Setting up a LAN

for home networks with DSL

© 2008 by KV5R.

Overview

This article covers the initially confusing issue of setting up a small Local Area Network (LAN) for file, printer, and Internet sharing. It is primarily intended for DSL subscribers that want to add more computers to their Internet connection.

I’ve been configuring computers for over 20 years, but networks are something I ignored for as long as possible. Then I needed one, so I had to study the subject. At first it was totally confusing, but then it got really simple. I’m no network guru, just a novice, but that’s why I can (hopefully) write a fairly useful beginner’s guide.

Disclaimer: This article isn’t the final word, it’s just one (fairly easy) example, so do your homework, and don’t blame the author if you buy the wrong thing or it doesn’t behave as expected. There are a large variety of gadgets, and an almost infinite number of possible configurations.

Setting up your first LAN requires a little study and planning. At least:

  • Things to know
  • Things to get
  • Things to configure

…so I’ll attempt to proceed along those lines.

Things to Know

Reading the manufacturers’ manuals is recommended, but first you might visit Wikipedia and bone-up on the lingo, since networking has quite an array of confusing terms—and to make it worse, some of those terms are not used consistently, and further, the technology changes quite rapidly.

To put all your computers on the on a LAN you need at least the following:

  • an Ethernet card, or wireless Ethernet card, in each computer
  • a Hub (aka a Switch), and/or a wireless access point, through which all the computers connect
  • if wired, obviously, Ethernet cables.

Then to put your LAN on the Internet (that is, to have Internet connectivity to every computer on your LAN), you also need the following:

  • A DSL, cable tv, or satellite modem (usually provided by your ISP/phone/cable co.)
  • A router (usually included in the modem)

Note that these functionalities may be in separate physical devices, or (more commonly) combined into one or a couple of physical devices.

A modem (DSL or cable) is, in simplest terms, a device that interfaces your local Ethernet LAN to the phone or cable lines. In the US, one is usually provided by your DSL or Cable Service Provider. It may or may not also contain the other devices described below.

A router is a little-bitty computer that ‘routes’—i.e., it does network address translation (NAT) and seeks a ‘route’ between different networks, and thereby connects two different networks together, such as your local net and the Internet. In simplest terms, it converts your ‘private’ (LAN - local area network) addresses to ‘public’ (Internet, WAN - wide area network) addresses. Modern DSL modems usually contain a router. In effect, a router isn’t really a device, it’s a functionality, and may be built as a stand-alone unit (not typical of home devices), or combined with a modem and/or an Ethernet switch. Further, some modems have multi-ports and therefore are modem/router/switch all in one box, which if your phone company will supply free, is probably your easiest solution.

A network packet switch (sometimes called a ‘hub’) is a gadget that adds more network ports. A switch may or may not contain a router. A router/switch may be configured to act as a switch only, by disabling it’s router functions, which is what you want to do if your DSL modem already has a router in it and you bought a router/switch.

A modem or switch that contains a router will usually have a configurator, and you get into it with an IP address in your browser, like 192.168.0.1. That gives you a web-based tool where you can adjust the router’s settings as needed. Older units may not have the web-based tool, and you have to run a Telnet client and configure it with a command-line (not fun, but just follow the book).

A “WAP” is a Wireless Access Point, which gives you the ability to run a wireless LAN, usually with Internet connectivity. A WAP is usually combined with a modem/router or a router/switch, and is easily identified by 1 or 2 little antennas.

I don’t know anything about cable internet, but my understanding is that cable modems do not have routers built-in, because with cable, you’re not really on the Internet, you’re on the cable company’s network, and it does the Internet routing at the head-end. However, to isolate your home LAN from the cable network, you need a router as well, or at least a good software firewall. If that’s your case, this article may not help you much—consult better sources.

How to tell if your broadband modem has a router: If it has an IP address that leads your browser to a log-in screen and a configurator with stuff like a NAT table, a port firewall, and a DHCP server, then it’s a router. You do not need another router in the typical home (or small office) LAN. One is always enough. Some people get confused by trying to connect two devices that both contain routers. Disable one. With DSL, you want to use the router in the telco-supplied modem/router box, as it will come preconfigured to just plug in and work (hopefully).

Another thing to know is a couple of useful command-line utilities. One is ipconfig, the other is ping. To use them, you start a command window: (Start, Run, cmd) and then type in the command window, ipconfig /all to see what are your current IP settings. This will show your computer’s IP address, and other info such as the IP of your DNS server(s) and whether or not you are running a DHCP server (more on this below). Ping is a simple troubleshooting utility that reaches out to a network address and requests a reply. If ping gives you a reply, then you know that that part of the network is working. It also shows the speed of the response, in milliseconds.

Looking at the output of ipconfig /all, you can tell much about your current configuration, once you know the difference between private and public addresses, and the meanings of terms like DNS Server and Gateway.

About IP Addresses

There are private (LAN - Local) addresses, and public (WAN - Wide) addresses. The private addresses apply to your LAN and it’s devices. The public addresses apply to the Internet, sometimes called the WAN (Wide Area Network). The 192.168.x.x block of IP addresses are reserved for LANs, and thus are not used anywhere on the Internet. The only place you should have both LAN and WAN settings is in the router, and it’s best to leave the WAN-side alone, particularly if the router is in the DSL modem provided by your ISP.

Private IP addresses fall into these ranges (the first being used for small home/home office LANs):

  • 192.168.x.x — used by small ‘class-C’ LANS, and
  • 172.16.x.x — used by larger ‘class-B’ LANS, and
  • 10.x.x.x — used by very large private LANS, such as major corporations.

Any address outside of 192, or 172, or 10 is most likely a public IP, in other words, an Internet address.

How is this knowledge useful? Well, one thing you can do is run ipconfig /all and look at the addresses it shows. If they are in a ‘private’ block, then you have a router doing translation. If they are in a ‘public’ block, then you do not have a router, and are directly ‘on’ the Internet—in which case you need a software firewall (running on every computer) to protect your computers from direct (frequently malicious) access from unknown parties on the Internet.

About Firewalls and Security

A firewall looks at the outgoing requests you make (like browsing or emailing), and it allows the responses back in. Responses that you did not initiate are blocked. There three major types of firewalls:

  • Your router may have a hardware firewall, which simply blocks all unrequested incoming traffic on all ports;
  • Your (more expensive) router may look at the contents of all incoming packets and make a more intelligent decision. This is called Stateful Packet Inspection, or an SPI firewall. This is the best kind to have—a hardware SPI firewall.
  • Your computer(s) may run a software firewall, such as the XP firewall, Zone Alarm, or Comodo. These allow or disallow network traffic based on many factors, such as what application or service initiated the request, on what port, from which direction (in or out).

This is how trojan horses work: The malicious software rides in on something you requested. Then it installs itself and acts like you, making ‘valid’ requests, which pulls in more crap, or send your keyboard or personal information to the malicious attacker. The firewall fails because it doesn’t know if you made the request or if the malware (acting as you) made the request. This all gives rise to the need for more than just a firewall—you also need a virus scanner (such as Avast) and a malware/spyware scanner (such as Spybot).

All this extra scanning software adds some security to your system, but at a price—it slows your system down, since each file you open or run must be analyzed to see (hopefully) if it’s legit or malicious. There is, therefore, a balance between security and system performance. Many vendors out there are trying to get you to install their security solutions, which, if you installed them all, you’d have a very secure, and very slow, computer. A firewall and two on-access scanners are generally enough, though you need to know how they work and also take time to learn basic security measures and awareness. There are many good sites on the subject.

About DHCP

DHCP (Dynamic Host Configuration Protocol) is a server that automatically assigns IP addresses. You only need one DHCP server (or none). Some people have endless problems because they accidently have two DHCP servers running. The DHCP server is usually part of the router hardware, which is where it should be. If you run a software DHCP server, then that computer will always have to be on. I prefer to not run a DHCP server at all, and set my own private addresses manually on each network device, because it’s just simpler and more secure that way.

To DHCP Or Not To DHCP? If your LAN changes frequently (for example, you move a notebook computer from work to home every day), it’s more convenient to use a DHCP server and just let it set addresses as it wills. But the process of detecting devices and assigning addresses takes some time, so your LAN doesn’t get connected as fast. If you have computers that stay connected all the time, it’s better to disable the DHCP server and set each one to fixed addresses.

Actually, I think you can also do both—run some fixed IPs and also a DHCP server for items that move among networks (like a notebook), or something like a network printer that doesn’t have the ability to set a fixed IP. In that case, leave the DHCP server running and make sure your fixed-IP devices use addresses outside of the DHCP address pool.

Basic Topology

To summarize, you have:

  • The Internet backbone
  • Your ISP (with their various web, mail, and DNS servers)
  • Your DSL or Cable modem
  • A router (to interface your LAN to the Internet)
  • A switch (for expanding your wired network) and/or
  • A WAP (for your wireless network)
  • Your computers and other devices on your private LAN
  • …and the modem, router, switch, and WAP come in various combinations.

Things to Get

What you need to get depends on what you already have and what you want to do.

If your 1-port DSL modem has a router (typical of modern DSL modems), and you’re building a wired-only LAN, then all you need is a switch and some cables. Watch out, because some sales people may try to sell you a more expensive device than you need. A good 5-port Ethernet switch is about $25, while a good switch with a router in it is about $65, and if your DSL modem already has router in it, you don’t need another one… Caveat Emptor.

If the modem doesn’t have a router, you need a router/switch combination unit, also sometimes known as a “residential gateway” or similar. These are about $65.

Either one may or may not also have a Wireless Access Point (WAP), which may be either type-g or the newer and much faster type-n (called Wireless-N or 802.11n). Wireless networks are more expensive, more troublesome, slower than wire, and must be secured with encryption. But if you need to move your computer around the place, or just can’t run wire, then that’s the way to go. A modem/router/switch/WAP all-in-one device runs around $150. Then you need compatible wireless devices for all your hardware.

The next thing to know is don’t buy cheapo hardware. The top brands tend to be both more reliable and easier to configure, and are well worth a few extra bucks. (The author is under no agreement with any manufacturer).

In my case, my ISP/phone company sent me a modem/router for DSL, which has one port. I needed another port to run Internet to another computer, so I put in two network cards (NICs) and ran one to the DSL modem/router, the other one to the other computer, and then set up Microsoft Internet Connection Sharing, which is in effect a software-based router. Messy!—and I had to keep both computers on all the time! So I bought a Linksys router/switch, a factory recertified BEFSR41, for $25, saving $40 off retail.

Actually, what I needed was just a switch (such as the Linksys EZXS55W), not a router, but I didn’t know better and got a router/switch anyway, then configured it to be just a switch, else deal with the configuration nightmare of running two cascaded routers (usually not a good idea, particularly of you want to port-forward).

I also ordered CAT-5e cables, in 3, 6, and 20-foot lengths, the kind with the molded strain-relief jacks, in several colors. Watch out for over-priced cables. There’s no reason to pay over about $6 for a good 6-foot CAT-5 cable. If you’re going to wire the whole house for Ethernet, you need to shop online for a bulk roll of UTP cable, the RJ-45 jacks, and the RJ-45 crimping tool. What kind? CAT-5 is fine for Fast Ethernet (100Mb), or get CAT-5E or CAT-6 if you ever plan to go to Gigabit speeds, which is the emerging standard. I don’t think one needs a Gigabit LAN unless one plans to run a media server and several HDTV channels over the network (IMO).

Note that a 4-port router/switch, like the BEFSR41, when used as a switch only, will not give you 4 more ports. It will give you 2 more ports! Why? Because you use one for the DSL modem/router, and one for the existing computer—hence, you have 2 left. When the router functions are disabled, you don’t use the WAN port to go to the modem/router, you use either the ‘Uplink’ port with a straight cable, or the #1 port with a crossover cable. Uplink and port #1 are the same port, with Uplink having reversed wiring inside. To connect between two Ethernet ports (in this case, between the modem and the switch,) wiring must be crossed, either with a crossover cable or a crossed-over port. Since you probably have a short crossover cable that came with the DSL modem, you can use that into port #1 on the switch. In other words, leave the cable that came with the modem, on the modem, as-is, and just move it’s other end from the computer to the switch on port #1. Then connect port #2 to the computer with a regular straight cable. A few devices even have auto-sensing ports, so you can use either type of cable and forget the whole crossover issue. Either way, consult the manual.

Things to Configure

Making the LAN work smoothly requires a little knowledge of how to configure things. The following is if you have a modem/router and a router/switch. If you are adding just a plain switch, you shouldn’t have to do anything but plug in cables and set up computers.

  • Start a paper of IP addresses, passwords, changed settings, etc. Skip this step and you will regret it.
  • Drag out those manuals and learn the IP addresses and passwords needed to get into the modem/router and router/switch configurators.
  • With only the DSL modem/router connected: Log into it’s configurator and, if you’ll be running only fixed IP addresses on your LAN, disable it’s DHCP server. Don’t change it’s LAN address, nor any WAN settings. Save, log off, and unplug it from the computer. Connect the router/switch to the computer.
  • With only the router/switch connected: Go into it’s configurator and (a) set it’s IP address to the next number after the modem’s IP address, and (b) disable it’s NAT/router and DHCP server. Note: As soon as you save it’s new IP, you’ll lose the connection to it. Just point your browser to the new address and log in again.
  • Now connect everything.
  • For each computer: Set up a Windows Network with Start, Settings, Control Panel, Network Setup Wizard. After reading below, go into TCP/IP Properties and set those details as needed.

How to Set a Fixed IP Address in XP

First, be aware that a ‘Fixed IP’ will be the private LAN address of your computer—not to be confused with a ‘Static IP’ address that may be provided by your service provider. They are two entirely different things.

  • Click Start, Settings, Network Connections
  • Right-click your local network and select Properties
  • Select Internet Protocol (TCP/IP) and click the Properties button

Image of TCPIP Properties

In the TCP/IP Properties box,

  • Check ‘Use the Following IP Addresses’
  • Set the IP address for that computer.
  • Set the subnet mask to 255.255.255.0. That means all your devices will be in the same sub-net, having the same 1st, 2nd, and 3rd numbers, but different 4th numbers.
  • Set the Default Gateway to the address of the DSL modem/router. This is the same as you use to get to it’s configurator. Since you are pointing to the router, the router will translate this to your public IP (whether Static or Dynamic, it knows).
  • Set Preferred DNS Server to the DSL modem/router also. As above, the router knows what your service provider’s DNS server address is, so you just point the computer to the router and let it translate. Leave the Alternate blank, unless otherwise instructed. Windows will not accept the same number in both fields.
  • Repeat the above on your other computers, using a different last number in the IP address, but setting the rest of the fields the same.

Notes:

  • The IP addresses for a simple LAN are almost always 192.168.one-number.one-of-several-numbers, and the ‘one-of-several’ range must be outside the range of reserved numbers used by you router’s DHCP server (if used), which is 50-150 in many such devices (but if in doubt, consult the manual or your service provider).
  • The third number in the IP quad should always be the same as the third number in the modem/router’s address. For example, if your modem/router comes configured to 192.168.0.1, don’t change it, just set your switch to 192.168.0.2, your main computer to 0.3, next computer to 0.4, an Ethernet-connected printer or file server to 0.5, and etc.
  • You should keep a written record of how everything is set up! It really helps.
  • If you have not disabled the router’s DHCP server, and desire to use it, just leave the Windows default setting of ‘Obtain an IP address automatically.’
  • When setting up the Windows Workgroup, make sure to decide on a workgroup name beforehand, and use the same workgroup name on every computer.
  • You also need to assign each computer a unique name. This is not the workgroup name, it’s the computer’s name. You then use that name to make connections to shares on other computers in the LAN. If you’re on computer-1, and you want to grab a file on computer-2, you’d navigate to something like \\computer-2\someSharedFolder.
  • Make sure that any folder you share is shared on your LAN only, not the Internet!
  • If you’ve already set fixed addresses, then run the Windows Network wizard again, it tends to reset your TCP/IP Properties back to Automatic, so you have go through that again. If you didn’t know that, and you’ve disabled the DHCP server, the LAN won’t work and it won’t tell you why.

Once Windows has a workgroup, and the computers have addreses, the LAN should be working. Other things to set include file and/or printer sharing, which are services that need to be installed if they’re not already in the Network Properties box.

If the LAN is working (you can share a folder and copy a file from one machine to another), but one machine won’t get on the Internet, it’s probably because either that machine’s firewall is blocking it, or you haven’t set the Default Gateway and Preferred DNS Server to point at the router.

Why it Starts Out Confusing

The “confusing” scenario goes about like this… A ways back, DSL modems were mostly dumb (no router), so Linksys and others started making various cable/dsl routers, residential gateways, and etc.

Then the DSL biggies (like ATT/Verison, Sprint/Embarq) started supplying DSL modem/routers, since that gives them preconfiguration control over settings that most home users don’t want to mess with—and also tends to limit typical users to one computer online (they want your money, not your bandwidth usage).

Then people want more ports and broadband sharing around the house. So we go looking for the likely gadget, which tends to come up being a ‘cable/dsl router,’ which unfortunately was designed to connect to dumb modems, not modem/routers (but they don’t tell you that).

Then, a conflicting combination of manufacturers’ data, ISPs’ data, and a plethora of onine opinions all boil down to three possible solutions:

  • Bridge the modem and move all those WAN settings and functions into a router/switch;
  • Leave the modem as a modem/router and convert the second router to a switch (preferred); or
  • Run cascaded routers, a configuration nightmare, with the modem/router a subnet, and the second router as another subnet within the first subnet. eek! This is what a modem/router’s install CD will do, which if you run, you’ll eventually regret.

From my research, on the typical home/SOHO lan + wan,

  • A user with a modem/router does not need another router, or a nested subnet, he needs only an ethernet switch and/or WAP device.
  • The modem/router should be left as supplied by the ISP, or they won’t support you.
  • The modem connects to the router/switch’s LAN (not WAN) port with a crossover patch cable, or the Uplink port with a straight cable (and most telco-supplied DSL modem/routers come with a crossover patch).
  • The router/switch should be converted to a non-router/switch beforehand—turn off DHCP server, nat, etc, and change its IP address to be in the same subnet as the modem/router’s default. Like 192.168.0.something.
  • Set all computers to fixed IP configuration, with no DHCP server.
  • Bridging the modem/router and moving all its WAN functions into a second router is only indicated if the second router has substantially more desireable features (like an SPI firewall).

Here’s how I set mine up, as a simple-as-possible, single subnet:

  • 192.168.0.1 The modem’s default, so I’ll use 0.* as my single class-C subnet for all devices (actually, I used other addresses than shown).
  • 192.168.0.2 The router/switch, running as switch (nat/routing disabled)
  • 192.168.0.3 Computer #1
  • 192.168.0.4 Computer #2
  • 192.168.0.1 Both computers’ Default Gateway and DNS Server—since that’s the modem/router, which NATs both the Internet IP and the (auto-detected) DNS server IP, to its single lan-side IP of 0.1.

Advantages:

  • Only one place to configure port-forwards, nat firewall, etc.: The modem/router
  • All in one subnet, with no DHCP server: Fast start-up and reliable port forwarding
  • Simple enough for an old geezer to understand!

Now I can browse to the modem setup on 0.1, and the Linksys setup on 0.2, as well as the original intent, run Internet to either computer with the other one OFF! I’ve also noticed that the LAN is a lot faster than it was with internet connection sharing.

Links

Good articles that helped me a lot:

http://forum.portforward.com/YaBB.cgi?board=Knowledge;action=display;num=1139203841

http://forum.portforward.com/YaBB.cgi?board=Knowledge;action=display;num=1133918703

About Cables: http://www.lanshack.com/cat5e-tutorial.aspx

Linksys: http://www.linksys.com/. Browsing the Linksys site yields a lot of good info on on both products and tutorials.

—KV5R