A plus 220-1001 Exam Objective 2.3

A+ 220-1001 Exam Objective 2.3

2.3 Given a scenario, install and configure a basic wired/wireless SOHO network.

Router/switch functionality

SOHO networks will usually contain a number of switches and at least one router. Looking at the switch first, a switch operates at layer 2 of the OSI model. It is responsible for providing collision free, full duplex communications between network hosts using MAC addressing. A switch can accommodate different speeds such as 10/100 Mbps and Gigabit connections without data loss. Consider the switch as a LAN device.

The router operates at layer 3 and uses IP addresses to identify other routers, enabling Internet connectivity. Switches connect to routers to access all external content. Since the router receives MAC addresses with the switch communications, the router can control access with MAC filtering.

Access point settings

A wireless access point (WAP) can be configured, through its web-based setup page, to extend the range of your existing wireless network. This is accomplished by configuring the WAP using the existing SSID. WAPs can also be configured as wireless repeaters.

NIC configuration

Your network interface card (NIC) lets your device access the network. Your connection can be wired or wireless but will require an IP address, subnet mask, DNS server and default gateway.

Wired

You can see the MAC address, status, and link speed while viewing the properties for the Ethernet connection along with the DHCP status and address. The IPv4 and IPv6 properties are also shown including the device addresses, default gateway, and DNS Servers. Manual configuration is performed in the Network and Sharing Center where you can configure the information discussed above, the subnet mask, and configure an alternate configuration.

Ethernet Settings in Windows 10

Wireless

Your wireless NIC configuration settings will be essentially similar to the wired settings. You will see that the wireless connection has obtained both IPv4 and IPv6 addresses that are operational with the IPv6 having both link-local and global addresses. Also note the two gateways. Further configuration details are not displayed, such as the SSID, but are required, particularly the encryption settings which are set manually in the Network and Sharing Center.

Wireless NIC Settings in Windows 10

IoT device configuration

The concept of the Internet of things (IoT) describes the many diverse things that can communicate and be controlled wirelessly using the Internet via a smartphone app. This technology is useful in business but your interaction with the IoT will probably begin at home. The technologies used in this operation will be discussed in the next article. For now, we’ll identify them as Wi-Fi, Bluetooth, Zigbee and Z-Wave.

Devices can be controlled directly by your smartphone or a voice activated digital assistant. With the right equipment, you can adjust your thermostat on the way home, to set your preferred temperature, and turn on the lights. An important benefit of IoT is the ability to lock your doors. At some point, all of us have been away and have wondered if we locked the door. Now, simply tap an icon in your app and the door is locked.

Home security has benefited greatly from IoT devices. Besides locking the doors, motion activated cameras with speakers can be installed to watch for intruders or parcel thieves as well as allow you to communicate with them. That’s a great deterrent. Your voice activated internet connected digital assistant will help you keep track of your devices.

Cable/DSL Modem Configuration/ Wireless settings

Encryption/ Channels

The 802.11 family of wireless standards uses one channel to communicate. This channel is set by the network administrator, in a business environment, or the home user, in a SOHO environment. As you will see, the available channels are not plentiful as there are between 1 and 3 channels that you can use in the 2.4 GHz band. We will focus mainly on the SOHO deployment here per the objectives. In the 5GHZ band there can be as many as 8 channels. In the US, the 5GHZ band is subject to Federal Communications Commission (FCC) restrictions limiting to four channels in the lower end of the band (5.250–5.350 GHz) and five in the upper end of the band (5.470–5.725 GHz).

5 GHz Modem/ Router Configuration Panel

You can see the absence of the reserved channels by reviewing the available channels and noting the gap between Channels 48 and 149. 149 is the default setting so we’ll leave it alone. If there are connection problems, check the channel and ensure the Mode supports all of your devices. Also in our case, switch to another channel, possibly in the lower end of the band. You can also choose your encryption type which could prevent connections in the case of a mismatch. Most residential SOHO routers default to WPA/WPA2 (TKIP/AES), allowing most devices to communicate their credentials and start a session. The WPA2 (AES) method is faster if your devices support it.

Port Forwarding

The port forwarding technique allows incoming connections, on a particular port or port range, to be delivered to a single specific address or host on the LAN. This is quite useful if you are running a Web server as you’d want all new inbound traffic on port 80 to go to that device only. This requires no action on the server’s part since it will respond to specific valid requests. Here’s how that configuration would look on a SOHO. Your inbound port 80 traffic, from your public IP address, would be directed to the Private IP of the server.

Port Forwarding Configuration Panel

Port Triggering is a variation on this process and requires an outbound communication to “trigger” that port to receive traffic. This inbound connection will only be available during a session after which it timeout.

IP Addressing

Next on our list is the Dynamic Host Configuration Protocol (DHCP). I can’t say enough good stuff about this. Imagine having 50 or so users who need to connect to not only the LAN but the internet as well. This is small considering what you will face in the field. However without DHCP, you would have to enter each device configuration individually on each device. This includes a complete address (IPv4 and IPv6), the subnet mask, the default gateway, and DNS servers.

DHCP automatically sets up the entire configuration, saving you the headache of manual configuration. In some cases, for example machines that should not “move” in terms of their addressing such as web, DNS, and email servers, these machines would use static or manual addressing for reliable discovery by all clients. Here is a typical residential/SOHO configuration. Examine the configuration and picture manually adding this to each client along with the DNS settings.

DHCP Configuration Panel

DMZ

You know by now that a DMZ (Demilitarized Zone) is a network area outside of your private network that is exposed to any and all traffic on the internet. On the surface, this just looks like trouble. However, there are good reasons to have this zone. Your web server for example is a prime example of effective DMZ utilization as the web server can get hammered with traffic and your LAN will be impervious to it. The services you offer can be delivered without risk.

The main aim is to have a DMZ server receive the traffic that would normally get dropped by the firewall. The most important point in this configuration is that the hosts in the DMZ cannot connect to the LAN. The LAN on the other hand can connect to anything in the DMZ and the untrusted public network (internet). The DMZ server has access to everything entirely except your LAN.

NAT

NAT stands for Network Address Translation and concerns the translation of one network address to another address. This, in the vast majority of cases, allows the translation of a group of private addresses to communicate externally through a single address, such as the static public address assigned to you by your ISP. This many-to-one concept is a common practice, even for large organizations not wishing to expose their networks to the uncontrollable internet.

Network Address Translation – NAT

More often than not and in spite of DHCP, a NAT client will typically get the same address every time it connects, unless other circumstances prevent it such as a small available pool of addresses. This is where the combination of PAT (Port Address Translation) and NAT combine to form DNAT (Destination Network Address Translation). Adding the port to the IP address allows for up to 64,000 addresses to exist from a single IP address.

Basic QoS

It’s easy to envision the need for prioritization of programs and services as there is always contention for bandwidth. The most obvious example of this would be an environment where basic QoS (Quality of Service) is not available and you are on a VoIP phone call. You receive an email and your conversation breaks up for a short period of time. This is because the email program has the same priority on the connection as your phone call. This is easily fixed with QoS.

To enable QoS, each device on the network must have QoS enabled. Most NICs have it enabled by default. Routers and both ends of any communication must also have QoS enabled. The router is one of the main choke points in the service. If you find less than optimal network performance for a particular application, such as video conferencing, you can increase its priority on your router.

Most routers have built-in settings for popular programs. Some can be blocked and others increased or decreased based on your needs. Think carefully about your choices because setting too many programs to the highest priority level does not help. The priority of the network’s use must be carefully evaluated before you make any wholesale changes. Remember that real time A/V communication is dependent on uninterrupted packet transmission and reception and takes precedence over an upload or download.

UPnP

UPnP provides automatic discovery of available hosts and services on the local network. It should be used with caution as it is easily exploitable by hackers. If you use UPnP, many of your security measures are overridden.

Whitelist/blacklist

Network access can be permitted or restricted based upon whitelists and/or blacklists. Routers and switches can be configured to enforce a blacklist which allows network access to everyone except those listed on the blacklist. Conversely, a white list blocks all traffic except those on the whitelist.

MAC filtering

In addition to white/black listing, network devices can implement MAC filtering. This technique uses the filter list to permit access to the devices on the list. This process becomes more tedious as a network grows.

Well that’s it for 220-1001 2.3! You are getting there. Keep on rolling and good luck on the test!

Click here to go back to the A+ Main Domain 2.0 Table of Content

By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.