Building a Soho Network

8/13/2019 Building a Soho Network

1/20

chapter

534

Building a SOHONetwork

There are three kinds of death

in this world. Theres heart

death, theres brain death, and

theres being off the network.

GUYALMES

In this chapter, you will learn

how to

Describe the major steps toconsider when designing a SOHO

network

Describe and implement a SOHO

network, including solving

assorted problems

Explain how security comes

into play while building a SOHO

network

The time has come for you to take what you learned in previous chapters

and apply that knowledge to creating a product: a real, functioning

network. This chapter walks you through the steps for building a typical smalloffice/home office (SOHO) network from the ground up, using the tools

provided in earlier chapters to handle the entire process. This network needs to

include structured cabling, wireless, operating systems, Internet connectivity,

and network/system security. The network must have servers, workstations,

and printers installed. Ill also add a few troubleshooting tips beyond what was

discussed in other chapters.

19


2/20

Chapter 19: Building a SOHO Network 535

Historical/Conceptual

Building a SOHO network is a big job, so lets break it into three discrete

steps. First, you need to plan the process. To do this, Ive created my own

checklist to help you think about what needs planning. Second, theres the

actual process of building the SOHO network. Ill walk you through this

process, from running the cables to installing anti-malware software. Third,Ill discuss security and youll see that, although security isnt on the check-

list, its actually part of almost every section of the checklist.

This chapter is unique. I want you to look at an entire network and

see it as a whole so you gain a broad understanding of how it all works. I

wont rehash procedures or technologies already covered in earlier chap-

ters. Instead, Ill cover the building of a SOHO network from a higher level,

dealing with individual scenarios that you might encounter as you build

the network after its running. Be warned! Youll probably find yourself

jumping back to earlier chapters to consider issues in this chapter.

Test Specific

Designing a SOHO NetworkThe CompTIA Network+ exam doesnt define a list titled The xSteps to

Design and Build a Network. As youve read this book, however, youve

probably discovered what needs to happen. For this chapter, Ill use the fol-

lowing list. It may not be perfect, but Ive built hundreds of networks using

these steps.

1. List of requirements Define the networks needs. Why are you

installing this network? What primary features do you need?

2. Network design What equipment do you need to build this

network? How should you organize the network?

3. Compatibility issues Are you using existing equipment,

applications, or cabling that have compatibility issues?

4. Internal connections What type of structured cabling do you need?

Does this network need wireless?

5. External connections How do you connect to the Internet?

6. Peripherals How will peripherals come into play? Are youconnecting any printers, fax machines, or scanners?

7. Security How will you deal with computer, data, and network

security?

Although Ive numbered them here, these steps might come in any order.

Even though network security is in the seventh position, for example,

This list happily ignores afew important issues such as

costs vs. budget, time to install,

and so on. While you should

definitely consider these when

constructing your own network,

the CompTIA Network+ exam

isnt very interested in them.


3/20


4/20


only supports their current projects. They also have a few individual serv-

ers running a number of different operating systems used for research.

Every employee will get a computer running Windows 7 Ultimate and the

latest version of Microsoft Office. Employees need access to shared folders

on the file server for personal storage as well as shared access to customer

information. All employees need to print documents as well as send and

receive faxes. All employees need access to a telephone.

Two of the employees work full time on graphics, including photog-

raphy and video. They need cameras, scanners, and a high-quality color

printer. The nature of their work compels them to have an Apple Mac Pro

computer running the latest version of OS X, in addition to their Windows

systems.

Defining network needs never actually ends. All networks are highly

evolving entities and new ideas, applications, and equipment appear on an

ongoing basis.

Network DesignNow you need to work on the finer details. Network design quantifies the

equipment, operating systems, and applications used by the network. This

step ties closely with Step 3, compatibility issues.

You need to address the following equipment:

Workstations

Servers

Equipment room

Peripherals

Workstations

The company has eight employees. Each needs a late-generation Windows

system (Windows 7) running Microsoft Office 2010. Additionally, two

employees need a late-generation Mac running OS X; these machines will

not have Office.

Servers

The network needs three file servers. You have a lot of flexibility here,

as the users simply need two places to store data and some way to run

multiple research and development (R&D) systems. The R&D machines

are perfect candidates for virtualization, so you can add a third server for

storing these.

Network needs are tough

to quantify. Dont try to dig too

deeply here, as many issues can

be assumed such as Everyone

will want a mouse on their PC.

Try to stay with job functions

and what the network needs to

do to support those functions.

Try This!What Are Your Needs?

Imagine the coolest home network youve ever desired. What wouldthat network look like? What would it do for you? Go ahead and sketch

up a sample floor plan. Keep this floor plan handy for other Try This!

sections in this chapter.


5/20

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks538

Most people really enjoy the single sign-on convenience of a Windows

domain, so youll use a single Windows Server domain controller. Granted,

if you really wanted to do things right, you would add a second domain

controller, so why not virtualize the two file servers? You can get two copies

of VMwares ESX Hypervisor.

The network now has three file servers, all virtualized with the follow-

ing virtual machines:

Server #1 Windows Server 2008Server #2 Windows Server 2008

Server #3 A number of virtualized operating systems from

Windows 95 through Windows 7. Also two versions of Linux:

Ubuntu and Debian.

Equipment Room

An equipment room will act as the intermediate distribution frame (IDF)

for the network. (See Chapter 6 for the details on the IDF.) All systems will

tie into a single, managed, 24-port gigabit switch on a rack mount. The rack

will be a floor-to-ceiling rack with a rack-mounted UPS.

Peripherals

MHTechEd has a small office, so youll pur-

chase a single high-capacity, networked laser

printer and a color inkjet printer. The graphics

folks picked a printer that doesnt have a NIC,

so youll just install the printer onto one of the

Macs and share the printer.

The office doesnt do a lot of faxing or scan-

ning, so a typical All-in-One device should

work perfectly. I found one that shares the fax

system across the network (sweet!), enablinganyone to convert almost any document into a

fax. This groovy machine connects to the net-

work via Gigabit Ethernet or wirelessly over

802.11g (Figure 19.3). Scanning isnt quite as

handy. All scanned documents go straight

to the machines built-in storage, where it is

shared as a folder on the network. Its not per-

fect, but for $249, the company is happy.

Tech Tip

Network AttachedStorage

Many small networks avoid

using a full-blown file server

and instead take advantage of

inexpensive and reliable network

attached storage (NAS) devices.

Technically, an NAS is a computer

thats preconfigured to offer file

storage for just about any type

of client. Most NAS systems

use the Common Internet File

System (CIFS) configuration to

create a plug and play (PnP) type

of device. These devices include

features such as RAID to make

storage safer.

Figure 19.3 MHTechEds cool All-in-One machine

Try This!Your Network, Your Equipment

Continuing from the previous Try This! decide what equipment you

want for your own home network. Surely youre going to add a home

theater PC, but what about a separate media server? Do you want a

computer in the kitchen? Would you like a rack in your house? Can you

find a smaller rack online? Can you wall-mount it? Make a list similar to

the one in this section and keep it handy for more Try This! sections.


6/20


Compatibility IssuesMHTechEDs new building recently added more rooms to their office. The

equipment room still has runs going to rooms 1, 2, and 6, but these runs

are only CAT 5e. Three new rooms have been added, but they need CAT 6.

You could run CAT 6 into the old rooms, but the boss said No to save

money (Figure 19.4). MHTechED has a very nice Cisco 802.11g WAP. The

boss wasnt happy when you bought a new 802.11n WAP for almost $1,000,

because the old one still works fine.

Figure 19.4 CAT 5e and CAT 6 drops in the MHTechED office

The few existing applications the company needs to bring along will

work perfectly on the new PCs and Macs: namely Peachtree 2012, AdobeIllustrator CS5, and Final Cut Studio.

Try This!Whats Compatible?

If you were building a new home network from scratch, which of your

existing parts could work in the new network? Do you have older

equipment that might have compatibility issues, like an old 10BaseT

switch or router?

If you needed to use all of your old equipment, visualize your new net-

work connecting to it and how you might get around some of these issues.

Does your old printer have a way to connect to the network directly?

Where would you connect your Xbox 360? What if you have older TVs?

Will they work with a powerful, HDMI-equipped video card?

Create an inventory of your old equipment and jot down any com-

patibility issues you might imagine taking place.


7/20


Internal ConnectionsNow that you have an idea of your equipment and what you want to do

with it, you need to get everything properly connected using structured

cabling. You should also begin to install your 802.11 network. Once you

connect all your equipment, configure your internal VLANs, IP address

scheme, DHCP/DNS servers, gateway, and so on.

The SwitchMHTechED is small enough to use a single switch to handle all the

interconnections. Their switch needs two features: VLAN support and

Power over Ethernet (PoE) to support the WAP. They have a Cisco 3750

switch that handles all of this quite nicely, so theyll stick with what

they have.

Structured Cabling

Setting up good structured cabling for MHTechED is a breeze. Like most

office buildings, this building has plenum space over everything for hori-

zontal runs and simple sheetrock walls for installing drops. You shouldntrun into any fire stops or heavy machinery.

Dont forget what you learned in Chapter 6. Now is the time to verify

the exact location of your drops as well as where all horizontal runs come

into the equipment room. Estimate the distances so you dont go over the

cable length limits.

Although you can probably do the work yourself, hiring a professional

can save on time and stress. Get a good floor layout, get on the phone, and

call a professional installer. When he or she finishes the job, make sure

you have

Clearly labeled runs

The length of all runsCAT ratings on all runs

The floor plan showing all runs

Since youve hired an installer, you might as well look at your phone

lines as well. Want the fax machine in the hall? No problem, but MHTechED

needs to make sure it has access to an RJ-11 outlet. Running a PBX system?

Verify all the phone lines and PBX lines run to a patch panel.

Cross CheckCAT 5e in a CAT 6 Network

You learned about CAT levels in Chapter 5, so check your memory asyou read about the mixed CAT 5e and CAT 6 runs. What is the maxi-

mum throughput for CAT 5e and CAT 6? How might these different

cable runs affect your network? What would be the fastest backbone

switch to use in this network?


8/20


Electrical and Environmental Limits

Youve got to be careful when installing racks in places where

no rack has ever been. Watch out for electricity and environment

issues. Its never a good idea to run your network equipment on

anything other than a very high-amperage dedicated circuit. Fig-

ure 19.5 shows the dedicated circuit in MHTechEds equipmentroom. Those plugs are not in circuit with any other plugs!

Environment is an equally big gotcha. Dont turn a typi-

cal closet into rack space without making serious environmental

changes first. For very small single racks, you can get away with

the existing air conditioning. Keep in mind, however, that the same

ventilation that keeps a single person cool will not be enough to

keep the rack cool. If youre making a new rack, call building ser-

vices and get them to dump extra air into that room!

Wireless

MHTechED has lots of customerswho walk in and need to see prod-

ucts online while in the office. To

make this easier, MHTechED is

going to create a well-locked-

down 802.11 network. Because

the boss wont let them upgrade

to 802.11n, they choose to place

the single WAP centrally in the

office, as shown in Figure 19.6.

Given the small size of the office,

this single WAP should do well.

Theres no power or networkdrop here, however. Good thing

you hired those installers! It's

time to add another drop. Power

wont be a problem because the

WAP supports PoE.

Cross CheckTime for Virtual PBX?

You learned about virtual PBX in Chapter 17. With old-school PBX on

its way out, should MHTechED consider a virtual PBX solution? If the

company already has phone lines running to a central location, what

type of virtual PBX should MHTechEd use: an in-house virtualized

server solution or a NaaS solution like Virtual PBX (virtualpbx.com)?Recheck Chapter 17 and do some online research to develop a solution.

Remember that MHTechED will want an 800 number and at least three

incoming lines, plus a fax line.

Figure 19.5 Dedicated circuit

Figure 19.6 Placement of WAP in network


9/20


VLANs

These days, you wont find many networks that dont use VLANs. Even

though MHTechED uses a small network, the company plans to separate the

wireless devices, the virtual R&D machines and special server, the switch,

and the router management tools into separate VLANs from the main net-

work VLAN. The wireless VLANs will make it substantially harder to hackinto the main network wirelessly.

Placing all of the R&D virtual machines into a VLAN will help prevent

anyone playing on these test machines from hurting the main network.

Figure 19.7 shows a lights-out management (LOM)program running on a

Dell server being configured for VLAN200. These LOMs are special com-

puter within a computer features built into better servers, designed to give

you access to a server even when the server itself is shut off.

Figure 19.7 Lights-out management

Cross CheckInstall That Wireless!

Chapter 15 goes into great detail on the process of installing a wireless

network. Generate a list of steps that the installer must go through to

get the WAP properly configured. Keep in mind that this is a pure WAP,

not a wireless router. Remember to include steps for dealing with PoE,

SSID, VLAN, security, and so on. After that, go online and price outsome serious enterprise WAPs. Youll have a lot to choose from, but

the Cisco Aironet series has been around for a long time. Find the WAP

that best fits your home network use.


10/20


11/20


External ConnectionsNo network is an island anymore. At the very least, MHTechEd needs an ISP

so folks can Google and update their Facebook pageser, I mean, get work

done online. In a SOHO network like MHTechEd, you dont have to deal

with many of the issues youd see in larger networks. A typical home-type

ISP (DSL or cable) should be more than enough for them in terms of band-

width. On the other hand, MHTechEd needs to be connected to the Internet

all the time (or pay the price in lost business), so the company should con-sider a second ISP as a fallback plan in case the primary ISP fails.

Choose a Gateway Router

A serious business cant get away with a cheap home router. It needs some-

thing that fires up quickly, runs dependably, and never locks up. Thats

why MHTechEd chose a real battleship

of a router: the Cisco 2811. This router

comes with two fixed 100BaseT Eth-

ernet ports (Figure 19.8) and plenty of

extra slots to add even more NICs. Its

a good firewall, too, and supports NAT.Unfortunately, the Cisco 2811 only sup-

ports 100BaseT. Depending on whats

available in your area, that router might

need an upgrade soon.

As youll see in the next section,

MHTechEd wants to connect to two dif-

ferent ISPs as a safety feature. To support

Try This!Paper Router Table

Assume MHTechEd has two static Internet connections:

ISP A ISP B

IP Address: 1.5.4.3 IP Address: 11.45.27.3

Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.0

Default Gateway: 1.5.4.1 Default Gateway: 11.45.27.1

Using the internal IP address scheme discussed earlier in this chapter

(10.11.12.0/24) and the predefined default gateway (10.11.12.1), write

up a four-line paper routing table.

Using the Cisco naming conventions, your router has three Ethernet

ports: Fa0/0 connects to the local network; Fa0/1 connects to ISP A; andFa0/2 connects to ISP B. Run r out e pr i nt from a Windows command

prompt to remind you of the data needed to make a routing table. Make

sure you have at least three routes:

Default route to the Internet when ISP A is working

Default route when ISP A is notworking (clue: metrics)

Local traffic route

Figure 19.8 Fixed 100BaseT ports on Cisco 2811

Cisco would prefer that

small businesses use their ASA

series of security appliances

over the 2800 series of routers.

Go to www.cisco.com and

compare a Cisco ASA 5540 to

the Cisco 2811.


12/20


this, the company needs to add an extra port to the 2811. Luckily, the 2811 is

designed to accept special high-speed WAN interface cards (HWICs), router

expansion cards that make adding the third port easy (Figure 19.9).

Figure 19.9 Cisco HWIC card

Most good routers and switches come with interchange-

able components, enabling manufacturers to make a base

model device and then offer components to address each

customers individual needs. These components come in a

number of different shapes and sizes. In Chapter 5, you saw

a gigabit interface converter (GBIC) that gives customers the

ability to match their router and switch connections to what-

ever type of fiber already exists in their location. Youve now

seen the Cisco HWIC as well. Another popular module used

by Cisco is their Small Form-Factor Pluggable (SFP)connector,

used in many Cisco and other brand switches (Figure 19.10).

Note that the SFP is designed exclusively for fiber networks.You can easily install these modules. Turn off the router

or switch, remove a protective plate (if one exists), plug in the

module, and turn the switch/router back on. Assuming the device is in

good working order, the switch or router will automatically recognize the

new connectors and youll be able to do whatever youd do with any con-

nector: add it to a VLAN, configure its speed/duplex, apply an IP address

(on router ports), and so on.

If you install a module that doesnt work, use the same tests that youd

perform on any port on a switch or router. The fact that these are modules

doesnt change the troubleshooting tools youve learned about in earlier

chapters. Ive listed some of the most common problems with modules and

what to do to fix them:

Did you plug the wrong type of cable into the new port (single-mode into

multimode, for example)?Make sure you use the right cabling for the

new connection.

Are the link lights working? Is the new port properly connected? Its just

as easy to plug a bad cable into a module as it is to plug it into a

regular port. Make sure the device on the other end of the cable

works, too!

Figure 19.10 NETGEAR SFP


13/20


Does the switch/router recognize the new module in the maintenance

Web page/utility/whatever?If it doesnt, you need to contact the

manufacturer. In most cases, you can fix it by replacing the

module.

Choose an ISP

Before you choose an Internet service provider, ask yourself, What is avail-able at my location? If youre constructing a network in an existing office

building, also ask, Whats already installed that I can tap into? Once an

ISP makes some form of endpoint in a building, you can easily (and inex-

pensively) connect to that ISP as opposed to finding your own. Addition-

ally, many office buildings offer Internet connectivity as part of the lease

agreement or at least tell you what ISP already connects to the building.

After making a few calls to building management, MHTechEd learns

that an ISP already provides 100BaseT, Metro Ethernet service. The ISP

promises 5 Mbps throughput and is prepared to get them up and running

in just a few days (they need to run a 100BaseT connection from the demarc

in the basement up to MHTechED). Additionally, MHTechEd is also pur-

chasing a commercial account from the local cable provider.

ISPs and MTUsI discussed the Maximum Transmission Unit (MTU) in Chapter 8. Back in

the dark ages (before Windows Vista), Microsoft users often found them-

selves with terrible connection problems due to the fact that IP packets were

too big to fit into certain network protocols. The largest Ethernet packet is

Try This!

Customizing Your 2811Do some research to see how many different types of HWICs are avail-able for the 2811. Youll find quite a few! Also check out a single series

of Cisco router. Try the 2800 series, if youd like, but also consider

investigating another series such as the 3800 line. Pick three routers in

the series and determine the difference among the three. Answer this

question: What is the significance of the last two digits of a routers

model number?

Try This!

Whats Available in Your Building?Home networks wont have a preexisting ISP. You need to determine

which ISPs provide service in your neighborhood. Fortunately, theres

a great Web site designed to help you see what you can get: www

.broadbandreports.com. Go the site, select the Find Servicemenu, and

enter your ZIP code (sorryUSA only). Even if you already have an

Internet connection at your house, see if you can find a better deal

than the one you have. How much money can you save per month?


14/20


1500 bytes, so some earlier versions of Windows set

their MTU size to a value less than 1500 to minimize

the fragmentation of packets. The problem cropped

up when you tried to connect to a technology

other than Ethernet, such as DSL. Some DSL carri-

ers couldnt handle an MTU size greater than 1400.

When your networks packets are so large that they

must be fragmented to fit into your ISPs packets, we

call it an MTU mismatch.

As a result, techs would tweak their MTU set-

tings to improve throughput by matching up the

MTU sizes between the ISP and their own network.

This usually required a manual registry setting

adjustment, although some older versions of Win-

dows used third-party programs like Dr. TCP (Fig-

ure 19.11). This process is called matching up mis-

matched MTU settings.

Around 2007, Path MTU Discovery (PMTU), a new method to determine

the best MTU setting automatically, was created. PMTU works by adding

a new feature called the Dont Fragment (DF) flag to the IP packet. APMTU-aware operating system can automatically send a series of fixed-size

ICMP packets (basically just pings) with the DF flag set to another device to

see if it works. If it doesnt work, the system lowers the MTU size and tries

again until the ping is successful.

You can imitate this feature by running a ping yourself. Open a com-

mand prompt and run the following command:

ping www.totalsem.com -f -l 1500

You should get results similar to the following:

Pinging www.totalsem.com [216.40.231.195] with 1500 bytes of

data:Packet needs to be fragmented but DF set.

Packet needs to be fragmented but DF set.



Ping statistics for 216.40.231.195:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Try running the ping command again, this time setting the MTU size

smaller:

Dr. TCP is an old program

and does not work on Windows

Vista or 7. Dont use it anymore;

you dont have to, either,

because of Path MTU Discovery.

Figure 19.11 Adjusting the MTU settings in Dr. TCP

C:\>ping www.totalsem.com -f -l 1400

Pinging www.totalsem.com [216.40.231.195] with 1400 bytes of data:

Reply from 216.40.231.195: bytes=1400 time=81ms TTL=51




Ping statistics for 216.40.231.195:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 144ms, Average = 111ms


15/20


Imagine the hassle of incrementing the MTU size manually. Thats the

beauty of PMTUyou can automatically set your MTU size to the perfect

amount.

Unfortunately, PMTU runs under ICMP; most routers have firewall

features that, by default, are configured to block ICMP requests, making

PMTU worthless. This is called a PMTU or MTU black hole. If youre having

terrible connection problems and youve checked everything else, you need

to consider this issue. In many cases, going into the router and turning off

ICMP blocking in the firewall is all you need to do to fix the problem.

PeripheralsThe MHTechEd requirement list defined the following peripherals:

One high-speed laser printer hooked directly to the network

One color printer connected to a machine to be determined

A combined fax/copier/printer (All-in-One) device primarily

used for faxes

A single scanner connected to a system

This doesnt mean that other printers wont be installed, but these are

the base needs in terms of peripherals.

Since the color printer and the All-in-One have already been

purchased, or at least already decided upon, MHTechEd only needs

to purchase the big laser printer. MHTechEd chooses a Hewlett-

Packard M9050 like the one shown in

Figure 19.12. These are very popular,

high-speed, and network-capable out

of the box. Theyre also built like tanks

and will last a long time.

Only the big laser printer and the

All-in-One box will connect directly

to the network. To make things con-

venient, install both of these in Office

2 (Figure 19.13). Oops! I forgot yet

another drop for a run to the laser

printer. Even though the fax machine

can run wirelessly, lets go ahead and

just run a second drop for the fax

machine.

The CompTIA Network+

objectives use the term MUT/

MTU black holes. Theres no such

thing as MUT so, hopefully,

CompTIA will have fixed this

by the time youre reading

this book.

Figure 19.12 HP M9050

Try This!Make Your Own Networked Printer

Putting a printer directly onto the network as opposed to sharing it

through a PC has some big benefits. First, the printer doesnt need a run-

ning PC to be accessed. Second, heavy print jobs wont slow down any

PCs. Third, less running equipment saves purchase costs and energy.

But what if your printer on your home network doesnt have an Ether-

net connection? Go online and see if you can find devices that enable

you to interconnect a USB printer to an Ethernet network.

Figure 19.13 Location of fax machine and printer


16/20


SecurityThinking about network security is like thinking about network electricity:

security is not really a single step but an integral part of all the steps. Two

chapters of this book, Chapter 11 and Chapter 16, already do a great job of

covering these issues. Now I need to describe how to secure the MHTechED

network. Going forward with that idea, here are the previous six steps with

some of the security issues that come into play during each step:

List of requirements1. What are MHTechEDs security needs?

Heres a small subset:

Anti-malware on all systemsA.

Firewall with ACL capacityB.

Security from equipment theftC.

Wireless encryptionD.

Wireless network isolationE.

Network design2. You need to make sure MHTechEd has the

equipment that satisfies the requirements listed in Step 1.Microsoft Security Essentials on all systemsA.

A built-in firewall on the Cisco 2811B.

Door locks, deadbolts, motion sensors all tied to a securityC.

monitoring company

WPA Personal Shared KeyD.

WAPs that support isolationE.

Compatibility issues3. Will there be security issues with the older

equipment? Can the old WAP support WPA2 PSK?

Internal connections4. What do you need to do to protect the

internal network from threats and failures?

Verify anti-malware is installed and updatedinstall MicrosoftA.

Security Essentials and configure for automatic updates.

Document the location of all PCs and their associatedB.

connections.

Configure servers to use RAID 5.C.

For power failure, use four 5000-joule, rack-mounted standbyD.

power supplies in the equipment room: three for servers and one

for all routers, switches, and so on.

Install removable hard drives for backup. Contract for offsiteE.

backup.

Configure domain for strict password security.F.

External connections5. How do you connect to the Internet?

The network uses the 2811 routers firewall features, but howA.

exactly do you keep it up to date? What, if any, manual ACLs

must you configure?

Peripherals6. Not a traditional security issue.

Be ready for some fairly

complex scenario questions on

the CompTIA Network+ exams.

CompTIA does a great job

giving you some clues about

the scenario questions youll

encounter with the details of

Domain 2.6, as you can see in

Appendix A. Like any CompTIA

question, take your time when

reading the scenario questions.

In many cases, the question

itself hinges completely on

a single word or statement,

making the entire scenario

actually incredibly simple to

answer.


17/20

550Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Chapter 19 Review

Chapter Summary

After reading this chapter and completing the exercises,

you should understand the following about SOHO net-works and troubleshooting.

Describe the major steps to consider when designing a

SOHO network

List of requirements Define the networks

needs. Why are you installing this network? What

primary features do you need?

Network design What equipment do you need to

build this network? How should you organize the

network?

Compatibility issues Are you using existingequipment, applications, or cabling that might

cause compatibility issues?

Internal connections What type of structured

cabling do you need? Does this network need

wireless?

External connections How do you connect to the

Internet?

Peripherals How will peripherals come into

play? Are you connecting any printers, fax

machines, or scanners?

Security How do you deal with computer, data,and network security?

Describe and implement a SOHO network, including

solving assorted problems

Reference the list of requirements to verify that

you are building the network to meet those

requirements.

Network design defines the number of

workstations and servers as well as the operating

systems you choose to run.

Decide if virtualization is a good option for your

server, and, if so, what virtualization hypervisor to

use.

Know whats in the equipment room and how you

will power it.

Determine if existing equipment might cause

compatibility issues and if you can work aroundany limitations.

Decide if it is less expensive in the long run to

replace questionable equipment.

Decide what type of switch to use based on

your needs.

Use structured cabling.

Determine the CAT level installed and if you need

to upgrade any cabling.

Equipment rooms need good air conditioning to

perform well.

Equipment rooms should have at least one

dedicated circuit.

Determined the placement of the WAP in your

SOHO network.

Determine how your network uses VLANs and

what VLANs you will create, along with their

specific jobs.

Pick a DHCP server.

Determine what gateway router makes the most

sense for your network and why. Also determined

if you need to customize your gateway router foryour ISP.

Know what Internet connection options are

available. Your building might already have an

Internet connection. If so, determine if you can

access it and if it is fast enough for your needs.

Most MTU black holes are fixed by enabling ICMP.

Decide what peripheralsprinters, scanners, and

so onare called for by the list of requirements,

where they should be located, and how they will

connect to the LAN.

Explain how security comes into play when building a

SOHO network

Verify anti-malware is installed, updated, and

configured for automatic updates.

Implement a firewall with ACL capacity.


18/20

551Chapter 19: Building a SOHO Network

Protect yourself from equipment theft. Use door

locks, deadbolts, and motion sensors that are all

tied to a security monitoring company.

Encrypt wireless connections and isolate the

wireless network from the main network. Verify

that your WAPs support isolation.

Configure a security key for your network.

Document the location of all PCs and their

associated connections.

Configure servers for data security.

For power failure, use standby power supplies in

the equipment room.

Install removable hard drives for backup. Contract

for offsite backup.

Configure domain for strict password security.

Keep your firewall up to date and configure ACLs

as necessary.

Peripherals are not a traditional security issue.

Key Terms

compatibility issue (535)

external connection (535)

high-speed WAN interface card (HWIC) (545)internal connection (535)

lights-out management (LOM) (542)

list of requirements (535)

MTU black hole (548)

MTU mismatch (547)

network design (535)

Path MTU Discovery (PMTU) (547)peripheral (535)

security (535)

Small Form-Factor Pluggable (SFP) (545)

Key Term Quiz

Use the Key Terms list to complete the sentences that

follow. Not all the terms will be used.

Determining the type of printers and their1.

location is under the _______________

checklist item.

A(n) _______________ connector is an2.

interchangeable feature of many switches

and routers that makes it easier to connect to

different types offibernetworks.

_______________ is a part of every point on the3.

build-your-own SOHO network checklist.

Determining the type of gateway router is under4.

_______________ in the checklist.

Unblocking incoming ICMP requests will often5.

repair a(n) _______________.

Concern that an old printer may not work with6.

your new Windows 7 computers is an example

of _______________.

You can add ports to many Cisco routers with7.

a(n) _______________.

The section of the checklist where you determine8.

the exact make and model of switch youll use is

_______________.

A new VPN that runs incredibly slowly might be9.

suffering from _______________.

If an operating system uses _______________,10.

you have no reason to adjust the MTU settings

manually.


19/20


20/20

553

What Cisco device is used to add ports to a Cisco8.

product?

SFPA.

HWICB.

GBICC.

RepeaterD.

Which of the following is a dedicated computer9.thats preconfigured to offer file storage for many

types of client computers?

Active DirectoryA.

NASB.

PANC.

SPAND.

What type of electrical setup is ideal for a10.

network closet?

Circuits shared with no more than two otherA.

locations

Dedicated circuitB.High-voltage circuitC.

Any circuit will do.D.

Essay Quiz

Give a walk though of all the steps to configure1.a WAP on an existing network. Include adding a

VLAN just for wireless clients.

Using a real-world example with a router that2.

can block incoming ICMP, show how to diagnose

an MTU black hole. Include screen grabs of the

problem and show how to turn off ICMP blocks

on your sample router.

Write an employee training tool for MHTechED3.that describes to the users what to expect on

their systems in the new office. Create a name for

the printers and show the users how to access

them. Create shares for the servers and give

them instructions on what is stored where. Feel

free to use your own creativity to make this as

complete as possible.

Lab Project 19.1

Working with multiple partners, build an entire

network, with each person adding a single

component. Have each person add an item to

a sheet of paper. You have ten workstations,

but feel free to add anything else. Draw a

logical diagram of the network and add an IP

addressing scheme.

Lab ProjectsLab Projects

Lab Project 19.2

Go on a shopping trip to purchase every item

to build a new SOHO network. You must use a

router, two WAPs, a switch, a better laser printer,

and a scanner. Then go on eBay and see how

much you save by buying the same or similar

equipment used.

Building a Soho Network

Documents