Module 4/ unit 2 Poge 346 Module 4 / Unit 2 Connecting to a Network Objectives (On completion of this unit, you will be able to Identify the roles of different network devices in providing local and internet network connectivity. Distinguish the advantages and disadvantages of Internet connection types. Connect a computer to a wired or wireless network. 5 Configure a wireless access point to use secure network settings. Syllabus Objectives and Content Examples This unit covers the following exam domain objectives and content examples: 2.4 Compare and contrast common Internet service types. Fiber optic Cable - DSL - Wireless (Radio frequency, Satellite, Cellular) © 2.7 Explain basic networking concepts. Devices (Modem, Router, Switch, Access point) 2.8 Given a scenario, install, configure and secure a basic wireless network 802.1 1a/bigin/ac (Older vs. newer standards, Speed limitations, Interference and attenuation factors) - Best practices (Change SSID, Change default password, Encrypted vs. unencrypted [Open, Captive portal, WEP, WPA, WPA2))Internet Service Types az tts The sort of equipment and networks used at home and in small businesses are often described as SOHO (Small Office Home Office). A SOHO network is typically based around a single multifunction device. This type of network device can perform the following sort of functions: = Switch—connects four or eight computers together in an Ethernet LAN using RJ-45 network ports and twisted-pair cabling, = Access Point (AP}—creates a Wi-Fi wireless network (WLAN) between computers and mobile devices equipped with suitable adapters and also switches communications between the wired and wireless networks. = Internet routerimodem—connects the wired and wireless network clients to the Internet via a WAN link. Typical SOHO Intemet router/modems—the antennas visible on the one on the left show that it ‘can also function as a wireless access point. Image © 123rf.com) g These devices are often simply referred to as "routers." Itis possible for the modem and the router to be separate appliances. The function of the modem is to transmit frames across the WAN link, while the function of the router is to forward packets between the local network and the Internet. There are various ways in which the WAN link can be provisioned Page 347Module 4/ unit 2 Poge 348 Digital Subscriber Line (DSL) Digital Subscriber Line (DSL) is one of the most popular SOHO Internet, service types. DSL works over an ordinary telephone line, providing the line is of sufficient quality. The DSL modem/router is connected to the telephone line using a cable with RU-11 connectors between the WAN port on the router and the telephone point. Data is transferred over the line using the high frequency ranges that voice calls don't need to use, The telephone point is fitted with a microfilter to prevent the data signals interfering with voice calls and vice versa. Most residential DSL services are asymmetric (ADSL), meaning that the uplink (up to about 1.4 Mbps) is slower than the downlink (up to about 24 Mbps). The speeds achievable are heavily depending on the quality of the telephone wiring and the distance to the local telephone exchange. The maximum supported distance is about three miles. Fiber Optic Faster Internet services can be provisioned using fiber optic networks. Fiber optic cables perform much better over long distances and are not affected by noise in the way that electrical signals over copper cable are. Unfortunately, providing a fiber cable all the way to customer premises, referred to as Fiber to the Home (FTTH), requires substantial investment by the telecom providers and is not widely available. Fiber to the Curb (FTTC) is a compromise solution widely deployed in urban and some rural areas. FTTC means that the telecom provider has installed a fiber network terminating at a cabinet somewhere in a nearby street. Each residence is connected to the fiber network over the ordinary copper telephone cabling using Very High Bit Rate DSL (VDSL). VDSL supports a downlink of Up to 52 Mbps and an uplink of 16 Mbps at a distance of up to about 300m. VDSL2 also specifies a very short range (100m/300 feet) rate of 100 Mbps (bi- directional). The VDSL Internet modemv/router is connected in much the same way as an ADSL modem/router. Cable Where FTTC is offered by providers with origins in the telephone network, a cable Intemet connection is usually provided as part of a Cable Access TV (CATV) service. These networks are often described as Hybrid Fiber Coax (HEC) as they combine a fiber optic core network with coax links to customer premises equipment. Coax is another type of copper cable but manufactured in a different way to twisted pair. The cable modem or modemv/router is interfaced to the computer through an Ethemet adapter and to the cable network by a short segment of coax, terminated using an F-connector. Cable based on the Data Over Cable Service Interface Specification (DOCSIS) version 3.0 supports downlink speeds of up to about 1.2 Gbps. Most service providers packages do not offer those kinds of speeds however, with about 100 Mbps being typical of a premium package at the time of writingConnecting to 8 Network g Each Internet access type requires a specific modem or router/modem. You cannot use an ADSL router/modem to connect to an FTTC or HFC service for instance. Verifying a Wired Connection When you connect a Windows computer to a wired network, the network icon in the notification area of the taskbar should show a valid connection. A red cross on the icon indicates that either the cable is not connected properly, is faulty, or the network switch/router is faulty. A yellow alert on the icon indicates that the link has not been configured properly with IP address information and cannot connect to the Internet. "Network status icons showing (lefl-fo-right) a working connection, a disconnected cable, and connection with unknown or incomplete address information, Screenshot used with permission from Microsoft The Intemet Protocol (IP) address information is usually configured by the router, using a service called the Dynamic Host Configuration Protocol (DHCP). You would need to investigate either the settings on the adapter or the switch/router. You can test an Internet connection quite simply by trying to browse a website. Wireless Internet Services While a cabled internet service will usually offer the best bandwidth, they are not always available. Wireless services can be used in areas where it is too difficult or expensive to lay cable. Microwave Satellite Satellite systems provide far bigger areas of coverage than can be achieved using other technologies. The microwave dishes are aligned to orbital satellites that can either relay signals between sites directly or via another satellite, The widespread use of satellite television receivers allows for domestic Internet connectivity services over satellite connections. Satellite services for business are also expanding, especially in rural areas where DSL or cable services are less likely to be available. Satellite connections experience severe latency problems as the signal has to travel thousands of miles more than terrestrial connections, introducing a delay of 4-5 times what might be expected over a land link. For example, if accessing a site in the US from Europe takes 200ms over a land (well, undersea) link, accessing the same site over a satellite link could involve a 900ms delay, This is an issue for real-time applications, such as video conferencing, voice calling, and multi-player gaming. oweModule 4/ unit 2 Poge 350 To create a satellite Intemet connection, the ISP installs a satellite dish (antenna) at the customer's premises and aligns it with the orbital satellite, The satellites all orbit the equator, so in the northern hemisphere the dish will be pointing south, The antenna is connected via coaxial cabling to a DVB-S (Digital Video Broadcast Satellite) modem. This can be installed in the PC as an expansion card or as an external box connected via a USB or Ethernet port. Cellular Radio Cellular data connections use radio transmissions but at greater range than WéFi, Cellular data is more closely associated with Internet access for cell phones and smartphones than with computers. v That said, a cell phone can share its Internet connection with a computer (tethering), if the computer has no other means of Internet access. A cellular phone makes a connection using the nearest available transmitter (cell or base station), Each base station has an effective range of up to five miles (eight km). The transmitter connects the phone to the mobile and PSTN networks, Cellular radio works in the 850 and 1900 MHz frequency bands (mostly in the Americas) and the 900 and 1800 MHz bands (rest of the world). Cellular digital communications standards developed in two competing formats, established in different markets: = GSM (Global System for Mobile Communication)-based phones. GSM allows subscribers to use a SIM (Subscriber Identity Module) card to use an unlocked handset with their chosen network provider. GSM is adopted internationally and by AT&T and T-Mobile in the US. a TIA/EIA IS-95 (cdmaOne}-based handsets. With CDMA, the handset is managed by the provider not the SIM. CDMA adoption is largely restricted to the telecom providers Sprint and Verizon, There are many different cellular Internet service types, marketed in terms of, "generations" (3G, 4G, and 5G). Support for a particular type is dependent on the local cell tower. Some of the technologies used include: a GPRS/EDGE (General Packet Radio Services/Enhanced Data Rates for GSM Evolution) is a precursor to 3G (2.5G) with GPRS offering up to about 48 Kbps and EDGE about 3-4 times that = Evolved High Speed Packet Access (HSPA+) is a 3G standard developed via several iterations from the Universal Mobile Telecommunications System (UMTS) used on GSM networks. HSPA+ nominally supports download speeds up to 168 Mbps and upload speeds up to 34 Mbps. HSPA+-based services are often marketed as 4G if the nominal data rate is better than about 20 Mbps. = ~CDMA2000/Evolution Data Optimized (EV-DO) are the main 3G standards deployed by CDMA network providers. EV-DO can support a 3.1 Mbps downlink and 1.8 Mbps uplink.= Long Term Evolution (LTE) is a converged 4G standard supported by Connecting toa Network both the GSM and CDMA network providers. LTE has a maximum downlink of 150 Mbps in theory, but no provider networks can deliver that sort of speed at the time of writing, with around 20 Mbps far more typical of the speed that might actually be obtained = LTE Advanced (LTE-A) is intended to provide a 300 Mbps downlink, but again this aspiration is not matched by real world performance. Current typical performance for LTE-A is around 40 Mbps, Radio Frequency As noted above, Radio Frequency (RF) is a means of provisioning a wireless local network using Wi-Fi standard equipment, While this isn't a means of Internet service provision in itself, it is a means for a client to connect to a wireless router offering Internet access. As well as the wireless router in your home network, you could use an open or public access point to get on the Intemet, You have to be careful to secure the connections you open when doing this and to avoid using public access points that have been set up for malicious purposes. supporting the HTTPS secure protocol if transferring information. Similarly, ensure that your connection to your email provider uses a secure type of SMTP and POP3/IMAP. Setting Up a Wireless Network A typical SOHO network appliance provides four wired Ethernet ports to connect hosts to the local network via a built-in switch and, via a built-in router and WAN modem, to the Intemet. Most consumers need to connect more than four devices to the network, and it is not very convenient to have to use those devices only in locations where they can be cabled to the router. Consequently, most SOHO networks rely heavily on wireless (Wi-Fi) networking. Wireless Standards and Compatibility "Wireless networking” is generally understood to mean the IEEE’s 802.11 standards for Wireless LANs (WLAN), also called Wi-Fi. There are several versions of the standard, starting with the legacy 802.114 and 802.11b, which supported data rates of 54 Mbps and 11 Mbps respectively. Subsequently, 802.11g acted as an upgrade path for 802.119, working at 54 Mbps but also allowing support for older 802.11b clients. 802.1 1a was not as widely adopted but does use a less crowded frequency band (5 GHz) and is considered less susceptible to interference than the 2.4 GHz band used by 802.11b/g. Poge 351Module 4/ unit 2 Poge 352 The 802.11n standard can use either frequency band and deliver much improved data rates (nominally up to 600 Mbps). The latest 802.11ac standard is now widely supported. 802.11ac access points can deliver up to 1.7 Gbps throughput at the time of writing, 802.1 1ac works only in the § GHz range with the 2.4 GHz band reserved for legacy standards support (802.11b/g/n) Standard Maximum Transfer Rate Band 802.114 (1999) 54 Mbps 5GHz 802.11b (1999) 11.Mbps | _2.4 GHz 802.119 (2003) 54Mbps| 2.4GHz 802.1 1n (2009) 72.2 Mbpsistream (Single Channel) | 2.4/5 GHz 150 Mbpsistream (Bonded Channels) 802.1 1ac (2013) 1.7 Gbps (at time of writing) 5GHz Most SOHO routers support 802.11g/n or 802.1 1g/n/ac, This means that you can have a mix of client devices. For example, you might have a new router that supports 802.11ac but computers and tablets with wireless adapters that only support 802.11. You can use the access point in compatibility mode to allow these devices to connect, ? Compatibility modes can slow the whole network down, especially if 802.11b clients have to be supported. If possible, use newer standards only, Configuring an Access Point To configure an access point, you connect a PC or laptop to one of the LAN ports on the SOHO router. The SOHO router should assign the computer's adapter an Internet Protocol (IP) address using a service called the Dynamic Host Configuration Protocol (DHCP). If this has worked properly, you should see the network status icon in the notification area Look at the SOHO router's setup guide to find out the router's IP address. Open a web browser and type the router's IP address into the address bar. This should open a management page for you to log on. Enter the user name and password listed in the router's setup guide. Most routers will invite you to complete the configuration using a wizard, which guides you through the process. Use the System page to choose a new admin password. The admin password is used to configure the router. It is vital that this password be kept secret and secure. You must choose a strong password that cannot be cracked by password-guessing software. Use a long, memorable phrase of at least 12 characters. A You must always change the default password (typically “default,” “password,” or admin”) to prevent unauthorized access.Use the Wireless settings page to configure the router as an access point. Connecting toa Network Having checked the box to enable wireless communications, you can adjust the following settings from the default especially on a multifunction device such as this. Most devices are now shipped in "security-enabled" configurations, meaning that you explicitly have to choose to enable services that you want to run. m= SSID (Service Set ID)—a name for the WLAN. This is usually set by default to the router vendor's name. It is a good idea to change the SSID from the default to something unique to your network. Remember that the SSID is easily visible to other wireless devices, so do not use one that identifies you personally or your address. The SSID can be up to 32 characters, @ sav Wiese Settings asi | se D opeten note vier: ie wart Gan res etn oe 80) ess Configuring a SOHO access point = Wireless mode—enable compatibility for different 802.11 devices. Configuring Wireless Security To prevent snooping, you should enable encryption on the wireless network Encryption scrambles the messages being sent over the WLAN so that anyone intercepting them is not able to capture any valuable information. An encryption system consists of a cipher, which is the process used to scramble the message, and a key. The key is a unique value that allows the recipient to decrypt a message that has been encrypted using the same cipher and key. Obviously, the key must be known only to valid recipients or the encryption system will offer no protection Following our SOHO router configuration example, under Encryption, you would select the highest security mode supported by devices on the network. = WEP (Wired Equivalent Privacy)—this is an older standard. WEP is flawed and you would only select this if compatibility with legacy devices and software is imperative. Page 353Module 4/ unit 2 Poge 354 = WiFi Protected Access (WPA) this fixes most of the security problems with WEP. WPA uses the same weak RC4 (Rivest Cipher) cipher as WEP but adds a mechanism called the Temporal Key Integrity Protocol (TKIP) to make it stronger. = WPA2—this implements the 802.11i WLAN security standard. The main difference to WPA is the use of the AES (Advanced Encryption Standard) cipher for encryption. AES is much stronger than RC4/TKIP. The only reason not to use WPA2 is ifit is not supported by devices on the network. In many cases, devices that can support WPA can be made compatible with WPA2 with a firmware or driver upgrade. Cc See Unit 5.3 for more information about ciphers and encryption. (On a SOHO network, you would also generate a Pre-Shared Key (PSK) using a 988 password. When you type a password into the box, the router converts it into an encryption key to use with the cipher. You can see the key in the screenshot above expressed as hex numerals. The same wireless password must be entered on client devices for them to connect to the WLAN. v Choose a strong passphrase and keep it secret. In order to generate a strong key, use a long phrase (at least 12 characters) The passphrase can be up to 63 characters long, but making it too Jong will make it very hard for users to enter correctly. password. The wireless password can be shared with anyone you want to allow to connect to the network. The admin password must be kept secret. Open Authentication and Captive Portals Selecting open authentication means that the client is not required to authenticate. This mode would be used on a public AP (or hotspot). This also means that data sent over the wireless network is unencrypted, Open authentication may be combined with a secondary authentication mechanism managed via a browser. When the client associates with the open hotspot and launches the browser, the client is redirected to a captive portal This will allow the client to authenticate to the hotspot provider's network (over HTTPS so the login is secure). The portal may also be designed to enforce terms and conditions and/or take payment to access the Wi-Fi service.Configuring a Wireless Client Zonnecting ton Nota To connect a Windows computer to a wireless network, click the network status icon in the notification area Ell. Select the network name and then click Connect. If you leave Connect automatically selected, Windows will save the password and always try to connect to this SSID when it is in range. In the next panel, enter the wireless password (PSK): runs) Next ancel ES Pena Oo Connecting to @ network and entering the network secunty key (password). Screenshot used with permission from Microsof. When you connect to a new network, you are prompted to set its location. If the link is configured as Public (selecting No in Windows 10), your computer is hidden from other computers on the same network and file sharing is disabled, Ifit is configured as Private (home or work) by selecting Yes, the computer is discoverable and file sharing is enabled. The computer should now be part of the SOHO network and able to connect to the Internet. To verify, test that you can open a website in the browser, Page 355Module 4/ Unit 2 Speed Limitations (Attenuation and Interference) ‘A device supporting the Wi-Fi standard should have a maximum indoor range of up to about 30m (100 feet), though the weaker the signal, the lower the data transfer rate. The distance between the wireless client (station) and access point determines the attenuation (or loss of strength) of the signal, Each station determines an appropriate data rate based on the quality of the signal using a mechanism called Dynamic Rate Switching/Selection (DRS). If the signal is strong, the station will select the highest available data rate, determined by the 802.11 standard. If the signal is weak, the station will reduce the data rate to try to preserve a more stable connection. Radio signals pass through solid objects, such as ordinary brick or drywall walls but can be weakened or blocked by particularly dense or thick material and metal. Other radio-based devices and nearby Wi-Fi networks can also cause interference. Other sources of interference include devices as various as fluorescent lighting, microwave ovens, cordless phones, and (in an industrial environment) power motors and heavy machinery. Bluetooth uses the 2.4 GHz frequency range but a different modulation technique, so interference is possible but not common. Connecting to an Enterprise Network ‘An enterprise network uses the same sort of switch, access point, and router technologies as a SOHO network. In a SOHO network, these technologies are likely to be combined within a single multifunction appliance. On an enterprise network, multiple switch, access point, and router appliances will be used. Cabled Enterprise Network Access ‘An office building is likely to be flood wired with cabling so that there are network ports at every desk. A computer can be connected to the network via an RJ-45 patch cable (or possibly a fiber optic patch cable) plugged into one of these network ports a ‘Modular wall plate with an Ru-45 patch cord connected. Image by Nikolai Lebedev © 123rf com. Poge 356The cabling from each port is routed back to a telecommunications room where Connecting to.» Network it is connected to an Ethemet switch, While the switch in a SOHO Intemet router usually provides four ports, a single enterprise switch will support 20 ports or more. Modular enterprise switches can support hundreds of ports, Furthermore, the switches can be interconnected to create a switched fabric supporting thousands of ports within the same LAN. Cisco Catalyst 3650 Series workgroup switch. Image © and Courtesy of Cisco Systems, Inc. Unauthorized use not permitted. Wireless Enterprise Network Access Wireless enterprise network access also works in the same basic way to ‘SOHO but at a bigger scale. Enterprise access points can support more devices than consumer-level ones. fe, Cisco Aironet access point Image © and Courtesy of Cisco Systems, Inc. Unauthorized use not permite. Page 357Module 4/ unit 2 Page 358 Enterprise Network Routers While the switches and access points can provide thousands of ports and network connections, itis inefficient to have that many connections to the same "logical" network. The ports are divided into groups using a technology called Virtual LAN (VLAN) and each VLAN is associated with a different subnet. Communications between different VLANs have to go through a router. Cisco 1000 Series Advanced Services Router. Image © and Courtesy of Cisco Systems, Inc. Unauthorized use not permitted The graphic below illustrates how the network components described above might be positioned. The whole network is connected to the wider Internet via a router. The router is also used to divide the network into two subnets (A and B). Within each subnet, a switch is used to allow nodes to communicate with one another and, through the router, to the other subnet and the Intemet, The link between each node and the switch is a segment. Router — Node(A) Node (a) Node (A) Node (8) Node (8) Node (8) Positioning network components. High bandwidth backbone segments are used between the router and the Internet and between the router and the two switches. network might use hundreds of switches and tens of router appliances. The routers used within the network and for Internet access are also likely to be separate appliances.