CompTIA A+ Rapid Review: Networking

  • 4/15/2013
Contents

Objective 2.6: Install, configure, and deploy a SOHO wireless/wired router using appropriate settings

It’s very common for a small office home office (SOHO) to have a network with a wireless router used as the central networking device. Computers can connect to the wireless router to share resources on the network and for access to the Internet. Additionally, wireless routers commonly include wired connections and additional services for the network.

Exam need to know...

  • MAC filtering

    For example: What is a MAC? What is the benefit of MAC filtering?

  • Channels (1-11)

    For example: What is the default channel used for wireless? What channel(s) should you use instead for better performance?

  • Port forwarding, port triggering

    For example: What is the difference between port forwarding and port triggering?

  • Built-in networking services

    For example: What are the common services built into wireless routers? What should be enabled to automatically assign IP addresses?

  • Wireless security

    For example: What is the SSID? What can be done to hide a wireless network from casual users?

  • DMZ

    For example: What is a DMZ? What computers would be placed in a DMZ?

MAC filtering

Wired and wireless network interface cards (NICs) use media access control (MAC) addresses. MAC addresses are represented as six groups of two hexadecimal characters similar to this: 1A-2B-3C-4D-5E-6F. MAC addresses are burned into NICs and can be used to identify specific computers.

True or false? You can use MAC filtering on a wireless router to restrict access to only certain devices.

Answer: True. MAC filtering can be enabled on a wireless router by using only the MAC addresses of authorized devices.

You can also use MAC filtering with wired routers. The router will block access to the network to all systems except for ones with the specifically allowed MAC addresses.

Exam Tip

MAC address filtering can be used to block access to a network based on the client’s MAC address. It can be enabled on both wireless and wired routers. When enabled, it will block access to unidentified clients attempting to access the network.

More Info

The MAC address is also known as the physical address or the hardware address. You can view the MAC address of a system with the ipconfig /all command from the command prompt. In this command, it’s listed as the physical address. Chapter 14 of the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802), ISBN-10: 0735662681, shows how to use the command prompt and the ipconfig /all command.

Channels (1–11)

Wireless protocols are associated with specific frequency bands, such as 2.4 GHz or 5.0 GHz. However, each of these bands is divided into several channels. While a wireless router will automatically pick one of these channels, it is possible to manually select a specific channel.

True or false? If channel 6 has excessive interference, you should select channel 5 or 7 to improve performance.

Answer: False. Channel 6 is usually selected by default. However, channels 5, 6, and 7 all overlap with each other, so interference on channel 6 will also affect channels 5 and 7.

If channel 6 has excessive interference, it’s recommended to select channel 1 or 11 instead. There isn’t any overlap with the signals between these three channels.

Wireless networks in areas where multiple wireless networks are active frequently have performance problems due to interference from other networks. For example, an apartment complex might have several active wireless networks from different residents. You can eliminate interference with most networks by switching to channel 1 or 11.

Exam Tip

Wireless networks include 11 channels. If channel 6 has interference, you can often get better performance by switching to channel 1 or 11.

More Info

Microsoft At Home has a good article titled “10 Tips to Help Improve Your Wireless Network.” One of these tips is to change the wireless channel. You can view the article here: http://www.microsoft.com/athome/setup/wirelesstips.aspx.

Port forwarding, port triggering

Many wireless routers and firewalls support port forwarding and port triggering. These are two methods used to allow specific types of traffic through a router or firewall.

True or false? Port forwarding opens a specific incoming port after traffic is sent out on a different port.

Answer: False. Port forwarding forwards all traffic from the Internet by using a specific port to a specific IP address.

Port forwarding can be used to provide access to a system within a private network from the Internet. For example, all traffic coming in port 80 can be forwarded to a web server on an internal network.

Port triggering uses one outgoing port as a trigger to open a specific incoming port. For example, an application might send traffic out on port 3456 and receive traffic in on port 5678. A port trigger on the router or firewall will automatically open incoming port 5678 only when traffic is sensed going out of port 3456.

Exam Tip

Port forwarding sends traffic coming in from the Internet on a specific port to an internal system with a specific IP address. Port triggering opens a specific incoming port only after traffic is sent out on a specific port.

More Info

Port Forward (http://portforward.com/) includes many free resources that can be used to understand port forwarding and to configure port forwarding on many different routers.

Built-in networking services

Hardware devices sold as wireless routers generally also include multiple services that are often enabled by default. This simplifies the setup of the internal network for users.

True or false? Wireless routers commonly include DHCP to assign IP addresses to internal devices.

Answer: True. Wireless routers include multiple services, including DHCP.

DHCP assigns a range of IP addresses to DHCP clients and also provides the IP address of the wireless router as each client’s default gateway. If desired, you can disable DHCP and manually assign IP addresses to internal systems.

If DHCP has been disabled, DHCP clients will assign themselves an APIPA address starting with 169.254. However, you can manually assign IP addresses and other TCP/IP configuration information for all internal clients. It takes more time, but it is possible.

DHCP can be configured to assign IP addresses for a limited range in a network, and other IP addresses in the range can be manually assigned. For example, you can have DHCP assign IP addresses in the range of 192.168.1.100 through 192.168.1.254 with a subnet mask of 255.255.255.0. You can then manually assign other IP addresses from 192.168.1.1 through 192.168.1.99.

NOTE

It’s common to manually assign IP addresses to servers and printers so that each always has the same IP address, even after being turned off and back on.

It’s also possible to have addresses assigned based on their MAC addresses. For example, you can have DHCP always assign the same IP address to a printer. When the printer requests an IP address, the request includes the printer’s MAC address, and you can map this MAC address to a specific IP address in DHCP. This is known as a DHCP reservation.

Other services commonly included in a wireless router include the following:

  • Firewall. The firewall filters traffic in and out of a network. Traffic can be filtered based on IP addresses, MAC addresses, logical ports, and protocols. Most firewalls are configured to block all traffic except for traffic that is specifically allowed.

  • Network Address Translation (NAT). NAT is a service that replaces private IP addresses used internally on a network with public IP addresses used on the Internet. The wireless router will have a single public IP address connected to the Internet, and all internal devices can share it when accessing the Internet.

  • Basic Quality of Service (QoS). QoS is a group of a technologies used to control traffic on a network by assigning different priorities to specific types of traffic. For example, it can give streaming video a lower priority than other types of traffic.

Exam Tip

DHCP is included as a service on most wireless routers. When enabled, it automatically assigns IP addresses to DHCP clients in a network. It can be disabled if desired, but IP addresses need to be manually assigned if DHCP is disabled.

Wireless security

A primary step you need to take for wireless security is to select a secure encryption type such as WPA2, as described in Objective 2.4, “Explain common TCP and UDP ports, protocols, and their purpose“, earlier in this chapter. A strong passphrase should be used, and the passphrase should be kept secret. In addition to using WPA2 with a strong passphrase, there are some additional steps you can take.

True or false? You can enable SSID broadcast to prevent users from connecting to a wireless network.

Answer: False. You can disable service set identifier (SSID) broadcasts to prevent users from easily seeing and connecting to a wireless network.

The SSID is the name of the network, and you need to know the SSID when connecting any device. When SSID broadcast is enabled, the network is visible to anyone in range of the network, making it easier for users to select the network. When SSID broadcast is disabled, users need to type in the name manually.

True or false? WPS allows users to configure security by pressing a button or entering a personal identification number (PIN).

Answer: True. Wi-Fi Protected Setup (WPS) is a feature on some wireless routers, designed to make security configuration almost as easy as pressing a button. Unfortunately, WPS is vulnerable to attacks and not recommended for use.

Exam Tip

You can hide wireless networks from casual users by disabling SSID broadcast. When SSID broadcast is disabled, it is difficult for other users to see the network without using special tools.

More Info

Wireless topics are also mentioned on 220-802 objectives such as "Objective 2.5: Compare and contrast wireless networking standards and encryption types" covered in Chapter 7, of this book. Chapter 23 of the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802), ISBN-10: 0735662681, covers wireless networks in more depth, including the differences between wireless access points and wireless routers, the different wireless security types, and how to configure wireless routers.

DMZ

A demilitarized zone (DMZ) is a buffer network that provides a layer of protection for an internal network and a device that can be accessed from the Internet. DMZs are also known as screened subnets, perimeter networks, or buffer networks and are typically created with two firewalls. One firewall routes traffic between the Internet and the DMZ. The second firewall routes traffic between the internal network and the DMZ.

True or false? Internet-facing servers are placed in a DMZ to provide a level of protection.

Answer: True. Any server that can be accessed from the Internet has an added layer of protection when it is placed in a DMZ.

On home networks, users might place a gaming server in the DMZ to protect it while still making the server accessible to other users through the Internet. In larger networks, mail servers and web servers are commonly placed in a DMZ.

Without a DMZ, Internet-facing servers would need to be placed directly on the Internet with a public IP address or within an internal network. Note that you can place an Internet-facing server in one of the following three locations:

  • On the Internet. It has a public IP address and minimal protection. It is susceptible to a wide variety of attacks.

  • Internal network. If the system is successfully attacked, the attacker might be able to access other systems on the internal network. That is, this presents additional risks to internal systems.

  • DMZ. The Internet-facing server has a layer of protection against Internet attacks from the firewall between it and the Internet. The internal network has an additional layer of protection against a successful attack against the Internet-facing server.

Exam Tip

Internet-facing servers are often placed in a DMZ for extra security. This includes gaming servers in home networks, and mail or web servers in corporate networks.

More Info

There are many different configurations for a DMZ. The Wikipedia article on DMZs includes good descriptions and diagrams of different DMZs. You can view it here: http://en.wikipedia.org/wiki/DMZ_(computing).

Can you answer these questions?

You can find the answers to these questions at the end of this chapter.

  1. What type of address can you use to block network access for specific computers?

  2. What channel(s) should you use if your wireless network has excessive interference on channel 6?

  3. Where should you place a gaming server that needs to be accessible from the Internet but also needs protection?

Save to your account

This chapter is from the book

Related resources

There are currently no related titles.