Basic Wired/Wireless SOHO Network | CompTIA A+ 220-1001 | 2.3

In this video we will discuss wired and wireless SOHO networks.  You will learn router/switch functionality, access point settings, IP addressing, NIC configuration, end-user device configuration, IoT device configuration, cable/DSL modem configuration, firewall settings, QoS, & wireless settings.

Access Point Settings

A SOHO access point is a device that creates a wireless LAN (WLAN), typically found in office buildings. An access point connects to a wired router and projects a WiFi signal to a designated area to provide a secure way for users to access the internet and local network resources. Depending upon how the device is configured, it can also become a magnet for attacks.

To configure a router’s settings, connect to the router via an Ethernet cable or wirelessly and use the manufacturer’s instructions on the default IP address to use. The IP address typically looks similar to 192.168.0.1. To connect, open a browser and enter the IP address of the router in the address bar and press Enter.

Channels

The 2.4GHz spectrum on a wireless router is divided into 11 channels. Only 3 channels within this spectrum do not overlap: channels 1, 6 & 11. For the best wireless signal in the 2.4GHz spectrum, select one of those channels. Some SOHO routers feature an Auto setting that enables the router to use the least-active channel, but you can use a WiFi diagnostic utility to find the least-used channel if you prefer to setup the router manually.

Steps to change the channel used by a wireless network:

  1. Log into the router.
  2. Navigate to the wireless configuration dialog.
  3. Select a different channel (typically 1, 6, or 11 when using 2.4GHz networking because they have less interference than other channels).
  4. Save your changes and exit the wireless configuration dialog.
Wireless Router Channel Settings

NAT (Network Address Translation)

Network address translation is a method of remapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. In layman’s terms, NAT is the process where a network device (usually a firewall) assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit or hide an entire IP address space on a LAN for both economic and security purposes. This functionality is typically built into a router. When NAT is implemented, before an IP address on the LAN can communicate with the internet, the IP address has to be converted to the public IP address of the router. This allows for the router to appear as if it is the only device making a connection to remote computers on the internet, which provides safety for the computers on the LAN. It also allows a single IP address to do the work for many other IP addresses in the LAN. NAT is performed automatically on SOHO routers when connected to an IPv4 network.  NAT is not necessary on an IPv6 network because IPv6 is much more secure and has no shortage of IP addresses.

Port Forwarding (DNAT) & Port Triggering

In computer networking, port forwarding (DNAT or destination network address translation) is an application of NAT that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. In layman’s terms, port forwarding allows remote computers to connect to a specific computer or service within a private LAN. An example could be an FTP server residing inside of a LAN with the IP address of 192.168.1.240 with port 21 open to allow for external computers to connect to engage in file transactions. In order for external computers to connect, these devices would need to know the IP address of your router (ex: 68.54.121.93) and the appropriate port number (port 21). Once the external computer is granted access to the LAN, the external device’s packets will be forwarded to the FTP server at 192.168.1.240 port 21.

Port triggering is a configuration option on a NAT-enabled router that controls communication between internal and external host machines in an IP network. It is similar to port forwarding in that it enables incoming traffic to be forwarded to a specific internal host machine, although the forwarded port is not open permanently and the target internal host machine is chosen dynamically. Port triggering is useful for network applications where the client and server roles must be switched for certain tasks, such as authentication for a service called Internet Relay Chat (IRC), which allows for the opening of an outgoing port or range of ports on demand.

Port Forwarding

DMZ (Demilitarized Zone)

A demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the internet. The purpose of a DMZ is to add an additional layer of security to an organization’s LAN to where an external node can access only what is exposed in the DMZ, while the rest of the organization’s network is firewalled. The DMZ functions as a small, isolated network positioned between the internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.

DMZ

DHCP (Dynamic Host Configuration Protocol)

DHCP is a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. By default, SOHO routers have the DHCP service turned on so they can provide IP addresses to any wired or wireless devices that connect. Most routers enable you to specify the range and number of IP addresses available via DHCP.  The example below shows a router with DHCP enabled and a range of IP addresses the DHCP server can assign. The default address of the router is 192.168.1.1, and the subnet mask is 255.255.255.0.  This means the router has the first address on the 192.168.0 network, which is a private network that can’t be used on the internet. When devices join the network based on these router settings, DHCP assigns addresses in the range 192.168.1.100 to 192.168.1.149.

Example DHCP Wireless Router Settings

If a router does not have enough IP addresses for the devices that need to connect to it, APIPA IP addresses (from 169.254.0.0 – 169.254.255.255) are assigned to devices arriving after the pool of addresses are used up. APIPA stands for Automatic Private IP Addressing which is a feature in Windows-based operating systems that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. The APIPA service checks regularly for the presence of the DHCP server every 3 minutes. If it detects a DHCP server on the network, the DHCP server will replace the APIPA networking address with dynamically assigned addresses.

IP Addressing

An internet protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the internet protocol for communication. An IP address serves two main functions: host or network interface identification and location addressing. A SOHO router comes with a default IP address.  This IP address is a special type known as a private address.

NIC Configuration Steps

A PC may have several different NICs to allow for connection to a network over the wire, WiFi, or virtually.  Once you select the NIC that matches the method of connecting, you can choose the protocol and configure network access. The following is how to go about configuring a NIC on a Windows-based computer:

  1. Click the Windows icon and select the Windows Settings gear.
  2. In the Windows Settings window select the Network & Internet link.
  3. When you see the different connection options, select the one you want and click Change Adapter Options.
  4. Choose the adapter you want to configure (in this case, Ethernet) and click on the Properties button.  A list of items available to the NIC are listed.  Note that in the example, both IPv4 and IPv6 are checked, making them available to the NIC.
  5. Double-click on Internet Protocol Version 4 (TCP/IPv4).  You now see the window where the IP address is configured dynamically or statically.
  6. Assign the address or leave the default DHCP options and click OK to accept any changes.
NIC Configuration

End-User Device Configuration

Configuring end-user devices such as printers, mobile phones, etc. is very similar to that of configuring NIC. End-user devices that are looking to connect to a DHCP will auto-configure themselves. Devices that need to be configured manually, the process is mostly the same as that for NICs.  To access the configuration windows, you may need to visit the manufacturer’s support site.

Internet of Things (IoT) Device Configuration

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The definition of IoT has evolved due to convergence of multiple technologies, real-time analytics, machine learning, commodity sensors, and embedded systems. Traditional fields of embedded systems, wireless sensor networks, control systems, automation (home & building), and others all contribute to enabling IoT. In the consumer market, IoT technology is most synonymous with products pertaining to the concept of the “smart home”, including devices and appliances that support one or more ecosystems, and can be controlled via devices associated with that ecosystem, such as smartphones and smart speakers. The software to manage IoT devices can be installed on computers or mobile devices.  Typically, a vendor of an IoT product develops a mobile app to monitor and manage the product. The A+ certification exam will focus primarily on IoT devices such as:

  • Thermostats
  • Light switches
  • Security cameras
  • Door locks
  • Voice-enabled smart speakers/digital assistants
Smart Home Technology

Cable/DSL Modem

Most SOHO networks use a wireless router, and it must be connected to the modem.  Simply plug one end of an Ethernet cable into the cable or DSL modem and plug the other end into the RJ-45 jack labeled “internet”.  Attach the local devices to the wireless router with Ethernet cables in the remaining ports or via WiFi.

Basic QoS (Quality of Service)

Quality of service is the description or measurement of the overall performance of a service, such as telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network. QoS is very important when it comes to streaming media, gaming, or VoIP services. QoS prioritizes real-time and streaming traffic. Depending on the router, QoS can simply be turned on and off (basic QoS), or it can be tweaked by specifying services to prioritize, whether to optimize for gaming, and uplink/downlink speeds to use. QoS can also be configured by an internet service provider (ISP). If an ISP is performing QoS optimization, changes you make on your router will not improve your traffic.

UPnP (Universal Plug and Play)

UPnP is a set of networking protocols that permits networked devices, such as PCs, printers, internet gateways, WiFi access points and mobile devices to seamlessly discover each other’s presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices. UpnP is widely used for media streaming across a network. UPnP can also be very vulnerable to attacks, so if you do not use streaming media or other UpnP services, it is best to disable it.

WiFi Encryption Types

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include WiFi networks. Several types of encryption are available on most SOHO routers, and you need to select and enable the appropriate one.

WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy (WEP) was the first type of wireless security developed.  WEP was introduced with the 802.11b & 802.11a wireless networks. When WEP was first introduced, the password could only be ten hexadecimal (0-9, A-F) or five ASCII (A-Z, 0-9) characters long.  The password was encrypted as a 64-bit key. Later, WEP devices started using 26-character hex or 13-character ASCII passwords that were encrypted into a 128-bit key (much harder to guess). Some types of corporate network hardware support 256-bit encryption; this can only be used if all other devices on the network also support 256-bit encryption.  WEP keys generally are based on hexadecimal values (characters 0-9, A-F), although some devices can use decimal values (characters 0-9, A-Z, a-z). The limited character set, short key length, and weaknesses in how WEP authentication take place have made WEP obsolete. It was supported by 802.11g, but not by later versions.

WPA (WiFi Protected Access)

A more powerful encryption standard called WiFi Protected Access (WPA) replaced WEP with the introduction of 802.11g.  Software and firmware updates were made available by many vendors for the older 802.11b and 802.11a devices to add WPA support.  WPA also uses a pre-shared key (PSK), but unlike WEP, the key can be of varying length (up to 63 ASCII characters, including punctuation), the original key is used as the basis for frequent changes, and it is encrypted using Temporal Key Integrity Protocol (TKIP) encryption.  TKIP has many features that make it stronger than WEP.

Side Note: In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

WPA2 (WiFi Protected Access 2)

Wireless Protected Access 2 (WPA2) is an improved version of WPA.  WPA2 uses the even stronger Advanced Encryption Standard (AES) encryption technology.  When possible, use WPA2 (also known as WPA/AES) on your wireless network. If your wireless router/access point has a WPA/WPA2 setting, it can support either type of encryption on the same network.  Use this option if you have devices that support WPA but do not support WPA2.

WPS (WiFi Protected Setup)

WPS is a network security standard to create a secure wireless home network. The point of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up WiFi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. Routers that support WPS typically have the default WPS key on the bottom of the device. To use WPS, use the setup software provided with the router on each computer and follow the directions on devices such as printers or multifunction devices. WPS should be used only if all devices on a wireless network support it. There are two ways to use WPS:  the default PIN method, in which the PIN on the router is used to set up clients, and a push button method, in which a physical or software button is pushed on the router and clients to set up the network.

WPS Setup Button
Wireless Encryption Types