June 16th, 2005

Building the home network of your dreams

Posted by George Ou @ 5:47 am

Categories: Infrastructure, Mobile/Wireless, Networking, Security

Tags:

Last week, when ZDNet.com Vice President Stephen Howard-Sarin asked me for some advice on setting up a network for his new home, it got me thinking about the future of home networking.  Like many people, Stephen wants the convenience of wireless networking but is concerned about the dangers of wireless networking.  Since this isn’t a brand new home, there isn’t the opportunity to lay networking cable in every nook and cranny; the project would almost certainly require the use of some form of wireless LAN.  Essentially, what we had here was the perfect case study of a modern home network, and Stephen was our perfect guinea pig.  We start with these fundamental questions.

• Should a wired or wireless LAN be used?
• For a wired network, where do we lay the cables?
• What types of Ethernet switches should be used?
• How do we provide optimum wireless coverage?
• How do we secure the wireless LAN?
• What type of wireless hardware do we need?

Should a wired or wireless LAN be used?
One of the fundamental things that must be understood about networking is that wired and wireless networking do not compete with each other — they complement each other.  Whether it’s a corporate or home network, there will always be a need for both technologies.  Wired networks will never be as convenient as a wireless networks, and wireless networks will never have the capacity and stability of wired networks.  While newer technologies like wireless mesh networking (a glorified version of wireless bridging) have replaced some wired backhauls, there will always be a need to terminate to hard-wired cabling.  The modern home network will fully utilize both wired and wireless LAN networking.

For a wired network, where do we lay the cables?
For any brand new home, the best thing to do is to lay multiple sets of CAT6 cabling to every room and terminate them all in to one central wiring closet during construction before the walls are finished.  Forget about running standard twisted-pair phone cabling.  CAT6 cabling can carry anything from 10-megabit to 10-gigabit Ethernet, up to 15 watts of intelligent power with 802.3af POE (Power Over Ethernet), IP phones, to dumb analog phones.  At the end of the CAT6 cable will be the standard RJ-45 socket, which is downwards-compatible with the standard RJ-11 phone socket that your regular phone cords use.  While computing devices are rarely ever "future proof" beyond one year, CAT6 cabling will easily be the preferred wiring medium for the next two decades or more.  In most existing buildings or homes, hiring a contractor to rip out the walls to add CAT6 cabling to every room is not a luxury that most people can or want to pay for.  For those people, CAT6 wiring must be added sparingly to minimize contracting costs but still provide a high-speed gigabit backhaul for the modern home.  For the three-floor home that Stephen is moving into, the most practical thing to do is pick a central termination point on one of the floors and run at least one set of cables to the other two floors.  The cables could easily terminate to a single wall patch panel that can contain multiple RJ-45 sockets, and I recommend using at least four sets of cables.  Below is a diagram of a three-floor home with this wiring layout.

The labor involved in laying four sets of cables point-to-point from room-to-room is not much more than laying a single cable, and the costs of the cable itself is minimal.  You may not use all four now, but having the extra ones there will come in handy.  On each floor, place the patch panels where most of the RJ-45 equipment live.  Computers are no longer the only devices that use RJ-45 ports.  Wireless access points, printers, video recording set-top boxes like Tivo, XBox360, Sony Play Station 3, audio/video media players, and UPnP network storage devices all require RJ-45 connections so that they can share files and access the Internet.  Within the next two years, home entertainment and home computing will converge and CAT6 cabling will be the ideal stable, high-speed, power-carrying backbone for many years to come.  802.11 a/b/g, MIMO, and UWB (ultra-wide-band) will then wirelessly extend Ethernet to every corner of the home.

What types of Ethernet switches should be used?
Now that we have our wiring, we’ll need a good desktop switch to act as the central hub.  Most wireless/router devices will also provide a basic four-port 100-megabit switch, which usually isn’t enough because you’ll lose an additional port for unlinking additional switches.  Fortunately, eight-port desktop gigabit Ethernet switches can be had for as low as $65 and gigabit Ethernet adapters are as low as $18!  There is simply no reason to use 100-megabit Ethernet anymore except for low bandwidth devices like wireless access points, which will allow you to use up your remaining router ports.  The eight-port gigabit switch will also operate in 10- or 100-megabit Ethernet mode for your non-gigabit devices.  For around $100, you can have a home network that’s probably faster than the one in your office!

How do we provide optimum wireless coverage?
To get a wireless solution with maximum coverage, you can put a wireless access point with integrated router as your broadband gateway in the central wiring location.  Then you simply put the second access point on the other side of the house or other floor.  This will provide maximum performance and coverage for the entire house.  The MIMO-based solutions can cover the entire house with a single access point, but your client adapter options are still very limited.  The other problem is that the MIMO standards are not ratified yet by the 802.11n standards body and you might end up with a non-standard product.  For the time being, you might just want to stick with dual-band 802.11 a/b/g solutions because they provide two radios that give you maximum flexibility and two isolated radio frequencies that effective doubles overall throughput when two separate clients are in use on different channels.  With two of these dual-band wireless access points, you effectively have four wireless LAN covering two 2.4 GHz frequencies and two 5 GHz frequencies.  Your choices for the 2.4 GHz channels on the 802.11b/g radio are 1, 6, and 11 and you should avoid all the other channels.  For the 5 GHz 802.11a radio, you can use any of the 12 channels provided.  With two access points, you would assign each access point with one unique 2.4 GHz channel and one unique 5 GHz channel.  Be sure to use different channels on either access point to avoid mutual interference.  You also need to use a distinct SSID for your wireless LAN, and be sure to change the default password in your routers and access points.  For the SSID, use something that makes sense to you but don’t put your name or anything private in it.  Remember that the SSID is NOT a security mechanism, so don’t try to hide it or make it really complex.  With multiple wireless access points on your home network, make sure you use the same SSID on both access points so that you can roam between the two access points without dropping your connection.  The key thing to remember is to share SSIDs but don’t share channels!

How do we secure the wireless LAN?
For wireless security, all you really need to do is use WPA-PSK mode on your wireless LAN access point and your wireless computer.  Don’t bother with all the useless myths you may have heard.  Simply use a random pass-phrase like "iDllpw4wpa", which happens to stand for "I don’t like long pass words for WPA".  Of course, be creative with the pass-phrase so that no one can guess the phrase or generate a large dictionary file with your pass-phrase in it.  Alternately, you can simply have Windows XP generate a strong random pass-phrase for you and create an auto-installer for additional computers on a floppy or USB memory key.  Here is a very good tutorial of how to set up a typical wireless access point and use the Windows XP pass-phrase generator/distribution tool.

What type of wireless hardware do we need?
Now that you know a good and simple security solution, you’ll need to get WPA- compliant hardware.  Before you go buy new hardware, check with your hardware manufacture if your existing access point or wireless LAN adapter can be upgraded to WPA or WPA2 with a simple software upgrade.  Most 802.11g equipment is probably upgradeable.  Often times, your equipment is already WPA compliant but you’re simply not using it.  If you have equipment that can’t be upgraded or you’re in the market for newer, faster equipment, here are some examples of great buys.

• For laptops with a free internal miniPCI slot and a built in Wi-Fi antenna, you can go with this premium 802.11 a/b/g dual-band Intel 2915 miniPCI adapter for as little as $32!  Intel has full support for WPA and WPA2.  Note that if you’re going to use the Windows XP SP2 wireless client, just install the Intel drivers and leave out of their Proset software since there is no need for additional wireless software that slows your system down.  All other Windows operating systems will need the Intel Proset software because it provides a good WPA/WPA2 client.  This is the most desirable solution because it is the most ergonomic, but be careful that you know how to crack open your laptop or have someone competent do it for you.  You can damage your laptop if you don’t know what you’re doing when opening it.  Some laptops have easy access panels and others are a real pain to open.
• For laptops that only have a free PCMCIA/Cardbus adapter, you can use one of these D-Link or Netgear dual-band 802.11 a/b/g Cardbus adapters.  They are both priced as low as $60.  Belkin and Linksys also carry long-range high-performance MIMO products that are downwards-compatible with 802.11 b/g.  Belkin and Linksys both use Airgo’s TrueMIMO chipset, which has broken all speed and range records.
• For desktop computers, you can try these PCI adapters from D-Link or Netgear for as low as $60.
• Here are two good examples of cheap 802.11 a/b/g wireless routers from D-Link and Netgear.  Both solutions are around $80.  You can also use a second wireless router as the extended access point as long as you turn off its DHCP service and don’t use its WAN port.  The reason you might want to do this is because the price is the same as a standalone access point but you get the 4four extra FastEthernet switch ports.

All of the above hardware examples are 802.11 a/b/g dual-band-enabled for maximum flexibility and WPA/WPA2-enabled for maximum security.  They also offer excellent performance at a minimal price.  With a reliable high-performance wired gigabit Ethernet backbone, you have yourself a state-of-the-art home network for a few hundred dollars (excluding the wiring costs).  We’ll soon follow up with Stephen to see how he’s doing and what his experiences are — so stay tuned.