8/13/2019 Building a Soho Network
1/20
chapter
534
Building a SOHONetwork
There are three kinds of death
in this world. Theres heart
death, theres brain death, and
theres being off the network.
GUYALMES
In this chapter, you will learn
how to
Describe the major steps toconsider when designing a SOHO
network
Describe and implement a SOHO
network, including solving
assorted problems
Explain how security comes
into play while building a SOHO
network
The time has come for you to take what you learned in previous chapters
and apply that knowledge to creating a product: a real, functioning
network. This chapter walks you through the steps for building a typical smalloffice/home office (SOHO) network from the ground up, using the tools
provided in earlier chapters to handle the entire process. This network needs to
include structured cabling, wireless, operating systems, Internet connectivity,
and network/system security. The network must have servers, workstations,
and printers installed. Ill also add a few troubleshooting tips beyond what was
discussed in other chapters.
19
8/13/2019 Building a Soho Network
2/20
Chapter 19: Building a SOHO Network 535
Historical/Conceptual
Building a SOHO network is a big job, so lets break it into three discrete
steps. First, you need to plan the process. To do this, Ive created my own
checklist to help you think about what needs planning. Second, theres the
actual process of building the SOHO network. Ill walk you through this
process, from running the cables to installing anti-malware software. Third,Ill discuss security and youll see that, although security isnt on the check-
list, its actually part of almost every section of the checklist.
This chapter is unique. I want you to look at an entire network and
see it as a whole so you gain a broad understanding of how it all works. I
wont rehash procedures or technologies already covered in earlier chap-
ters. Instead, Ill cover the building of a SOHO network from a higher level,
dealing with individual scenarios that you might encounter as you build
the network after its running. Be warned! Youll probably find yourself
jumping back to earlier chapters to consider issues in this chapter.
Test Specific
Designing a SOHO NetworkThe CompTIA Network+ exam doesnt define a list titled The xSteps to
Design and Build a Network. As youve read this book, however, youve
probably discovered what needs to happen. For this chapter, Ill use the fol-
lowing list. It may not be perfect, but Ive built hundreds of networks using
these steps.
1. List of requirements Define the networks needs. Why are you
installing this network? What primary features do you need?
2. Network design What equipment do you need to build this
network? How should you organize the network?
3. Compatibility issues Are you using existing equipment,
applications, or cabling that have compatibility issues?
4. Internal connections What type of structured cabling do you need?
Does this network need wireless?
5. External connections How do you connect to the Internet?
6. Peripherals How will peripherals come into play? Are youconnecting any printers, fax machines, or scanners?
7. Security How will you deal with computer, data, and network
security?
Although Ive numbered them here, these steps might come in any order.
Even though network security is in the seventh position, for example,
This list happily ignores afew important issues such as
costs vs. budget, time to install,
and so on. While you should
definitely consider these when
constructing your own network,
the CompTIA Network+ exam
isnt very interested in them.
8/13/2019 Building a Soho Network
3/20
8/13/2019 Building a Soho Network
4/20
Chapter 19: Building a SOHO Network 537
only supports their current projects. They also have a few individual serv-
ers running a number of different operating systems used for research.
Every employee will get a computer running Windows 7 Ultimate and the
latest version of Microsoft Office. Employees need access to shared folders
on the file server for personal storage as well as shared access to customer
information. All employees need to print documents as well as send and
receive faxes. All employees need access to a telephone.
Two of the employees work full time on graphics, including photog-
raphy and video. They need cameras, scanners, and a high-quality color
printer. The nature of their work compels them to have an Apple Mac Pro
computer running the latest version of OS X, in addition to their Windows
systems.
Defining network needs never actually ends. All networks are highly
evolving entities and new ideas, applications, and equipment appear on an
ongoing basis.
Network DesignNow you need to work on the finer details. Network design quantifies the
equipment, operating systems, and applications used by the network. This
step ties closely with Step 3, compatibility issues.
You need to address the following equipment:
Workstations
Servers
Equipment room
Peripherals
Workstations
The company has eight employees. Each needs a late-generation Windows
system (Windows 7) running Microsoft Office 2010. Additionally, two
employees need a late-generation Mac running OS X; these machines will
not have Office.
Servers
The network needs three file servers. You have a lot of flexibility here,
as the users simply need two places to store data and some way to run
multiple research and development (R&D) systems. The R&D machines
are perfect candidates for virtualization, so you can add a third server for
storing these.
Network needs are tough
to quantify. Dont try to dig too
deeply here, as many issues can
be assumed such as Everyone
will want a mouse on their PC.
Try to stay with job functions
and what the network needs to
do to support those functions.
Try This!What Are Your Needs?
Imagine the coolest home network youve ever desired. What wouldthat network look like? What would it do for you? Go ahead and sketch
up a sample floor plan. Keep this floor plan handy for other Try This!
sections in this chapter.
8/13/2019 Building a Soho Network
5/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks538
Most people really enjoy the single sign-on convenience of a Windows
domain, so youll use a single Windows Server domain controller. Granted,
if you really wanted to do things right, you would add a second domain
controller, so why not virtualize the two file servers? You can get two copies
of VMwares ESX Hypervisor.
The network now has three file servers, all virtualized with the follow-
ing virtual machines:
Server #1 Windows Server 2008Server #2 Windows Server 2008
Server #3 A number of virtualized operating systems from
Windows 95 through Windows 7. Also two versions of Linux:
Ubuntu and Debian.
Equipment Room
An equipment room will act as the intermediate distribution frame (IDF)
for the network. (See Chapter 6 for the details on the IDF.) All systems will
tie into a single, managed, 24-port gigabit switch on a rack mount. The rack
will be a floor-to-ceiling rack with a rack-mounted UPS.
Peripherals
MHTechEd has a small office, so youll pur-
chase a single high-capacity, networked laser
printer and a color inkjet printer. The graphics
folks picked a printer that doesnt have a NIC,
so youll just install the printer onto one of the
Macs and share the printer.
The office doesnt do a lot of faxing or scan-
ning, so a typical All-in-One device should
work perfectly. I found one that shares the fax
system across the network (sweet!), enablinganyone to convert almost any document into a
fax. This groovy machine connects to the net-
work via Gigabit Ethernet or wirelessly over
802.11g (Figure 19.3). Scanning isnt quite as
handy. All scanned documents go straight
to the machines built-in storage, where it is
shared as a folder on the network. Its not per-
fect, but for $249, the company is happy.
Tech Tip
Network AttachedStorage
Many small networks avoid
using a full-blown file server
and instead take advantage of
inexpensive and reliable network
attached storage (NAS) devices.
Technically, an NAS is a computer
thats preconfigured to offer file
storage for just about any type
of client. Most NAS systems
use the Common Internet File
System (CIFS) configuration to
create a plug and play (PnP) type
of device. These devices include
features such as RAID to make
storage safer.
Figure 19.3 MHTechEds cool All-in-One machine
Try This!Your Network, Your Equipment
Continuing from the previous Try This! decide what equipment you
want for your own home network. Surely youre going to add a home
theater PC, but what about a separate media server? Do you want a
computer in the kitchen? Would you like a rack in your house? Can you
find a smaller rack online? Can you wall-mount it? Make a list similar to
the one in this section and keep it handy for more Try This! sections.
8/13/2019 Building a Soho Network
6/20
Chapter 19: Building a SOHO Network 539
Compatibility IssuesMHTechEDs new building recently added more rooms to their office. The
equipment room still has runs going to rooms 1, 2, and 6, but these runs
are only CAT 5e. Three new rooms have been added, but they need CAT 6.
You could run CAT 6 into the old rooms, but the boss said No to save
money (Figure 19.4). MHTechED has a very nice Cisco 802.11g WAP. The
boss wasnt happy when you bought a new 802.11n WAP for almost $1,000,
because the old one still works fine.
Figure 19.4 CAT 5e and CAT 6 drops in the MHTechED office
The few existing applications the company needs to bring along will
work perfectly on the new PCs and Macs: namely Peachtree 2012, AdobeIllustrator CS5, and Final Cut Studio.
Try This!Whats Compatible?
If you were building a new home network from scratch, which of your
existing parts could work in the new network? Do you have older
equipment that might have compatibility issues, like an old 10BaseT
switch or router?
If you needed to use all of your old equipment, visualize your new net-
work connecting to it and how you might get around some of these issues.
Does your old printer have a way to connect to the network directly?
Where would you connect your Xbox 360? What if you have older TVs?
Will they work with a powerful, HDMI-equipped video card?
Create an inventory of your old equipment and jot down any com-
patibility issues you might imagine taking place.
8/13/2019 Building a Soho Network
7/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks540
Internal ConnectionsNow that you have an idea of your equipment and what you want to do
with it, you need to get everything properly connected using structured
cabling. You should also begin to install your 802.11 network. Once you
connect all your equipment, configure your internal VLANs, IP address
scheme, DHCP/DNS servers, gateway, and so on.
The SwitchMHTechED is small enough to use a single switch to handle all the
interconnections. Their switch needs two features: VLAN support and
Power over Ethernet (PoE) to support the WAP. They have a Cisco 3750
switch that handles all of this quite nicely, so theyll stick with what
they have.
Structured Cabling
Setting up good structured cabling for MHTechED is a breeze. Like most
office buildings, this building has plenum space over everything for hori-
zontal runs and simple sheetrock walls for installing drops. You shouldntrun into any fire stops or heavy machinery.
Dont forget what you learned in Chapter 6. Now is the time to verify
the exact location of your drops as well as where all horizontal runs come
into the equipment room. Estimate the distances so you dont go over the
cable length limits.
Although you can probably do the work yourself, hiring a professional
can save on time and stress. Get a good floor layout, get on the phone, and
call a professional installer. When he or she finishes the job, make sure
you have
Clearly labeled runs
The length of all runsCAT ratings on all runs
The floor plan showing all runs
Since youve hired an installer, you might as well look at your phone
lines as well. Want the fax machine in the hall? No problem, but MHTechED
needs to make sure it has access to an RJ-11 outlet. Running a PBX system?
Verify all the phone lines and PBX lines run to a patch panel.
Cross CheckCAT 5e in a CAT 6 Network
You learned about CAT levels in Chapter 5, so check your memory asyou read about the mixed CAT 5e and CAT 6 runs. What is the maxi-
mum throughput for CAT 5e and CAT 6? How might these different
cable runs affect your network? What would be the fastest backbone
switch to use in this network?
8/13/2019 Building a Soho Network
8/20
Chapter 19: Building a SOHO Network 541
Electrical and Environmental Limits
Youve got to be careful when installing racks in places where
no rack has ever been. Watch out for electricity and environment
issues. Its never a good idea to run your network equipment on
anything other than a very high-amperage dedicated circuit. Fig-
ure 19.5 shows the dedicated circuit in MHTechEds equipmentroom. Those plugs are not in circuit with any other plugs!
Environment is an equally big gotcha. Dont turn a typi-
cal closet into rack space without making serious environmental
changes first. For very small single racks, you can get away with
the existing air conditioning. Keep in mind, however, that the same
ventilation that keeps a single person cool will not be enough to
keep the rack cool. If youre making a new rack, call building ser-
vices and get them to dump extra air into that room!
Wireless
MHTechED has lots of customerswho walk in and need to see prod-
ucts online while in the office. To
make this easier, MHTechED is
going to create a well-locked-
down 802.11 network. Because
the boss wont let them upgrade
to 802.11n, they choose to place
the single WAP centrally in the
office, as shown in Figure 19.6.
Given the small size of the office,
this single WAP should do well.
Theres no power or networkdrop here, however. Good thing
you hired those installers! It's
time to add another drop. Power
wont be a problem because the
WAP supports PoE.
Cross CheckTime for Virtual PBX?
You learned about virtual PBX in Chapter 17. With old-school PBX on
its way out, should MHTechED consider a virtual PBX solution? If the
company already has phone lines running to a central location, what
type of virtual PBX should MHTechEd use: an in-house virtualized
server solution or a NaaS solution like Virtual PBX (virtualpbx.com)?Recheck Chapter 17 and do some online research to develop a solution.
Remember that MHTechED will want an 800 number and at least three
incoming lines, plus a fax line.
Figure 19.5 Dedicated circuit
Figure 19.6 Placement of WAP in network
8/13/2019 Building a Soho Network
9/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks542
VLANs
These days, you wont find many networks that dont use VLANs. Even
though MHTechED uses a small network, the company plans to separate the
wireless devices, the virtual R&D machines and special server, the switch,
and the router management tools into separate VLANs from the main net-
work VLAN. The wireless VLANs will make it substantially harder to hackinto the main network wirelessly.
Placing all of the R&D virtual machines into a VLAN will help prevent
anyone playing on these test machines from hurting the main network.
Figure 19.7 shows a lights-out management (LOM)program running on a
Dell server being configured for VLAN200. These LOMs are special com-
puter within a computer features built into better servers, designed to give
you access to a server even when the server itself is shut off.
Figure 19.7 Lights-out management
Cross CheckInstall That Wireless!
Chapter 15 goes into great detail on the process of installing a wireless
network. Generate a list of steps that the installer must go through to
get the WAP properly configured. Keep in mind that this is a pure WAP,
not a wireless router. Remember to include steps for dealing with PoE,
SSID, VLAN, security, and so on. After that, go online and price outsome serious enterprise WAPs. Youll have a lot to choose from, but
the Cisco Aironet series has been around for a long time. Find the WAP
that best fits your home network use.
8/13/2019 Building a Soho Network
10/20
8/13/2019 Building a Soho Network
11/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks544
External ConnectionsNo network is an island anymore. At the very least, MHTechEd needs an ISP
so folks can Google and update their Facebook pageser, I mean, get work
done online. In a SOHO network like MHTechEd, you dont have to deal
with many of the issues youd see in larger networks. A typical home-type
ISP (DSL or cable) should be more than enough for them in terms of band-
width. On the other hand, MHTechEd needs to be connected to the Internet
all the time (or pay the price in lost business), so the company should con-sider a second ISP as a fallback plan in case the primary ISP fails.
Choose a Gateway Router
A serious business cant get away with a cheap home router. It needs some-
thing that fires up quickly, runs dependably, and never locks up. Thats
why MHTechEd chose a real battleship
of a router: the Cisco 2811. This router
comes with two fixed 100BaseT Eth-
ernet ports (Figure 19.8) and plenty of
extra slots to add even more NICs. Its
a good firewall, too, and supports NAT.Unfortunately, the Cisco 2811 only sup-
ports 100BaseT. Depending on whats
available in your area, that router might
need an upgrade soon.
As youll see in the next section,
MHTechEd wants to connect to two dif-
ferent ISPs as a safety feature. To support
Try This!Paper Router Table
Assume MHTechEd has two static Internet connections:
ISP A ISP B
IP Address: 1.5.4.3 IP Address: 11.45.27.3
Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.0
Default Gateway: 1.5.4.1 Default Gateway: 11.45.27.1
Using the internal IP address scheme discussed earlier in this chapter
(10.11.12.0/24) and the predefined default gateway (10.11.12.1), write
up a four-line paper routing table.
Using the Cisco naming conventions, your router has three Ethernet
ports: Fa0/0 connects to the local network; Fa0/1 connects to ISP A; andFa0/2 connects to ISP B. Run r out e pr i nt from a Windows command
prompt to remind you of the data needed to make a routing table. Make
sure you have at least three routes:
Default route to the Internet when ISP A is working
Default route when ISP A is notworking (clue: metrics)
Local traffic route
Figure 19.8 Fixed 100BaseT ports on Cisco 2811
Cisco would prefer that
small businesses use their ASA
series of security appliances
over the 2800 series of routers.
Go to www.cisco.com and
compare a Cisco ASA 5540 to
the Cisco 2811.
8/13/2019 Building a Soho Network
12/20
Chapter 19: Building a SOHO Network 545
this, the company needs to add an extra port to the 2811. Luckily, the 2811 is
designed to accept special high-speed WAN interface cards (HWICs), router
expansion cards that make adding the third port easy (Figure 19.9).
Figure 19.9 Cisco HWIC card
Most good routers and switches come with interchange-
able components, enabling manufacturers to make a base
model device and then offer components to address each
customers individual needs. These components come in a
number of different shapes and sizes. In Chapter 5, you saw
a gigabit interface converter (GBIC) that gives customers the
ability to match their router and switch connections to what-
ever type of fiber already exists in their location. Youve now
seen the Cisco HWIC as well. Another popular module used
by Cisco is their Small Form-Factor Pluggable (SFP)connector,
used in many Cisco and other brand switches (Figure 19.10).
Note that the SFP is designed exclusively for fiber networks.You can easily install these modules. Turn off the router
or switch, remove a protective plate (if one exists), plug in the
module, and turn the switch/router back on. Assuming the device is in
good working order, the switch or router will automatically recognize the
new connectors and youll be able to do whatever youd do with any con-
nector: add it to a VLAN, configure its speed/duplex, apply an IP address
(on router ports), and so on.
If you install a module that doesnt work, use the same tests that youd
perform on any port on a switch or router. The fact that these are modules
doesnt change the troubleshooting tools youve learned about in earlier
chapters. Ive listed some of the most common problems with modules and
what to do to fix them:
Did you plug the wrong type of cable into the new port (single-mode into
multimode, for example)?Make sure you use the right cabling for the
new connection.
Are the link lights working? Is the new port properly connected? Its just
as easy to plug a bad cable into a module as it is to plug it into a
regular port. Make sure the device on the other end of the cable
works, too!
Figure 19.10 NETGEAR SFP
8/13/2019 Building a Soho Network
13/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks546
Does the switch/router recognize the new module in the maintenance
Web page/utility/whatever?If it doesnt, you need to contact the
manufacturer. In most cases, you can fix it by replacing the
module.
Choose an ISP
Before you choose an Internet service provider, ask yourself, What is avail-able at my location? If youre constructing a network in an existing office
building, also ask, Whats already installed that I can tap into? Once an
ISP makes some form of endpoint in a building, you can easily (and inex-
pensively) connect to that ISP as opposed to finding your own. Addition-
ally, many office buildings offer Internet connectivity as part of the lease
agreement or at least tell you what ISP already connects to the building.
After making a few calls to building management, MHTechEd learns
that an ISP already provides 100BaseT, Metro Ethernet service. The ISP
promises 5 Mbps throughput and is prepared to get them up and running
in just a few days (they need to run a 100BaseT connection from the demarc
in the basement up to MHTechED). Additionally, MHTechEd is also pur-
chasing a commercial account from the local cable provider.
ISPs and MTUsI discussed the Maximum Transmission Unit (MTU) in Chapter 8. Back in
the dark ages (before Windows Vista), Microsoft users often found them-
selves with terrible connection problems due to the fact that IP packets were
too big to fit into certain network protocols. The largest Ethernet packet is
Try This!
Customizing Your 2811Do some research to see how many different types of HWICs are avail-able for the 2811. Youll find quite a few! Also check out a single series
of Cisco router. Try the 2800 series, if youd like, but also consider
investigating another series such as the 3800 line. Pick three routers in
the series and determine the difference among the three. Answer this
question: What is the significance of the last two digits of a routers
model number?
Try This!
Whats Available in Your Building?Home networks wont have a preexisting ISP. You need to determine
which ISPs provide service in your neighborhood. Fortunately, theres
a great Web site designed to help you see what you can get: www
.broadbandreports.com. Go the site, select the Find Servicemenu, and
enter your ZIP code (sorryUSA only). Even if you already have an
Internet connection at your house, see if you can find a better deal
than the one you have. How much money can you save per month?
8/13/2019 Building a Soho Network
14/20
Chapter 19: Building a SOHO Network 547
1500 bytes, so some earlier versions of Windows set
their MTU size to a value less than 1500 to minimize
the fragmentation of packets. The problem cropped
up when you tried to connect to a technology
other than Ethernet, such as DSL. Some DSL carri-
ers couldnt handle an MTU size greater than 1400.
When your networks packets are so large that they
must be fragmented to fit into your ISPs packets, we
call it an MTU mismatch.
As a result, techs would tweak their MTU set-
tings to improve throughput by matching up the
MTU sizes between the ISP and their own network.
This usually required a manual registry setting
adjustment, although some older versions of Win-
dows used third-party programs like Dr. TCP (Fig-
ure 19.11). This process is called matching up mis-
matched MTU settings.
Around 2007, Path MTU Discovery (PMTU), a new method to determine
the best MTU setting automatically, was created. PMTU works by adding
a new feature called the Dont Fragment (DF) flag to the IP packet. APMTU-aware operating system can automatically send a series of fixed-size
ICMP packets (basically just pings) with the DF flag set to another device to
see if it works. If it doesnt work, the system lowers the MTU size and tries
again until the ping is successful.
You can imitate this feature by running a ping yourself. Open a com-
mand prompt and run the following command:
ping www.totalsem.com -f -l 1500
You should get results similar to the following:
Pinging www.totalsem.com [216.40.231.195] with 1500 bytes of
data:Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 216.40.231.195:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Try running the ping command again, this time setting the MTU size
smaller:
Dr. TCP is an old program
and does not work on Windows
Vista or 7. Dont use it anymore;
you dont have to, either,
because of Path MTU Discovery.
Figure 19.11 Adjusting the MTU settings in Dr. TCP
C:\>ping www.totalsem.com -f -l 1400
Pinging www.totalsem.com [216.40.231.195] with 1400 bytes of data:
Reply from 216.40.231.195: bytes=1400 time=81ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=85ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=134ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=144ms TTL=51
Ping statistics for 216.40.231.195:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 144ms, Average = 111ms
8/13/2019 Building a Soho Network
15/20
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks548
Imagine the hassle of incrementing the MTU size manually. Thats the
beauty of PMTUyou can automatically set your MTU size to the perfect
amount.
Unfortunately, PMTU runs under ICMP; most routers have firewall
features that, by default, are configured to block ICMP requests, making
PMTU worthless. This is called a PMTU or MTU black hole. If youre having
terrible connection problems and youve checked everything else, you need
to consider this issue. In many cases, going into the router and turning off
ICMP blocking in the firewall is all you need to do to fix the problem.
PeripheralsThe MHTechEd requirement list defined the following peripherals:
One high-speed laser printer hooked directly to the network
One color printer connected to a machine to be determined
A combined fax/copier/printer (All-in-One) device primarily
used for faxes
A single scanner connected to a system
This doesnt mean that other printers wont be installed, but these are
the base needs in terms of peripherals.
Since the color printer and the All-in-One have already been
purchased, or at least already decided upon, MHTechEd only needs
to purchase the big laser printer. MHTechEd chooses a Hewlett-
Packard M9050 like the one shown in
Figure 19.12. These are very popular,
high-speed, and network-capable out
of the box. Theyre also built like tanks
and will last a long time.
Only the big laser printer and the
All-in-One box will connect directly
to the network. To make things con-
venient, install both of these in Office
2 (Figure 19.13). Oops! I forgot yet
another drop for a run to the laser
printer. Even though the fax machine
can run wirelessly, lets go ahead and
just run a second drop for the fax
machine.
The CompTIA Network+
objectives use the term MUT/
MTU black holes. Theres no such
thing as MUT so, hopefully,
CompTIA will have fixed this
by the time youre reading
this book.
Figure 19.12 HP M9050
Try This!Make Your Own Networked Printer
Putting a printer directly onto the network as opposed to sharing it
through a PC has some big benefits. First, the printer doesnt need a run-
ning PC to be accessed. Second, heavy print jobs wont slow down any
PCs. Third, less running equipment saves purchase costs and energy.
But what if your printer on your home network doesnt have an Ether-
net connection? Go online and see if you can find devices that enable
you to interconnect a USB printer to an Ethernet network.
Figure 19.13 Location of fax machine and printer
8/13/2019 Building a Soho Network
16/20
Chapter 19: Building a SOHO Network 549
SecurityThinking about network security is like thinking about network electricity:
security is not really a single step but an integral part of all the steps. Two
chapters of this book, Chapter 11 and Chapter 16, already do a great job of
covering these issues. Now I need to describe how to secure the MHTechED
network. Going forward with that idea, here are the previous six steps with
some of the security issues that come into play during each step:
List of requirements1. What are MHTechEDs security needs?
Heres a small subset:
Anti-malware on all systemsA.
Firewall with ACL capacityB.
Security from equipment theftC.
Wireless encryptionD.
Wireless network isolationE.
Network design2. You need to make sure MHTechEd has the
equipment that satisfies the requirements listed in Step 1.Microsoft Security Essentials on all systemsA.
A built-in firewall on the Cisco 2811B.
Door locks, deadbolts, motion sensors all tied to a securityC.
monitoring company
WPA Personal Shared KeyD.
WAPs that support isolationE.
Compatibility issues3. Will there be security issues with the older
equipment? Can the old WAP support WPA2 PSK?
Internal connections4. What do you need to do to protect the
internal network from threats and failures?
Verify anti-malware is installed and updatedinstall MicrosoftA.
Security Essentials and configure for automatic updates.
Document the location of all PCs and their associatedB.
connections.
Configure servers to use RAID 5.C.
For power failure, use four 5000-joule, rack-mounted standbyD.
power supplies in the equipment room: three for servers and one
for all routers, switches, and so on.
Install removable hard drives for backup. Contract for offsiteE.
backup.
Configure domain for strict password security.F.
External connections5. How do you connect to the Internet?
The network uses the 2811 routers firewall features, but howA.
exactly do you keep it up to date? What, if any, manual ACLs
must you configure?
Peripherals6. Not a traditional security issue.
Be ready for some fairly
complex scenario questions on
the CompTIA Network+ exams.
CompTIA does a great job
giving you some clues about
the scenario questions youll
encounter with the details of
Domain 2.6, as you can see in
Appendix A. Like any CompTIA
question, take your time when
reading the scenario questions.
In many cases, the question
itself hinges completely on
a single word or statement,
making the entire scenario
actually incredibly simple to
answer.
8/13/2019 Building a Soho Network
17/20
550Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks
Chapter 19 Review
Chapter Summary
After reading this chapter and completing the exercises,
you should understand the following about SOHO net-works and troubleshooting.
Describe the major steps to consider when designing a
SOHO network
List of requirements Define the networks
needs. Why are you installing this network? What
primary features do you need?
Network design What equipment do you need to
build this network? How should you organize the
network?
Compatibility issues Are you using existingequipment, applications, or cabling that might
cause compatibility issues?
Internal connections What type of structured
cabling do you need? Does this network need
wireless?
External connections How do you connect to the
Internet?
Peripherals How will peripherals come into
play? Are you connecting any printers, fax
machines, or scanners?
Security How do you deal with computer, data,and network security?
Describe and implement a SOHO network, including
solving assorted problems
Reference the list of requirements to verify that
you are building the network to meet those
requirements.
Network design defines the number of
workstations and servers as well as the operating
systems you choose to run.
Decide if virtualization is a good option for your
server, and, if so, what virtualization hypervisor to
use.
Know whats in the equipment room and how you
will power it.
Determine if existing equipment might cause
compatibility issues and if you can work aroundany limitations.
Decide if it is less expensive in the long run to
replace questionable equipment.
Decide what type of switch to use based on
your needs.
Use structured cabling.
Determine the CAT level installed and if you need
to upgrade any cabling.
Equipment rooms need good air conditioning to
perform well.
Equipment rooms should have at least one
dedicated circuit.
Determined the placement of the WAP in your
SOHO network.
Determine how your network uses VLANs and
what VLANs you will create, along with their
specific jobs.
Pick a DHCP server.
Determine what gateway router makes the most
sense for your network and why. Also determined
if you need to customize your gateway router foryour ISP.
Know what Internet connection options are
available. Your building might already have an
Internet connection. If so, determine if you can
access it and if it is fast enough for your needs.
Most MTU black holes are fixed by enabling ICMP.
Decide what peripheralsprinters, scanners, and
so onare called for by the list of requirements,
where they should be located, and how they will
connect to the LAN.
Explain how security comes into play when building a
SOHO network
Verify anti-malware is installed, updated, and
configured for automatic updates.
Implement a firewall with ACL capacity.
8/13/2019 Building a Soho Network
18/20
551Chapter 19: Building a SOHO Network
Protect yourself from equipment theft. Use door
locks, deadbolts, and motion sensors that are all
tied to a security monitoring company.
Encrypt wireless connections and isolate the
wireless network from the main network. Verify
that your WAPs support isolation.
Configure a security key for your network.
Document the location of all PCs and their
associated connections.
Configure servers for data security.
For power failure, use standby power supplies in
the equipment room.
Install removable hard drives for backup. Contract
for offsite backup.
Configure domain for strict password security.
Keep your firewall up to date and configure ACLs
as necessary.
Peripherals are not a traditional security issue.
Key Terms
compatibility issue (535)
external connection (535)
high-speed WAN interface card (HWIC) (545)internal connection (535)
lights-out management (LOM) (542)
list of requirements (535)
MTU black hole (548)
MTU mismatch (547)
network design (535)
Path MTU Discovery (PMTU) (547)peripheral (535)
security (535)
Small Form-Factor Pluggable (SFP) (545)
Key Term Quiz
Use the Key Terms list to complete the sentences that
follow. Not all the terms will be used.
Determining the type of printers and their1.
location is under the _______________
checklist item.
A(n) _______________ connector is an2.
interchangeable feature of many switches
and routers that makes it easier to connect to
different types offibernetworks.
_______________ is a part of every point on the3.
build-your-own SOHO network checklist.
Determining the type of gateway router is under4.
_______________ in the checklist.
Unblocking incoming ICMP requests will often5.
repair a(n) _______________.
Concern that an old printer may not work with6.
your new Windows 7 computers is an example
of _______________.
You can add ports to many Cisco routers with7.
a(n) _______________.
The section of the checklist where you determine8.
the exact make and model of switch youll use is
_______________.
A new VPN that runs incredibly slowly might be9.
suffering from _______________.
If an operating system uses _______________,10.
you have no reason to adjust the MTU settings
manually.
8/13/2019 Building a Soho Network
19/20
8/13/2019 Building a Soho Network
20/20
553
What Cisco device is used to add ports to a Cisco8.
product?
SFPA.
HWICB.
GBICC.
RepeaterD.
Which of the following is a dedicated computer9.thats preconfigured to offer file storage for many
types of client computers?
Active DirectoryA.
NASB.
PANC.
SPAND.
What type of electrical setup is ideal for a10.
network closet?
Circuits shared with no more than two otherA.
locations
Dedicated circuitB.High-voltage circuitC.
Any circuit will do.D.
Essay Quiz
Give a walk though of all the steps to configure1.a WAP on an existing network. Include adding a
VLAN just for wireless clients.
Using a real-world example with a router that2.
can block incoming ICMP, show how to diagnose
an MTU black hole. Include screen grabs of the
problem and show how to turn off ICMP blocks
on your sample router.
Write an employee training tool for MHTechED3.that describes to the users what to expect on
their systems in the new office. Create a name for
the printers and show the users how to access
them. Create shares for the servers and give
them instructions on what is stored where. Feel
free to use your own creativity to make this as
complete as possible.
Lab Project 19.1
Working with multiple partners, build an entire
network, with each person adding a single
component. Have each person add an item to
a sheet of paper. You have ten workstations,
but feel free to add anything else. Draw a
logical diagram of the network and add an IP
addressing scheme.
Lab ProjectsLab Projects
Lab Project 19.2
Go on a shopping trip to purchase every item
to build a new SOHO network. You must use a
router, two WAPs, a switch, a better laser printer,
and a scanner. Then go on eBay and see how
much you save by buying the same or similar
equipment used.