BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

chapter

19

Building a SOHO
Network

There are three kinds of death

in this world. Theres heart
death, theres brain death, and
theres being off the network.
Guy Almes

In this chapter, you will learn

howto

Describe the major steps to

consider when designing a SOHO
network

Describe and implement a SOHO

network, including solving
assorted problems

Explain how security comes

into play while building a SOHO
network

534

he time has come for you to take what you learned in previous chapters
and apply that knowledge to creating a product: a real, functioning

network. This chapter walks you through the steps for building a typical small
office/home office (SOHO) network from the ground up, using the tools
provided in earlier chapters to handle the entire process. This network needs to
include structured cabling, wireless, operating systems, Internet connectivity,
and network/system security. The network must have servers, workstations,
and printers installed. Ill also add a few troubleshooting tips beyond what was
discussed in other chapters.

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Historical/Conceptual
Building a SOHO network is a big job, so lets break it into three discrete
steps. First, you need to plan the process. To do this, Ive created my own
checklist to help you think about what needs planning. Second, theres the
actual process of building the SOHO network. Ill walk you through this
process, from running the cables to installing anti-malware software. Third,
Ill discuss security and youll see that, although security isnt on the checklist, its actually part of almost every section of the checklist.
This chapter is unique. I want you to look at an entire network and
see it as a whole so you gain a broad understanding of how it all works. I
wont rehash procedures or technologies already covered in earlier chapters. Instead, Ill cover the building of a SOHO network from a higher level,
dealing with individual scenarios that you might encounter as you build
the network after its running. Be warned! Youll probably find yourself
jumping back to earlier chapters to consider issues in this chapter.

Test Specific
Designing

a SOHO Network

The CompTIA Network+ exam doesnt define a list titled The x Steps to
Design and Build a Network. As youve read this book, however, youve
probably discovered what needs to happen. For this chapter, Ill use the following list. It may not be perfect, but Ive built hundreds of networks using
these steps.
1. List of requirements Define the networks needs. Why are you
installing this network? What primary features do you need?
2. Network design What equipment do you need to build this
network? How should you organize the network?
3. Compatibility issues Are you using existing equipment,
applications, or cabling that have compatibility issues?
4. Internal connections What type of structured cabling do you need?
Does this network need wireless?
5. External connections How do you connect to the Internet?
6. Peripherals How will peripherals come into play? Are you
connecting any printers, fax machines, or scanners?
7. Security How will you deal with computer, data, and network
security?
Although Ive numbered them here, these steps might come in any order.
Even though network security is in the seventh position, for example,

Chapter 19: Building a SOHO Network

This list happily ignores a

few important issues such as
costs vs. budget, time to install,
and so on. While you should
definitely consider these when
constructing your own network,
the CompTIA Network+ exam
isnt very interested in them.

535

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Figure 19.1

you might make a decision concerning the

firewall as early as Step 2. Dont be afraid to
jump around a bit as needed to construct the
network. Lets start building a network using
this list. For each point on the list, Ill use a
scenario or two to consider some of the pitfalls and issues that might pop up.
Remember when we introduced you to
MHTechED back in Chapter 2? Well, the
prosperous folks over there have hired you
to bring their network up to speed (Figure 19.1). It seems that MHTechEds grown
from 2 computers to about 15 (including
servers) over the years, but the network itself
is a mess. Now they want to move into new
offices. They even have a new floor plan (Figure 19.2).
So grab some boxes and lets move
MHTechED into their new home.

MHTechEDs gotten bigger

Figure 19.2

Floor plan for the new MHTechEd

Building

the Network

Designing a SOHO network isnt too terribly challenging. There simply

arent enough computers, switches, routers, printers, or servers to overwhelm the design process. The challenge comes in the actual implementation of the network. Here, the gotchas come hot and heavy, no matter
how well you think youve planned ahead. The secret is to stick with your
checklist and, above all, be patient!

Define the Network Needs

MHTechED is a typical small office. They need a single file server to store
marketing, accounting, and sales data. They want a second file server that
536

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

only supports their current projects. They also have a few individual servers running a number of different operating systems used for research.
Every employee will get a computer running Windows 7 Ultimate and the
latest version of Microsoft Office. Employees need access to shared folders
on the file server for personal storage as well as shared access to customer
information. All employees need to print documents as well as send and
receive faxes. All employees need access to a telephone.
Two of the employees work full time on graphics, including photography and video. They need cameras, scanners, and a high-quality color
printer. The nature of their work compels them to have an Apple Mac Pro
computer running the latest version of OS X, in addition to their Windows
systems.
Defining network needs never actually ends. All networks are highly
evolving entities and new ideas, applications, and equipment appear on an
ongoing basis.

Network needs are tough

to quantify. Dont try to dig too
deeply here, as many issues can
be assumed such as Everyone
will want a mouse on their PC.
Try to stay with job functions
and what the network needs to
do to support those functions.

Try This!
What Are Your Needs?
Imagine the coolest home network youve ever desired. What would
that network look like? What would it do for you? Go ahead and sketch
up a sample floor plan. Keep this floor plan handy for other Try This!
sections in this chapter.

Network Design
Now you need to work on the finer details. Network design quantifies the
equipment, operating systems, and applications used by the network. This
step ties closely with Step 3, compatibility issues.
You need to address the following equipment:

Workstations

Servers

Equipment room

Peripherals

Workstations
The company has eight employees. Each needs a late-generation Windows
system (Windows 7) running Microsoft Office 2010. Additionally, two
employees need a late-generation Mac running OS X; these machines will
not have Office.

Servers
The network needs three file servers. You have a lot of flexibility here,
as the users simply need two places to store data and some way to run
multiple research and development (R&D) systems. The R&D machines
are perfect candidates for virtualization, so you can add a third server for
storing these.

Chapter 19: Building a SOHO Network

537

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Tech Tip
Network Attached
Storage
Many small networks avoid
using a full-blown file server
and instead take advantage of
inexpensive and reliable network
attached storage (NAS) devices.
Technically, an NAS is a computer
thats preconfigured to offer file
storage for just about any type
of client. Most NAS systems
use the Common Internet File
System (CIFS) configuration to
create a plug and play (PnP) type
of device. These devices include
features such as RAID to make
storage safer.

Most people really enjoy the single sign-on convenience of a Windows

domain, so youll use a single Windows Server domain controller. Granted,
if you really wanted to do things right, you would add a second domain
controller, so why not virtualize the two file servers? You can get two copies
of VMwares ESX Hypervisor.
The network now has three file servers, all virtualized with the following virtual machines:

Server #1 Windows Server 2008

Server #2 Windows Server 2008

Server #3 A number of virtualized operating systems from

Windows 95 through Windows 7. Also two versions of Linux:
Ubuntu and Debian.

Equipment Room
An equipment room will act as the intermediate distribution frame (IDF)
for the network. (See Chapter 6 for the details on the IDF.) All systems will
tie into a single, managed, 24-port gigabit switch on a rack mount. The rack
will be a floor-to-ceiling rack with a rack-mounted UPS.

Peripherals

Figure 19.3

MHTechEd has a small office, so youll purchase a single high-capacity, networked laser
printer and a color inkjet printer. The graphics
folks picked a printer that doesnt have a NIC,
so youll just install the printer onto one of the
Macs and share the printer.
The office doesnt do a lot of faxing or scanning, so a typical All-in-One device should
work perfectly. I found one that shares the fax
system across the network (sweet!), enabling
anyone to convert almost any document into a
fax. This groovy machine connects to the network via Gigabit Ethernet or wirelessly over
802.11g (Figure 19.3). Scanning isnt quite as
handy. All scanned documents go straight
to the machines built-in storage, where it is
shared as a folder on the network. Its not perfect, but for $249, the company is happy.

MHTechEds cool All-in-One machine

Try This!
Your Network, Your Equipment
Continuing from the previous Try This! decide what equipment you
want for your own home network. Surely youre going to add a home
theater PC, but what about a separate media server? Do you want a
computer in the kitchen? Would you like a rack in your house? Can you
find a smaller rack online? Can you wall-mount it? Make a list similar to
the one in this section and keep it handy for more Try This! sections.

538

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Compatibility Issues
MHTechEDs new building recently added more rooms to their office. The
equipment room still has runs going to rooms 1, 2, and 6, but these runs
are only CAT 5e. Three new rooms have been added, but they need CAT6.
You could run CAT 6 into the old rooms, but the boss said No to save
money (Figure 19.4). MHTechED has a very nice Cisco 802.11g WAP. The
boss wasnt happy when you bought a new 802.11n WAP for almost $1,000,
because the old one still works fine.

Figure 19.4

CAT 5e and CAT 6 drops in the MHTechED office

The few existing applications the company needs to bring along will
work perfectly on the new PCs and Macs: namely Peachtree 2012, Adobe
Illustrator CS5, and Final Cut Studio.

Try This!
Whats Compatible?
If you were building a new home network from scratch, which of your
existing parts could work in the new network? Do you have older
equipment that might have compatibility issues, like an old 10BaseT
switch or router?
If you needed to use all of your old equipment, visualize your new network connecting to it and how you might get around some of these issues.
Does your old printer have a way to connect to the network directly?
Where would you connect your Xbox 360? What if you have older TVs?
Will they work with a powerful, HDMI-equipped video card?
Create an inventory of your old equipment and jot down any compatibility issues you might imagine taking place.

Chapter 19: Building a SOHO Network

539

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Internal Connections
Now that you have an idea of your equipment and what you want to do
with it, you need to get everything properly connected using structured
cabling. You should also begin to install your 802.11 network. Once you
connect all your equipment, configure your internal VLANs, IP address
scheme, DHCP/DNS servers, gateway, and so on.

The Switch
MHTechED is small enough to use a single switch to handle all the
interconnections. Their switch needs two features: VLAN support and
Power over Ethernet (PoE) to support the WAP. They have a Cisco 3750
switch that handles all of this quite nicely, so theyll stick with what
they have.

Cross Check
CAT 5e in a CAT 6 Network
You learned about CAT levels in Chapter 5, so check your memory as
you read about the mixed CAT 5e and CAT 6 runs. What is the maximum throughput for CAT 5e and CAT 6? How might these different
cable runs affect your network? What would be the fastest backbone
switch to use in this network?

Structured Cabling
Setting up good structured cabling for MHTechED is a breeze. Like most
office buildings, this building has plenum space over everything for horizontal runs and simple sheetrock walls for installing drops. You shouldnt
run into any fire stops or heavy machinery.
Dont forget what you learned in Chapter 6. Now is the time to verify
the exact location of your drops as well as where all horizontal runs come
into the equipment room. Estimate the distances so you dont go over the
cable length limits.
Although you can probably do the work yourself, hiring a professional
can save on time and stress. Get a good floor layout, get on the phone, and
call a professional installer. When he or she finishes the job, make sure
you have

Clearly labeled runs

The length of all runs

CAT ratings on all runs

The floor plan showing all runs

Since youve hired an installer, you might as well look at your phone
lines as well. Want the fax machine in the hall? No problem, but MHTechED
needs to make sure it has access to an RJ-11 outlet. Running a PBX system?
Verify all the phone lines and PBX lines run to a patch panel.

540

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Cross Check
Time for Virtual PBX?
You learned about virtual PBX in Chapter 17. With old-school PBX on
its way out, should MHTechED consider a virtual PBX solution? If the
company already has phone lines running to a central location, what
type of virtual PBX should MHTechEd use: an in-house virtualized
server solution or a NaaS solution like Virtual PBX (virtualpbx.com)?
Recheck Chapter 17 and do some online research to develop a solution.
Remember that MHTechED will want an 800 number and at least three
incoming lines, plus a fax line.

Electrical and Environmental Limits

Youve got to be careful when installing racks in places where
no rack has ever been. Watch out for electricity and environment
issues. Its never a good idea to run your network equipment on
anything other than a very high-amperage dedicated circuit. Figure 19.5 shows the dedicated circuit in MHTechEds equipment
room. Those plugs are not in circuit with any other plugs!
Environment is an equally big gotcha. Dont turn a typical closet into rack space without making serious environmental
changes first. For very small single racks, you can get away with
the existing air conditioning. Keep in mind, however, that the same
ventilation that keeps a single person cool will not be enough to
keep the rack cool. If youre making a new rack, call building services and get them to dump extra air into that room!

Figure 19.5

Dedicated circuit

Wireless
MHTechED has lots of customers
who walk in and need to see products online while in the office. To
make this easier, MHTechED is
going to create a well-lockeddown 802.11 network. Because
the boss wont let them upgrade
to 802.11n, they choose to place
the single WAP centrally in the
office, as shown in Figure 19.6.
Given the small size of the office,
this single WAP should do well.
Theres no power or network
drop here, however. Good thing
you hired those installers! It's
time to add another drop. Power
wont be a problem because the
WAP supports PoE.

Chapter 19: Building a SOHO Network

Figure 19.6

Placement of WAP in network

541

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Cross Check
Install That Wireless!
Chapter 15 goes into great detail on the process of installing a wireless
network. Generate a list of steps that the installer must go through to
get the WAP properly configured. Keep in mind that this is a pure WAP,
not a wireless router. Remember to include steps for dealing with PoE,
SSID, VLAN, security, and so on. After that, go online and price out
some serious enterprise WAPs. Youll have a lot to choose from, but
the Cisco Aironet series has been around for a long time. Find the WAP
that best fits your home network use.

VLANs
These days, you wont find many networks that dont use VLANs. Even
though MHTechED uses a small network, the company plans to separate the
wireless devices, the virtual R&D machines and special server, the switch,
and the router management tools into separate VLANs from the main network VLAN. The wireless VLANs will make it substantially harder to hack
into the main network wirelessly.
Placing all of the R&D virtual machines into a VLAN will help prevent
anyone playing on these test machines from hurting the main network.
Figure 19.7 shows a lights-out management (LOM) program running on a
Dell server being configured for VLAN200. These LOMs are special computer within a computer features built into better servers, designed to give
you access to a server even when the server itself is shut off.

Figure 19.7
542

Lights-out management

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Most managed devices have the ability to place their management

screens into separate VLANs, as shown in Figure 19.7. This tool keeps people out of the most critical parts of your network.
The VLAN configuration for MHTechED is

Main VLAN VLAN1

Wireless VLAN VLAN2

R&D VLAN VLAN3

Management VLAN VLAN200

Set Up the Network IP Address Scheme

Long before you start plugging in RJ-45s, you need to decide on your internal IP addressing scheme. For most SOHO networks, this means picking
an arbitrary, unique, internal private IP network ID and then preassigning
static IP addresses to servers and WAPs. Plus, pick a DHCP server and preassign DHCP scope IP address ranges.
MHTechED chooses four different network IDs for the four VLANs:

VLAN1 10.11.12.0/24

VLAN2 10.11.13.0/24

VLAN3 10.11.14.0/24

VLAN200 10.11.15.0/24

Try to avoid the overused

192.168.1.0/24 network ID.
Bad guys look for mistakes
likethese.

Sure, the company will never need a full Class C range and could have gone
with a CIDR range like /28, but theyre lazy people, and remembering subnets like 255.255.255.224 is harder than remembering 255.255.255.0. Heres
the rest of the IP organization:

Gateway router 10.11.12.1

Switches/WAP/router management 10.11.15.210.11.15.20

Server 1 virtual machines 10.11.12.1010.11.12.19

Server 2 virtual machines 10.11.12.2010.11.12.29

R&D server virtualized 10.11.14.110.11.14-254

Wired DHCP clients 10.11.12.10010.11.12.130

Wireless DHCP clients 10.11.13.10010.11.13.120

If MHTechEd is using Windows Server, then picking a DHCP server is

easy because the company will just use one of the two DHCP servers that
come with Windows Server 2008.
Setting up the IP addressing
scheme beforehand saves you a lot
of time and effort once you start
Setting Up an IP Address Scheme
installing the systems. Be sure to
Now its your turn to set up your dream home networks IP address
make multiple copies of this scheme.
scheme. List all of the IP address assignments for your network just
Print out a copy and put it in the
like you did for MHTechEd. Heres the big question: Which computers
equipment room. Put a copy in
get static addresses and which get DHCP? What would you use for a
your network documentation. Even
DHCP server?
put a copy in your wallet or in your

Try This!

phone. Having this information at

your fingertips is a huge benefit.
Chapter 19: Building a SOHO Network

543

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Cisco would prefer that

small businesses use their ASA
series of security appliances
over the 2800 series of routers.
Go to www.cisco.com and
compare a Cisco ASA 5540 to
the Cisco 2811.

External Connections
No network is an island anymore. At the very least, MHTechEd needs an ISP
so folks can Google and update their Facebook pageser, I mean, get work
done online. In a SOHO network like MHTechEd, you dont have to deal
with many of the issues youd see in larger networks. A typical home-type
ISP (DSL or cable) should be more than enough for them in terms of bandwidth. On the other hand, MHTechEd needs to be connected to the Internet
all the time (or pay the price in lost business), so the company should consider a second ISP as a fallback plan in case the primary ISP fails.

Choose a Gateway Router

Figure 19.8

A serious business cant get away with a cheap home router. It needs something that fires up quickly, runs dependably, and never locks up. Thats
why MHTechEd chose a real battleship
of a router: the Cisco 2811. This router
comes with two fixed 100BaseT Ethernet ports (Figure 19.8) and plenty of
extra slots to add even more NICs. Its
a good firewall, too, and supports NAT.
Unfortunately, the Cisco 2811 only supports 100BaseT. Depending on whats
available in your area, that router might
need an upgrade soon.
As youll see in the next section,
MHTechEd wants to connect to two difFixed 100BaseT ports on Cisco 2811
ferent ISPs as a safety feature. To support

Try This!
Paper Router Table
Assume MHTechEd has two static Internet connections:
ISP A

ISP B

IP Address: 1.5.4.3

IP Address: 11.45.27.3

Subnet Mask: 255.255.255.192

Subnet Mask: 255.255.255.0

Default Gateway: 1.5.4.1

Default Gateway: 11.45.27.1

Using the internal IP address scheme discussed earlier in this chapter

(10.11.12.0/24) and the predefined default gateway (10.11.12.1), write
up a four-line paper routing table.
Using the Cisco naming conventions, your router has three Ethernet
ports: Fa0/0 connects to the local network; Fa0/1 connects to ISP A; and
Fa0/2 connects to ISP B. Run route print from a Windows command
prompt to remind you of the data needed to make a routing table. Make
sure you have at least three routes:

544

Default route to the Internet when ISP A is working

Default route when ISP A is not working (clue: metrics)

Local traffic route

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

this, the company needs to add an extra port to the 2811. Luckily, the 2811 is
designed to accept special high-speed WAN interface cards (HWICs), router
expansion cards that make adding the third port easy (Figure 19.9).

Figure 19.9

Cisco HWIC card

Most good routers and switches come with interchangeable components, enabling manufacturers to make a base
model device and then offer components to address each
customers individual needs. These components come in a
number of different shapes and sizes. In Chapter 5, you saw
a gigabit interface converter (GBIC) that gives customers the
ability to match their router and switch connections to whatever type of fiber already exists in their location. Youve now
seen the Cisco HWIC as well. Another popular module used
by Cisco is their Small Form-Factor Pluggable (SFP) connector,
used in many Cisco and other brand switches (Figure19.10).
Note that the SFP is designed exclusively for fiber networks.
Figure 19.10 NETGEAR SFP
You can easily install these modules. Turn off the router
or switch, remove a protective plate (if one exists), plug in the
module, and turn the switch/router back on. Assuming the device is in
good working order, the switch or router will automatically recognize the
new connectors and youll be able to do whatever youd do with any connector: add it to a VLAN, configure its speed/duplex, apply an IP address
(on router ports), and so on.
If you install a module that doesnt work, use the same tests that youd
perform on any port on a switch or router. The fact that these are modules
doesnt change the troubleshooting tools youve learned about in earlier
chapters. Ive listed some of the most common problems with modules and
what to do to fix them:

Did you plug the wrong type of cable into the new port (single-mode into
multimode, for example)? Make sure you use the right cabling for the
new connection.
Are the link lights working? Is the new port properly connected? Its just
as easy to plug a bad cable into a module as it is to plug it into a
regular port. Make sure the device on the other end of the cable
works, too!

Chapter 19: Building a SOHO Network

545

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Does the switch/router recognize the new module in the maintenance

Web page/utility/whatever? If it doesnt, you need to contact the
manufacturer. In most cases, you can fix it by replacing the
module.

Try This!
Customizing Your 2811
Do some research to see how many different types of HWICs are available for the 2811. Youll find quite a few! Also check out a single series
of Cisco router. Try the 2800 series, if youd like, but also consider
investigating another series such as the 3800 line. Pick three routers in
the series and determine the difference among the three. Answer this
question: What is the significance of the last two digits of a routers
model number?

Choose an ISP
Before you choose an Internet service provider, ask yourself, What is available at my location? If youre constructing a network in an existing office
building, also ask, Whats already installed that I can tap into? Once an
ISP makes some form of endpoint in a building, you can easily (and inexpensively) connect to that ISP as opposed to finding your own. Additionally, many office buildings offer Internet connectivity as part of the lease
agreement or at least tell you what ISP already connects to the building.
After making a few calls to building management, MHTechEd learns
that an ISP already provides 100BaseT, Metro Ethernet service. The ISP
promises 5 Mbps throughput and is prepared to get them up and running
in just a few days (they need to run a 100BaseT connection from the demarc
in the basement up to MHTechED). Additionally, MHTechEd is also purchasing a commercial account from the local cable provider.

ISPs and MTUs

I discussed the Maximum Transmission Unit (MTU) in Chapter 8. Back in
the dark ages (before Windows Vista), Microsoft users often found themselves with terrible connection problems due to the fact that IP packets were
too big to fit into certain network protocols. The largest Ethernet packet is

Try This!
Whats Available in Your Building?
Home networks wont have a preexisting ISP. You need to determine
which ISPs provide service in your neighborhood. Fortunately, theres
a great Web site designed to help you see what you can get: www
.broadbandreports.com. Go the site, select the Find Service menu, and
enter your ZIP code (sorryUSA only). Even if you already have an
Internet connection at your house, see if you can find a better deal
than the one you have. How much money can you save per month?

546

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

1500 bytes, so some earlier versions of Windows set

their MTU size to a value less than 1500 to minimize
the fragmentation of packets. The problem cropped
up when you tried to connect to a technology
other than Ethernet, such as DSL. Some DSL carriers couldnt handle an MTU size greater than 1400.
When your networks packets are so large that they
must be fragmented to fit into your ISPs packets, we
call it an MTU mismatch.
As a result, techs would tweak their MTU settings to improve throughput by matching up the
MTU sizes between the ISP and their own network.
This usually required a manual registry setting
adjustment, although some older versions of Windows used third-party programs like Dr. TCP (Figure19.11). This process is called matching up mis- Figure 19.11 Adjusting the MTU settings in Dr. TCP
matched MTU settings.
Around 2007, Path MTU Discovery (PMTU), a new method to determine
Dr. TCP is an old program
the best MTU setting automatically, was created. PMTU works by adding
and does not work on Windows
a new feature called the Dont Fragment (DF) flag to the IP packet. A
Vista or 7. Dont use it anymore;
PMTU-aware operating system can automatically send a series of fixed-size
you dont have to, either,
because of Path MTU Discovery.
ICMP packets (basically just pings) with the DF flag set to another device to
see if it works. If it doesnt work, the system lowers the MTU size and tries
again until the ping is successful.
You can imitate this feature by running a ping yourself. Open a command prompt and run the following command:
ping www.totalsem.com -f -l 1500

You should get results similar to the following:

Pinging www.totalsem.com [216.40.231.195] with 1500 bytes of
data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 216.40.231.195:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Try running the ping command again, this time setting the MTU size
smaller:
C:\>ping www.totalsem.com -f -l 1400
Pinging www.totalsem.com [216.40.231.195] with 1400 bytes of data:
Reply from 216.40.231.195: bytes=1400 time=81ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=85ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=134ms TTL=51
Reply from 216.40.231.195: bytes=1400 time=144ms TTL=51
Ping statistics for 216.40.231.195:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 144ms, Average = 111ms

Chapter 19: Building a SOHO Network

547

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

The CompTIA Network+

objectives use the term MUT/
MTU black holes. Theres no such
thing as MUT so, hopefully,
CompTIA will have fixed this
by the time youre reading
thisbook.

Imagine the hassle of incrementing the MTU size manually. Thats the
beauty of PMTUyou can automatically set your MTU size to the perfect
amount.
Unfortunately, PMTU runs under ICMP; most routers have firewall
features that, by default, are configured to block ICMP requests, making
PMTU worthless. This is called a PMTU or MTU black hole. If youre having
terrible connection problems and youve checked everything else, you need
to consider this issue. In many cases, going into the router and turning off
ICMP blocking in the firewall is all you need to do to fix the problem.

Peripherals
The MHTechEd requirement list defined the following peripherals:

One high-speed laser printer hooked directly to the network

One color printer connected to a machine to be determined

Figure 19.12

HP M9050

Figure 19.13

Location of fax machine and printer

 combined fax/copier/printer (All-in-One) device primarily

A
used for faxes
A single scanner connected to a system

This doesnt mean that other printers wont be installed, but these are
the base needs in terms of peripherals.
Since the color printer and the All-in-One have already been
purchased, or at least already decided upon, MHTechEd only needs
to purchase the big laser printer. MHTechEd chooses a HewlettPackard M9050 like the one shown in
Figure 19.12. These are very popular,
high-speed, and network-capable out
of the box. Theyre also built like tanks
and will last a long time.
Only the big laser printer and the
All-in-One box will connect directly
to the network. To make things convenient, install both of these in Office
2 (Figure 19.13). Oops! I forgot yet
another drop for a run to the laser
printer. Even though the fax machine
can run wirelessly, lets go ahead and
just run a second drop for the fax
machine.

Try This!
Make Your Own Networked Printer
Putting a printer directly onto the network as opposed to sharing it
through a PC has some big benefits. First, the printer doesnt need a running PC to be accessed. Second, heavy print jobs wont slow down any
PCs. Third, less running equipment saves purchase costs and energy.
But what if your printer on your home network doesnt have an Ethernet connection? Go online and see if you can find devices that enable
you to interconnect a USB printer to an Ethernet network.
548

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Security
Thinking about network security is like thinking about network electricity:
security is not really a single step but an integral part of all the steps. Two
chapters of this book, Chapter 11 and Chapter 16, already do a great job of
covering these issues. Now I need to describe how to secure the MHTechED
network. Going forward with that idea, here are the previous six steps with
some of the security issues that come into play during each step:
1. List of requirements What are MHTechEDs security needs?
Heres a small subset:
A. Anti-malware on all systems
B. Firewall with ACL capacity
C. Security from equipment theft
D. Wireless encryption
E. Wireless network isolation

Be ready for some fairly

complex scenario questions on
the CompTIA Network+ exams.
CompTIA does a great job
giving you some clues about
the scenario questions youll
encounter with the details of
Domain 2.6, as you can see in
Appendix A. Like any CompTIA
question, take your time when
reading the scenario questions.
In many cases, the question
itself hinges completely on
a single word or statement,
making the entire scenario
actually incredibly simple to
answer.

2. Network design You need to make sure MHTechEd has the

equipment that satisfies the requirements listed in Step 1.
A. Microsoft Security Essentials on all systems
B. A built-in firewall on the Cisco 2811
C. Door locks, deadbolts, motion sensors all tied to a security
monitoring company
D. WPA Personal Shared Key
E. WAPs that support isolation
3. Compatibility issues Will there be security issues with the older
equipment? Can the old WAP support WPA2 PSK?
4. Internal connections What do you need to do to protect the
internal network from threats and failures?
A. Verify anti-malware is installed and updatedinstall Microsoft
Security Essentials and configure for automatic updates.
B. Document the location of all PCs and their associated
connections.
C. Configure servers to use RAID 5.
D. For power failure, use four 5000-joule, rack-mounted standby
power supplies in the equipment room: three for servers and one
for all routers, switches, and so on.
E. Install removable hard drives for backup. Contract for offsite
backup.
F. Configure domain for strict password security.
5. External connections How do you connect to the Internet?
A. The network uses the 2811 routers firewall features, but how
exactly do you keep it up to date? What, if any, manual ACLs
must you configure?
6. Peripherals Not a traditional security issue.

Chapter 19: Building a SOHO Network

549

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Chapter

19 Review

Chapter Summary
After reading this chapter and completing the exercises,
you should understand the following about SOHO networks and troubleshooting.

Describe the major steps to consider when designing a

SOHO network

List of requirements Define the networks

needs. Why are you installing this network? What
primary features do you need?
Network design What equipment do you need to
build this network? How should you organize the
network?
Compatibility issues Are you using existing
equipment, applications, or cabling that might
cause compatibility issues?
Internal connections What type of structured
cabling do you need? Does this network need
wireless?

External connections How do you connect to the

Internet?
Peripherals How will peripherals come into
play? Are you connecting any printers, fax
machines, or scanners?

Security How do you deal with computer, data,

and network security?

Describe and implement a SOHO network, including

solving assorted problems

Reference the list of requirements to verify that

you are building the network to meet those
requirements.

Network design defines the number of

workstations and servers as well as the operating
systems you choose to run.
Decide if virtualization is a good option for your
server, and, if so, what virtualization hypervisor to
use.
Know whats in the equipment room and how you
will power it.

Decide if it is less expensive in the long run to

replace questionable equipment.
Decide what type of switch to use based on
yourneeds.
Use structured cabling.
Determine the CAT level installed and if you need
to upgrade any cabling.
Equipment rooms need good air conditioning to
perform well.
Equipment rooms should have at least one
dedicated circuit.
Determined the placement of the WAP in your
SOHO network.
Determine how your network uses VLANs and
what VLANs you will create, along with their
specific jobs.
Pick a DHCP server.
Determine what gateway router makes the most
sense for your network and why. Also determined
if you need to customize your gateway router for
your ISP.
Know what Internet connection options are
available. Your building might already have an
Internet connection. If so, determine if you can
access it and if it is fast enough for your needs.
Most MTU black holes are fixed by enabling ICMP.
Decide what peripheralsprinters, scanners, and
so onare called for by the list of requirements,
where they should be located, and how they will
connect to the LAN.

Explain how security comes into play when building a

SOHO network

550

Determine if existing equipment might cause

compatibility issues and if you can work around
any limitations.

Verify anti-malware is installed, updated, and

configured for automatic updates.
Implement a firewall with ACL capacity.

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Protect yourself from equipment theft. Use door

locks, deadbolts, and motion sensors that are all
tied to a security monitoring company.
Encrypt wireless connections and isolate the
wireless network from the main network. Verify
that your WAPs support isolation.
Configure a security key for your network.
Document the location of all PCs and their
associated connections.

Configure servers for data security.

For power failure, use standby power supplies in
the equipment room.
Install removable hard drives for backup. Contract
for offsite backup.
Configure domain for strict password security.
Keep your firewall up to date and configure ACLs
as necessary.
Peripherals are not a traditional security issue.

Key Terms
compatibility issue (535)
external connection (535)
high-speed WAN interface card (HWIC) (545)
internal connection (535)
lights-out management (LOM) (542)
list of requirements (535)
MTU black hole (548)

MTU mismatch (547)

network design (535)
Path MTU Discovery (PMTU) (547)
peripheral (535)
security (535)
Small Form-Factor Pluggable (SFP) (545)

Key Term Quiz

Use the Key Terms list to complete the sentences that
follow. Not all the terms will be used.

5. Unblocking incoming ICMP requests will often

repair a(n) _______________.

1. Determining the type of printers and their

location is under the _______________
checklistitem.

6. Concern that an old printer may not work with

your new Windows 7 computers is an example
of _______________.

2. A(n) _______________ connector is an

interchangeable feature of many switches
and routers that makes it easier to connect to
different types of fiber networks.

7. You can add ports to many Cisco routers with

a(n) _______________.

3. _______________ is a part of every point on the

build-your-own SOHO network checklist.
4. Determining the type of gateway router is under
_______________ in the checklist.

Chapter 19: Building a SOHO Network

8. The section of the checklist where you determine

the exact make and model of switch youll use is
_______________.
9. A new VPN that runs incredibly slowly might be
suffering from _______________.
10. If an operating system uses _______________,
you have no reason to adjust the MTU settings
manually.

551

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

Multiple-Choice Quiz
1. Stacis network runs both CAT 6 and CAT
5e cabling. All horizontal runs plug into her
100BaseT switch. If she upgrades the switch and
the NICs in all systems to 1000BaseT, what will
she need to consider with the cabling?
A. Nothing, it will work perfectly.
B. The CAT 5e wont work with 1000BaseT.
C. Youll get an impedance mismatch with two
different cable types.
D. She should force all the 1000BaseT ports to
half duplex if they connect to a CAT 5e cable.
2. What switch is added to the ping command to
prevent the system from fragmenting packets?
A. -l
C. -f
D. -d
3. The first step in designing a new SOHO network
is to
A. Define a list of requirements.
C. Check the existing cable.
D. Determine what security you need.
4. Harley is mapping out the cable runs for her new
office space and realizes that the cable run to the
new warehouse will be close to 200 meters. The
warehouse PC works very hard, pushing over
500 Mbps on the existing network. She already
has a nice equipment room and wants to avoid
moving any switches. Which of the following
is the best solution for setting up one PC in the
warehouse on the same broadcast domain as all
the other computers?

C. Run a 1000BaseT horizontal run to the

warehouse.
D. Use an 802.11g wireless connection.

B. Keep the evidence server disconnected from

the rest of the network.

D. Use a VLAN to separate the defense

attorneys connection from the rest of the
network, implementing an aggressive
firewall between VLANs.
6. Donna has paid $150/drop to have four
new CAT 6 horizontal runs installed. The
installer should provide a floor plan and what
documentation for each run?

B. Determine the type of ISP you will use.

B. Give the warehouse its own Internet

connection and run a VPN.

A. Put all evidence on Blu-ray Discs.

C. Give every defense attorney his or her own

account on the prosecutors domain.

B. -t

A. Run multimode fiber to the warehouse.

5. Steve is helping a local county prosecutor

set up a network. The prosecutors must give
defense attorneys access to any electronic
evidence in a case. The evidence is stored on
an evidence server that police and prosecutors
access continually during the day. Which of the
following solutions could Steve implement to
give defense attorneys the best access to data
stored on a single server yet still best protect
the rest of the network from potential threats
from the single RJ-45 connection provided to the
attorneys?

A. Length, labeling, and CAT rating

B. Length, impedance, and TIA/EIA 568
information
C. Length, near-end crosstalk, and CAT rating
D. Length and CAT rating
7. Gary has installed a new laser printer. He wants
everyone on the wired network to be able to
print to the new printer but he doesnt want
anyone on the wireless network to print to the
printer. Which of the following would best
accomplish this?
A. Put the wireless clients on a separate VLAN.
B. Put the printer on the wireless network and
use wireless isolation.
C. Install the laser printer on a wired computer
and do a Windows share.
D. Printers cant be shared over wireless
networks.

552

Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks

Ba

19

BaseTech / Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 19

8. What Cisco device is used to add ports to a Cisco

product?
A. SFP
B. HWIC
C. GBIC
D. Repeater
9. Which of the following is a dedicated computer
thats preconfigured to offer file storage for many
types of client computers?

C. PAN
D. SPAN
10. What type of electrical setup is ideal for a
network closet?
A. Circuits shared with no more than two other
locations
B. Dedicated circuit
C. High-voltage circuit
D. Any circuit will do.

A. Active Directory
B. NAS

Essay Quiz
1. Give a walk though of all the steps to configure
a WAP on an existing network. Include adding a
VLAN just for wireless clients.
2. Using a real-world example with a router that
can block incoming ICMP, show how to diagnose
an MTU black hole. Include screen grabs of the
problem and show how to turn off ICMP blocks
on your sample router.

3. Write an employee training tool for MHTechED

that describes to the users what to expect on
their systems in the new office. Create a name for
the printers and show the users how to access
them. Create shares for the servers and give
them instructions on what is stored where. Feel
free to use your own creativity to make this as
complete as possible.

Lab
Lab Projects
Projects
Lab Project 19.1
Working with multiple partners, build an entire
network, with each person adding a single
component. Have each person add an item to
a sheet of paper. You have ten workstations,

but feel free to add anything else. Draw a

logical diagram of the network and add an IP
addressing scheme.

Lab Project 19.2

Go on a shopping trip to purchase every item
to build a new SOHO network. You must use a
router, two WAPs, a switch, a better laser printer,

Chapter 19: Building a SOHO Network

and a scanner. Then go on eBay and see how

much you save by buying the same or similar
equipment used.

553