Day 21. SOHO Router Installation

Objective 2.6: Given a scenario, install and configure SOHO wireless/wired router and apply appropriate settings.

Table 21-1 802.11 Wi-Fi Distance Limitations

After setting the IP address, a web browser is commonly used to connect to the built-in web server on the Wi-Fi router. Point the browser to the IP address of the router, and log in using the default username and password provided by the router manufacturer, as shown in Figure 21-1.

Figure 21-1 Router Log-in Page

At this point, decide whether DHCP will be used by the router to automatically assign IP addresses to clients. If manual addressing will be used, turn off DHCP in the router configuration.

Like a PC or laptop, a Wi-Fi router has firmware that controls the hardware and stores the software to configure the router. Make sure the router is using a firmware version that has the desired configuration settings and features. Upgrade the firmware only if necessary.

The data transmissions between devices and a wireless router are not secure. These transmissions can be intercepted unless they are encrypted. Table 21-2 shows the various wireless encryption methods, and Figure 21-2 shows a typical wireless security settings page on a wireless router.

Table 21-2 Wireless Encryption Methods

Figure 21-2 Wireless Security Settings

Different frequency ranges are represented by channels. For example, channel 6 in an 802.11n network lies in the center of a 22 MHz range, with a center frequency of 2.437 GHz. The Wi-Fi router often defaults to automatically choose the best channel, but many times it can be set manually. If a specific channel is experiencing interference, try a different channel setting.

NAT works by remapping the IP addresses of the devices on the LAN to the public IP address of the WAN when communication crosses the router’s interface. NAT is a basic type of firewall because it prevents computers on the WAN from seeing the IP addresses of the devices on the LAN.

For example, if you want to run a web server on your network, port 80 (http) would need to be forwarded to the IP address of your web server—that is, 192.168.1.100. When a web browser is pointed at your public (WAN) IP address, the router will see the request on port 80 and forward the traffic to 192.168.1.100, where the web server will respond to the request.

Sometimes, port forwarding is called destination NAT (DNAT).

Another type of configuration on a router using NAT is port triggering. Port triggering is used to forward a specific port back to the originating host when it uses a defined outgoing port. For example, a trigger port such as 2016 is the outgoing port while a destination port might be 1030. When outgoing traffic on port 2016 is seen by the router, it triggers the router to open port 1030 and send back any communications from the outbound connection to the originating device on that port. This is useful for special applications such as Internet Relay Chat (IRC), a method of chatting and sharing files between users or bit torrents, which are files shared between many users at the same time.

A DMZ is useful to place web, e-mail, or FTP servers into because all the untrusted Internet traffic is no longer let into the LAN. Of course, the DMZ servers are completely exposed and at risk of compromise. The DMZ should be used only when it is protected by a proxy or firewall. You can designate a server to be placed in a DMZ by entering its IP address in the DMZ settings page of the Wi-Fi router.

For example, web traffic would be a much lower priority than a video call. This is because the video call needs to be as close to real time as possible. If data is late or missing, it affects the quality of the call. Video or audio might drop or skip when the data does not reach the destination in time. Gaming needs priority over standard web or e-mail traffic as well, but it would not have priority over voice or video calls.