Routers Modems and Switches in plain english.

This article will keep it simple to describe a typical home or small business network. The term WAN (Wide Area Network) for purposes of this article refers to the path to the internet. The term LAN(Local Area Network)for purpose of this article refers to your internal home or small business network.

Modem:
The example below shows a Cable/DSL modem connected directly to the internet in red. The modem has been assigned a public IP address by the Internet Service Provider. This public IP address can be seen by all computers connected to the internet around the world. Basic modems typically have one purpose only, to connect you directly to the internet and do not always provide firewall protection. The rear of these modems have two connections, one connects to the DSL phone or cable line to the internet, the other usually labeled LAN (Local Area Network) and sometimes colored yellow connects to your firewall routers WAN port or directly to one computer when no firewall or router device is present.

In the example below the yellow LAN port on the back of the modem is connected to the WAN port at the rear of a Wireless Firewall Router device which is providing protection and services in the following fashion.


























the router and modem may be combined into a single device. Basic services provided by routers:

1. Firewall: The router acts as a firewall to manage the listening port/pin hole settings before traffic reaches any of the computers on the inside of your network. It is also the gateway device to the internet or WAN for the computers on your network. The router will be configured with both the Public IP address assigned by your Internet Service Provider in its WAN settings, sometimes referred to as Internet settings. The router is also assigned an  internal non routable private IP address in the routers LAN settings, this address is always fixed/static and by default is usually the first usable IP address on your internal network or the last usable IP address.  In the above example the router has been assigned the first usable IP address of 192.168.1.1 a very common IP address for routers, another common address used is to use the last usable address of 192.168.1.254.  There are other common non routable addresses used in home routers such as 192.168.0.1, or 192.168.0.254.

The routers IP address settings are reached by logging into the router using a web browser or telnet client and pointing it to the routers IP address. To log in to the above example we would point our web browser to http://192.168.1.1 and hit enter to receive a log in screen to allow access. If you aren't sure what your routers IP address is, this is usually the gateway address and can be found by clicking on start, then run and typing in CMD and hitting enter. You will be taken to a black command window with a blinking cursor. Type in  ipconfig and hit enter. You will receive a screen similar to the following example. The Default Gateway indicated below will usually be the router. Your Gateway and IP addressing may be different.









    
                    
                              Type exit or close the window to exit from the command window.

Most newer routers are accessed by  web browsers and  have similar  interfaces for configuring the IP address,  port  and wireless settings, by default most firewall routers will have the commonly used internet http port 80 open to allow web browsers on your network to access and receive data from the internet.  Other common ports opened mainly for business environments need to be specifically opened  include examples such as 3389 for RDP(remote desktop), 110 for POP mail(incoming mail servers), 25 for SMTP(outgoing mail servers). There are hundreds of ports, many used by Windows and Microsoft applications, and many available for specific uses by users. Games played over the internet sometimes require certain ports to be opened.  You can find complete lists of the common port numbers used on line, best practice, the fewer ports opened the better your security.

2. DHCP: The router by default is configured to use its DHCP(Dynamic Host Configuration Protocol) service to hand out and manage unique Private IP addresses on your network, it must by design hand out addresses belonging to the same IP address family the router was assigned to. Computers and devices on the same network will share the first 3 sets of numbers in the IP address and be assigned a unique 4th number. In the above example the DHCP service has been configured to hand out addresses from 192.168.1.2 up to 192.168.1.99. In  business environments the router might be configured to hand out a mid range of addresses such as 192.168.1.20 through 192.168.1.253, reserving 192.168.1.2 through 192.168.1.19 for other static devices such as other routers, file servers, mail servers, fax servers, copiers or printers. Depending on the size and needs of your network these settings can be changed and managed. DHCP can also be turned off if another device like a server is using its own DHCP service on the network. Only one DHCP service may run on the same network.

Why hand out dynamic addresses? This is the preferred most efficient configuration for the following reason. DHCP scans for active devices on the network when it detects a new one like a wireless laptop just joining your network, it assigns the very next available IP address with in the range allowed. When that laptop is finished on the network either unplugged or turned off, the IP address becomes available for the next new device, this is an efficient use of network resources.  In most cases for home users with one computer DHCP may assign the same available address. If you have several computers on your home or business network depending on who turned off their computer and who turned theirs on first, the IP address  may change.

The DHCP service also takes note of those computers or devices that already have static/fixed IP addresses. File servers, remote workstations, copiers and network printers are examples of common devices assigned a static/fixed IP address that doesn't change in order for them to provide reliable networking services. These fixed/static IP addresses are usually assigned above or below the range of IP addresses the DHCP service has been configured to hand out. However if a device is configured with  a static/fixed IP address, and that address is already in use on the network,  windows will display  an alert indicating another device or computer is using that address resulting in an IP
address conflict and one device or the other will need to change its fixed/static IP addresss or allow the DHCP service to give it one.

3. Routing: The router manages outgoing web requests from computers on your network, since all the computers on the inside of your network behind the firewall device share the same external public IP address assigned by your ISP, the router uses a translation method called NAT (Native Address Translation) to allow multiple computers on the inside of your network  to communicate with the internet sharing the same public IP address from behind the firewall.  When you use your browser and hit enter or click go, that request first goes through your router,  the router knows which computer inside the network made the request based on its internal IP address or other means such as a computer machine address, the router includes and codes that information adding it to the outgoing web page request packet, when the request packet returns from the web site the router then decodes the coded information it placed in the outgoing request and sends the new page to the correct computer that originated the request and the correct browser is updated with the new page.

4. Port forwarding: The router can also manage incoming traffic hitting the public IP address assigned to your internet connection and be configured to send that traffic to a particular computer or device inside your network by using port forwarding to a static/fixed IP address. For example if a remote user needs to remotely access a computer on the inside of the network a port can be opened on the router, the default port number 3389 is used for remote access also referred to as an RDP(Remote Desktop Protocol) port. The router can be configured to forward port 3389 RDP to any of the internal computers having a static/fixed IP addresses on your network allowing the user to remotely log on to their computer away from home or work. (See port forwarding). Opening certain ports has advantanges when used carefully but always decreases the security of the firewall. Best practice, the fewer ports or pin holes you have open the more secure your data, computer and network will be. As mentioned above there is also a setting  on routers that allow clear sailing, meaning all the ports on the router are opened to all computers inside the network, each computer then on the network would need to manage its own firewall, this is a setting that should never be used by the inexperienced as it effectively turns off the firewall in the router.

5. Content filtering: Some routers have basic web filtering built right in allowing you to filter selective web traffic from reaching certain computers on your network in a snap. For example you could create a rule to filter the web site http://facebook.com and display a custom message 'This site is not available between the hours of 9:00 am and 5:00 pm.' for all computers on your network or  depending on the filtering rules available you can define hours it can be accessed, and select IP addresses on your network you want rules applied to. Filtering can also include key words to filter out web pages having those words. Word filtering is an extreme rule to apply but can have its uses. To check if your router has filtering capability check your user guide, or note its brand model and serial number and get on line to the manufactures site to locate the users guide.

There are also routers designed with filtering in mind which support more powerful features along with subscription services which download filtering content to the router automatically in the form of updates. For example if you don't want social networking sites to be accessed in general at the home or office, subscriptions services update the routers filtering content with new sites you may not be aware of that fit the profile of social networking. Specialized filtering routers are commonly used for small to large businesses, and organizations providing children or youth with internet services. 

Another way to filter site traffic is to use an external DNS service such as OpenDNS(which offers some basic free web filtering service and more advanced paid services You must also subscribe to these services and create an account. You then use the DNS setting provided by the service instead of the default used by your ISP. In this fashion the service now provides the filtering for you, so out going web requests from your network(when someone clicks go in a browser) are sent to the DNS service first, when the request returns from the web site they also hit the DNS service first  but now get filtered by the rules you apply, then the DNS service forwards it to your router allowing the page if it meets your rule or displaying a custom message including a logo or image with your message if the page or site is not allowed. 

7.Switch:The router has a built in switch to allow multiple computers or devices usually 4 or more to share your network or internet connection.

8. VPN: Most routers provide VPN(Virtual Private Network) services. Using this method allows a remote computer or laptop to securely join your private internal network over the web. The router is configured to set up a secure network connection with a VPN Client(security software configured to work with the router) installed on the remote computer. This is also referred to a VPN tunnel.  Windows includes a generic VPN client, however most routers with VPN services usually provide their own VPN clients which may work better with the product. CiscoPix and SonicWall, are known router types with solid VPN services, but many other brands such as Netgear also provide VPN.

Internet Service Providers are now offering Modem/Router combination devices, in which case in the above network layout example the modem would be missing and the Wireless Router connected directly to the internet providing the same level of protection and service.

Switch:
A basic switch is a non programmable but intelligent network device that allows sharing of an internet or network connection by computers or devices, unlike a router which routes traffic, a switch controls the traffic flow efficiently across your network. Most firewall routers have a 4 or 5 port switch built in to allow connection of multiple computers or devices. However more computers or devices such as printer/copier/scanners can be added to the network by connecting an external switch to one of the available LAN ports in the back of the router. New  Internet equipped HDTV's are an example of latest devices requiring internet access that can be connected to the switch. 

The examples below show a 5 port switch and a 12 port switch, simply connecting any one of these ports to an available LAN port on your router will allow  the remaining  ports on the switch to share the connection and increase the size of your network.  

There are many types of switches having anywhere from 4,5,8,12,16 and 24 ports. In small to medium sized business these switches are either connected to computers by cables directly, or more commonly there is internal network cabling already in place, the switch might be connected to a patch panel of numbered network jack locations which in turn lead to network jacks in office locations in turn connected to computers or devices. See Business Network Layout for an example of how a switch is used.




















 

Saturday, December 19, 2009

Roberto Almodobar, TechSupportFree, Staff Writer