Figure 19.8) and plenty of extra slots to add even more NICs. It’s a good firewall, too, and supports NAT.
Unfortunately, the Cisco 2811 only sup- ports 100BaseT. Depending on what’s available in your area, that router might need an upgrade soon.
As you’ll see in the next section, MHTechEd wants to connect to two dif- ferent ISPs as a safety feature. To support
Try This!
Paper Router Table
Assume MHTechEd has two static Internet connections:
ISP A ISP B
IP Address: 1.5.4.3 IP Address: 11.45.27.3 Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.0 Default Gateway: 1.5.4.1 Default Gateway: 11.45.27.1 Using the internal IP address scheme discussed earlier in this chapter (10.11.12.0/24) and the predefined default gateway (10.11.12.1), write up a four-line paper routing table.
Using the Cisco naming conventions, your router has three Ethernet ports: Fa0/0 connects to the local network; Fa0/1 connects to ISP A; and Fa0/2 connects to ISP B. Run route print from a Windows command prompt to remind you of the data needed to make a routing table. Make sure you have at least three routes:
Default route to the Internet when ISP A is working
■
Default route when ISP A is
■
not working (clue: metrics)
Local traffic route
■
Figure 19.8
•
Fixed 100BaseT ports on Cisco 2811 Cisco would prefer thatsmall businesses use their ASA series of “security appliances”
over the 2800 series of routers.
Go to www.cisco.com and compare a Cisco ASA 5540 to the Cisco 2811.
this, the company needs to add an extra port to the 2811. Luckily, the 2811 is designed to accept special high-speed WAN interface cards (HWICs), router expansion cards that make adding the third port easy (Figure 19.9).
Figure 19.9
•
Cisco HWIC cardMost good routers and switches come with interchange- able components, enabling manufacturers to make a base model device and then offer components to address each customer’s individual needs. These components come in a number of different shapes and sizes. In Chapter 5, you saw a gigabit interface converter (GBIC) that gives customers the ability to match their router and switch connections to what- ever type of fiber already exists in their location. You’ve now seen the Cisco HWIC as well. Another popular module used by Cisco is their Small Form-Factor Pluggable (SFP) connector, used in many Cisco and other brand switches (Figure 19.10).
Note that the SFP is designed exclusively for fiber networks.
You can easily install these modules. Turn off the router or switch, remove a protective plate (if one exists), plug in the
module, and turn the switch/router back on. Assuming the device is in good working order, the switch or router will automatically recognize the new connectors and you’ll be able to do whatever you’d do with any con- nector: add it to a VLAN, configure its speed/duplex, apply an IP address (on router ports), and so on.
If you install a module that doesn’t work, use the same tests that you’d perform on any port on a switch or router. The fact that these are modules doesn’t change the troubleshooting tools you’ve learned about in earlier chapters. I’ve listed some of the most common problems with modules and what to do to fix them:
Did you plug the wrong type of cable into the new port (single-mode into
■
multimode, for example)? Make sure you use the right cabling for the new connection.
Are the link lights working? Is the new port properly connected?
■
It’s just
as easy to plug a bad cable into a module as it is to plug it into a
Figure 19.10
•
NETGEAR SFPDoes the switch/router recognize the new module in the maintenance
■
Web page/utility/whatever? If it doesn’t, you need to contact the manufacturer. In most cases, you can “fix it” by replacing the module.
Choose an ISP
Before you choose an Internet service provider, ask yourself, “What is avail- able at my location?” If you’re constructing a network in an existing office building, also ask, “What’s already installed that I can tap into?” Once an ISP makes some form of endpoint in a building, you can easily (and inex- pensively) connect to that ISP as opposed to finding your own. Addition- ally, many office buildings offer Internet connectivity as part of the lease agreement or at least tell you what ISP already connects to the building.
After making a few calls to building management, MHTechEd learns that an ISP already provides 100BaseT, Metro Ethernet service. The ISP promises 5 Mbps throughput and is prepared to get them up and running in just a few days (they need to run a 100BaseT connection from the demarc in the basement up to MHTechED). Additionally, MHTechEd is also pur- chasing a commercial account from the local cable provider.
ISPs and MTUs
I discussed the Maximum Transmission Unit (MTU) in Chapter 8. Back in the dark ages (before Windows Vista), Microsoft users often found them- selves with terrible connection problems due to the fact that IP packets were too big to fit into certain network protocols. The largest Ethernet packet is
Try This!
Customizing Your 2811
Do some research to see how many different types of HWICs are avail- able for the 2811. You’ll find quite a few! Also check out a single series of Cisco router. Try the 2800 series, if you’d like, but also consider investigating another series such as the 3800 line. Pick three routers in the series and determine the difference among the three. Answer this question: What is the significance of the last two digits of a router’s model number?
Try This!
What’s Available in Your Building?
Home networks won’t have a preexisting ISP. You need to determine
which ISPs provide service in your neighborhood. Fortunately, there’s
a great Web site designed to help you see what you can get: www
.broadbandreports.com. Go the site, select the Find Service menu, and
enter your ZIP code (sorry—USA only). Even if you already have an
Internet connection at your house, see if you can find a better deal
than the one you have. How much money can you save per month?
1500 bytes, so some earlier versions of Windows set their MTU size to a value less than 1500 to minimize the fragmentation of packets. The problem cropped up when you tried to connect to a technology other than Ethernet, such as DSL. Some DSL carri- ers couldn’t handle an MTU size greater than 1400.
When your network’s packets are so large that they must be fragmented to fit into your ISPs packets, we call it an MTU mismatch.
As a result, techs would tweak their MTU set- tings to improve throughput by matching up the MTU sizes between the ISP and their own network.
This usually required a manual registry setting adjustment, although some older versions of Win- dows used third-party programs like Dr. TCP (Fig- ure 19.11). This process is called “matching up” mis- matched MTU settings.
Around 2007, Path MTU Discovery (PMTU), a new method to determine the best MTU setting automatically, was created. PMTU works by adding a new feature called the “Don’t Fragment (DF) flag” to the IP packet. A PMTU-aware operating system can automatically send a series of fixed-size ICMP packets (basically just pings) with the DF flag set to another device to see if it works. If it doesn’t work, the system lowers the MTU size and tries again until the ping is successful.
You can imitate this feature by running a ping yourself. Open a com- mand prompt and run the following command:
ping www.totalsem.com -f -l 1500
You should get results similar to the following:
Pinging www.totalsem.com [216.40.231.195] with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 216.40.231.195:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Try running the ping command again, this time setting the MTU size smaller:
Dr. TCP is an old program and does not work on Windows Vista or 7. Don’t use it anymore;
you don’t have to, either, because of Path MTU Discovery.
Figure 19.11
•
Adjusting the MTU settings in Dr. TCPC:\>ping www.totalsem.com -f -l 1400
Pinging www.totalsem.com [216.40.231.195] with 1400 bytes of data:
Reply from 216.40.231.195: bytes=1400 time=81ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=85ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=134ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=144ms TTL=51
Ping statistics for 216.40.231.195:
Imagine the hassle of incrementing the MTU size manually. That’s the beauty of PMTU—you can automatically set your MTU size to the perfect amount.
Unfortunately, PMTU runs under ICMP; most routers have firewall features that, by default, are configured to block ICMP requests, making PMTU worthless. This is called a PMTU or MTU black hole. If you’re having terrible connection problems and you’ve checked everything else, you need to consider this issue. In many cases, going into the router and turning off ICMP blocking in the firewall is all you need to do to fix the problem.
Peripherals
The MHTechEd requirement list defined the following peripherals:
One high-speed laser printer hooked directly to the network
■
One color printer connected to a machine to be determined
■
A combined fax/copier/printer (All-in-One) device primarily
■
used for faxes
A single scanner connected to a system
■
This doesn’t mean that other printers won’t be installed, but these are the base needs in terms of peripherals.
Since the color printer and the All-in-One have already been purchased, or at least already decided upon, MHTechEd only needs to purchase the big laser printer. MHTechEd chooses a Hewlett-
Packard M9050 like the one shown in Figure 19.12. These are very popular, high-speed, and network-capable out of the box. They’re also built like tanks and will last a long time.
Only the big laser printer and the All-in-One box will connect directly to the network. To make things con- venient, install both of these in Office 2 (Figure 19.13). Oops! I forgot yet another drop for a run to the laser printer. Even though the fax machine can run wirelessly, let’s go ahead and just run a second drop for the fax machine.
The CompTIA Network+
objectives use the term MUT/
MTU black holes. There’s no such thing as “MUT” so, hopefully, CompTIA will have fixed this by the time you’re reading this book.
Figure 19.12
•
HP M9050Try This!
Make Your Own Networked Printer
Putting a printer directly onto the network as opposed to sharing it through a PC has some big benefits. First, the printer doesn’t need a run- ning PC to be accessed. Second, heavy print jobs won’t slow down any PCs. Third, less running equipment saves purchase costs and energy.
But what if your printer on your home network doesn’t have an Ether- net connection? Go online and see if you can find devices that enable
Figure 19.13
•
Location of fax machine and printerSecurity
■
■
Thinking about network security is like thinking about network electricity:
security is not really a single step but an integral part of all the steps. Two chapters of this book, Chapter 11 and Chapter 16, already do a great job of covering these issues. Now I need to describe how to secure the MHTechED network. Going forward with that idea, here are the previous six steps with some of the security issues that come into play during each step:
List of requirements
1. What are MHTechED’s security needs?
Here’s a small subset:
Anti-malware on all systems A.
Firewall with ACL capacity B.
Security from equipment theft C.
Wireless encryption D.
Wireless network isolation E.
Network design
2. You need to make sure MHTechEd has the equipment that satisfies the requirements listed in Step 1.
Microsoft Security Essentials on all systems A.
A built-in firewall on the Cisco 2811 B.
Door locks, deadbolts, motion sensors all tied to a security C.
monitoring company WPA Personal Shared Key D.
WAPs that support isolation E.
Compatibility issues
3. Will there be security issues with the older equipment? Can the old WAP support WPA2 PSK?
Internal connections
4. What do you need to do to protect the internal network from threats and failures?
Verify anti-malware is installed and updated—install Microsoft A.
Security Essentials and configure for automatic updates.
Document the location of all PCs and their associated B.
connections.
Configure servers to use RAID 5.
C.
For power failure, use four 5000-joule, rack-mounted standby D.
power supplies in the equipment room: three for servers and one for all routers, switches, and so on.
Install removable hard drives for backup. Contract for offsite E.
backup.
Configure domain for strict password security.
F.
External connections
5. How do you connect to the Internet?
The network uses the 2811 router’s firewall features, but how A.
exactly do you keep it up to date? What, if any, manual ACLs must you configure?
Be ready for some fairly complex scenario questions on the CompTIA Network+ exams.
CompTIA does a great job giving you some clues about the scenario questions you’ll encounter with the details of Domain 2.6, as you can see in Appendix A. Like any CompTIA question, take your time when reading the scenario questions.
In many cases, the question itself hinges completely on a single word or statement, making the entire scenario actually incredibly simple to answer.
Chapter 19 Review
■
■
Chapter Summary
■
After reading this chapter and completing the exercises, you should understand the following about SOHO net- works and troubleshooting.
Describe the major steps to consider when designing a SOHO network
List of requirements
■
Define the network’s
needs. Why are you installing this network? What primary features do you need?
Network design
■
What equipment do you need to
build this network? How should you organize the network?
Compatibility
■
issues Are you using existing equipment, applications, or cabling that might cause compatibility issues?
Internal
■
connections What type of structured cabling do you need? Does this network need wireless?
External
■
connections How do you connect to the Internet?
Peripherals
■
How will peripherals come into play? Are you connecting any printers, fax machines, or scanners?
Security
■
How do you deal with computer, data, and network security?
Describe and implement a SOHO network, including solving assorted problems
Reference the list of requirements to verify that
■
you are building the network to meet those requirements.
Network design defines the number of
■
workstations and servers as well as the operating systems you choose to run.
Decide if virtualization is a good option for your
■
server, and, if so, what virtualization hypervisor to use.
Know what’s in the equipment room and how you
■
will power it.
Determine if existing equipment might cause
■
compatibility issues and if you can work around any limitations.
Decide if it is less expensive in the long run to
■
replace questionable equipment.
Decide what type of switch to use based on
■
your needs.
Use structured cabling.
■
Determine the CAT level installed and if you need
■
to upgrade any cabling.
Equipment rooms need good air conditioning to
■
perform well.
Equipment rooms should have at least one
■
dedicated circuit.
Determined the placement of the WAP in your
■
SOHO network.
Determine how your network uses VLANs and
■
what VLANs you will create, along with their specific jobs.
Pick a DHCP server.
■
Determine what gateway router makes the most
■
sense for your network and why. Also determined if you need to customize your gateway router for your ISP.
Know what Internet connection options are
■
available. Your building might already have an Internet connection. If so, determine if you can access it and if it is fast enough for your needs.
Most MTU black holes are fixed by enabling ICMP.
■
Decide what peripherals—printers, scanners, and
■
so on—are called for by the list of requirements, where they should be located, and how they will connect to the LAN.
Explain how security comes into play when building a SOHO network
Verify anti-malware is installed, updated, and
■
configured for automatic updates.
Implement a firewall with ACL capacity.
■
Protect yourself from equipment theft. Use door
■
locks, deadbolts, and motion sensors that are all tied to a security monitoring company.
Encrypt wireless connections and isolate the
■
wireless network from the main network. Verify that your WAPs support isolation.
Configure a security key for your network.
■
Document the location of all PCs and their
■
associated connections.
Configure servers for data security.
■
For power failure, use standby power supplies in
■
the equipment room.
Install removable hard drives for backup. Contract
■
for offsite backup.
Configure domain for strict password security.
■
Keep your firewall up to date and configure ACLs
■
as necessary.
Peripherals are not a traditional security issue.
■