Organization of a wireless network in the office. What is Wi-Fi and how to create a home network with your own hands

Today it is quite difficult to find an enterprise or organization where there is a local computer network (LAN) without the use of wireless access technologies. Wireless networks are becoming increasingly popular every year, but many administrators encounter difficulties when building such networks. Indeed, Wi-Fi technology has its own characteristics that should be taken into account at the planning stage. Let's first of all figure out what Wi-Fi is, what advantages and disadvantages this technology has.

The Wi-Fi access type has a whole list of positive aspects:

Cost-effective, since there is no need to install special cables for all equipment that must be connected to the Internet:

Efficiency of deployment;

Equipment mobility;

Comfort during use.

However, no matter how many advantages Wi-Fi has over wired networks, organizing and building a Wi-Fi network is associated with some difficulties, namely:

Limited bandwidth;

Industrial interference;

Ensuring secure access;

Vulnerability to hacking and theft of important information.

Actually, the term Wi-Fi arose as a play on words and has no decoding; at the moment it is used to refer to wireless networks according to the IEEE 802.11 standard, or more precisely a group of standards. The most common standard is 802.11g, which provides for operation at speeds of up to 54 Mb/s and 802.11n, which theoretically allows operation at speeds of up to 600 Mb/s; the most common devices of the n standard support speeds of up to 150 Mb/s s.

In Russia, 13 channels in the 2.4 GHz band are allocated for the operation of Wi-Fi devices; without registration, networks can only be operated indoors and in industrial areas; also, since July 15, 2010, the use of the 5 GHz band has been allowed.

Now we have come to a very important point, understanding of which is necessary for proper planning and deployment of networks. To transmit data, Wi-Fi uses a certain frequency channel, the channel grid step is 5 MHz, and the channel width is 20 MHz. This means that devices operating on adjacent channels will interfere with each other. For a better understanding of the situation, below is a schematic representation of channel distribution in the 2.4 and 5 GHz range.

As you can see, there are only three independent channels in the range that can operate without mutual interference, for example 1, 6 and 11. In the 5 GHz range things are better, you can use 22 independent available channels, but if you pay attention to the amplitude of the channels at 5 GHz it higher, therefore, the channel speed will be higher, but not all devices operate at the 5 GHz frequency and the distance will be much shorter.

Why is so much attention paid to this? Because these factors directly affect the speed of the wireless channel. It should be remembered that the channel bandwidth is used to transmit data in both directions, and the speed also greatly depends on the distance between points and the presence of interference. The maximum achievable speed in practice usually does not exceed half the available channel speed; for 802.11g this value rarely exceeds 20-22 Mb/s. The available channel bandwidth is divided between the devices using it, which should also be taken into account when planning the network and calculating its throughput.

All this seriously complicates the construction of productive Wi-Fi networks, especially in the presence of neighboring networks, so it is worth using wireless networks mainly for Internet access and services that do not require high network bandwidth.

Before you start planning, it wouldn’t hurt to reconnoiter the situation on air. For these purposes you can use a free program inSSIDer.

You are looking at channels that are used on the 2.4 GHz frequency in a typical high rise residential building.

Before you begin choosing equipment, you need to determine the tasks facing you today, plus make allowances for the tasks that may confront you tomorrow.

Wi-Fi solutions most often come down to building a point-to-point or center-to-point connection; each of these schemes has many implementations

Pay attention to the choice of equipment for building Wi-Fi networks:

1. Don't skimp on equipment.
Believe me, the extra $20 is not worth the thrill you will experience with an unstable connection. If you are spending the customer’s money, especially do not save on equipment, because by saving $100 you risk ruining your relationship with him forever if the equipment you have chosen does not work correctly.

2. Use highly directional antennas.
The general principle of operation of the point is to receive, amplify and relay the signal. The greater the radiation angle of your antenna, the greater the dispersion of the useful signal, the more interference it will collect and create. The more interference it collects, the less time the access point will have to process your useful signal.
Remember, the smaller the angle, the less likely it is that you will have an unplanned meeting with the gentlemen from Communications Supervision.

3. Update the Wi-Fi router firmware.

The router manufacturer periodically releases new versions of firmware that can improve the security of the router and make it run faster. Use a monthly routine of visiting your router manufacturer's website to check for new software releases. Typically routers have an automatic update mechanism built into the router's user interface.

4. Consider alternative firmware

Some routers support alternative firmware. That is, firmware from a third-party developer. For example, “firmware from Anton” is the most famous example of third-party firmware for access point products. These firmwares gained well-deserved popularity due to the presence of functions that are not available in the proprietary implementation. If you go this route, you need to understand that you are losing technical support from the manufacturer, since you have fundamentally changed the product.
However, if necessary, you can return the factory firmware without much difficulty.

Equipment locations.

The location of the equipment for sweeping the Wi-Fi signal also depends on the object. As mentioned earlier, if you need to install a signal in the office, an excellent option would be to install such equipment on the ceilings. Partitions, which are often found in offices, can interfere with the propagation of the signal from a standard Wi-Fi router, and its power may not be enough.

Installation of equipment at facilities with a large area, be it a stadium or an area on the street, poles would be the ideal installation option. You can install access points with antennas on them, and install the controller itself in the server room or on the site of the hosting provider.

The most common scheme: “Point-to-point or radio bridge”

To build such a connection, the following factors must be taken into account:

1. Distance.
One of the determining factors when choosing equipment is antennas and access points. All our links are designed for distances up to 15 km. But it is possible to build links up to 50 km using quite affordable equipment

2. Visibility.
In the absence of direct visibility, no one will give any guarantees about the performance of the link you have built. Only experiment will decide everything here. Often, in the absence of direct visibility, a signal reflected from the wall of a building is used.

3. Possibilities and features of installation.
If you install an access point in an apartment or office, from the window of which you can clearly see the second connection point, you are simply lucky. In this case, you will get by with an access point, a meter-long cable and an antenna installed on a windowsill or on the wall of the house - this will be an ideal option. But not everyone is so lucky, and then you have to go to the roof of the building and install the antenna on a mast.

Second scheme: “Center-points”

When constructing such a scheme, most inexperienced authors are very tempted to install one omnidirectional antenna and connect to it all clients within a radius of 2-3 km.

Let's be sad - this is impossible for several reasons:

As mentioned above, an omnidirectional antenna will collect all the interference in the area.

Limitation on the number of connections. One ordinary point, even with good communication, is not able to process more than 20 connections. The exception is special access points designed to organize Hot-Spots, but their power is far from unlimited.

So the first thing to consider when designing such a scheme is to limit the number of clients per access point.

In reality, two schemes are widely used in life.

In the first case, the network is reduced to ordinary links from the center to the access point to which a group of computers is connected. This could be a district or microdistrict node, or even just a connection point for one house.

In the second case, the principle of cellular communication is used: the central node divides all clients into territorial segments using sector antennas. Number of antennas - from 2 to 6,

Typical mistakes when installing a Wi-Fi point

Since there are so many mistakes in deploying a Wi-Fi network, it’s impossible to list them all. Therefore, having selected the most “popular” ones, we will describe them.

Placing wireless network equipment, as well as intermediate access points, at a short distance from metal structures that negatively affect the strength of the Wi-Fi signal.

Using points with built-in antennas. This problem has consequences in the form of a small signal transmission radius. It is worth noting that installing Wi-Fi points with standard antennas will be cheaper, but the transmission quality will be seriously impaired.

Network insecurity. Modern Wi-Fi networks typically use WPA2-Enterprise encryption with authorization on a RADIUS server using the IEEE 802.1X protocol to ensure security. This type of encryption provides much better security for a wireless network, but its presence alone will not save you from DoS attacks and theft of passwords using man-in-the-middle technology. To detect unwanted activity, it is recommended to use Wi-Fi points with a built-in sensor or separate Fluke Air Magnet sensors. Special software collects statistics and informs the administrator if unauthorized actions are detected in a controlled Wi-Fi network.

Thus, we have identified the basic requirements that must be taken into account when organizing wireless communications. It is also important to pay special attention to the choice of equipment, since the quality of transmission of information flows that Wi-Fi will have at the facility depends on its power and throughput.

WiFi is the industrial name of the technology wireless data transmission and belongs to the group of standards IEEE 802.11. Currently, 4 main standards have been implemented and used for Wi-Fi networks, This: 802.11a, 802.11b, 802.11g and 802.11n, which recently came out of Draft status. An international organization is involved in the development and certification of Wi-Fi equipment WECA(Wireless Ethernet Compatibility Alliance or Wi-Fi Alliance for short) founded in 1999. Unites the largest manufacturers of computer equipment and Wi-Fi wireless devices, currently numbering more than 320 enterprises, including: Cisco, 3Com, Nokia, etc. The task of the alliance is to test and implement the possibility of joint functioning within one local network of wireless network devices from manufacturers that are members of this organization, as well as the introduction and development of 802.11 networks as a worldwide standard for wireless networks.

Once every six months, the alliance organizes a “compatibility analysis”; at this event, engineers from manufacturing companies certify that their network devices are capable of interacting at the proper level with devices of other companies participating in the alliance. Network equipment bearing the Wi-Fi logo is certified as meeting the standards and has successfully passed interoperability tests.

The most common standards in Ukraine at the moment are 802.11b and 802.11g; the 802.11n standard is gaining increasing popularity as the most promising, with the best speed data transmission characteristics and an increased range of the wireless network. Devices built on the basis of these standards are fully compatible with each other and can operate on the same wireless network.

Characteristics of Wi-Fi standards

Standard

Operating frequency

Theoretical speed

Real speed

Indoor communication range

Communication range in open space

54 Mbit/s

26 Mbit/s

11 Mbit/s

5 Mbit/s

54 Mbit/s

22 Mbit/s

2.4 GHz / 5 GHz

600 Mbit/s

90 Mbit/s

866 Mbit/s

800 Mbit/s

unknown

Type of Wi-Fi network organization

Infrastructure

With this type of network organization, all devices are connected to an access point. A router, computer or other device with a Wi-Fi adapter can act as an access point.

The access point acts as a kind of intermediary in the exchange of data between hosts. In other words, if one device wants to transfer something to another, then first the transfer occurs from the first device to the access point, and then from the access point to the second device.

The second important function of an access point is to combine wireless and wired networks. In addition to this function, the access point provides device authentication and implements network security policies.

Ad-Hoc

A way to organize a network between devices directly without an access point. This method is used when you need to connect two laptops or computers to each other.

Comparison of Infrastructure and Ad-Hoc

  • In Ad-Hoc networks, the maximum theoretical speed is limited to 11 Mbit/s (802.11b). For Infrastructure, maximum theoretical speeds are 450 Mbps (802.11n), 54 Mbps (802.11g), and 11 Mbps (802.11b). Real speeds are several times lower.
  • The access point can be placed in such a way that it provides the optimal level of coverage quality for all hosts on the network. To increase the coverage area, you can place several access points by connecting them with a wired network.
  • Setting up an Infrastructure network is much easier than Ad-Hoc.
  • Access points can provide advanced features like DHCP, NAT, routing, etc.

By and large, Ad-Hoc networks are used for occasional data transfer from one device to another when there is no access point.

Wireless Security

The security of wireless networks should be given special attention. Wi-Fi is a wireless network with a long range. Therefore, an attacker can intercept information or attack your system from a safe distance. Currently, there are already many different methods of protection, and if configured correctly, you can be sure of providing the required level of security.

WEP encryption protocol

An encryption protocol that uses the rather weak RC4 algorithm on a static key. There are 64-, 128-, 256- and 512-bit encryption. The more bits are used to store the key, the more possible combinations of keys, and, accordingly, the higher the network’s resistance to hacking. Part of the WEP key is static (40 bits in the case of 64-bit encryption), and the other part (24 bits) is dynamic (initialization vector), it changes during network operation. The main vulnerability of the WEP protocol is that the initialization vectors are repeated after a certain period of time, and the attacker only needs to process these repetitions and calculate the static part of the key from them. To increase the level of security, you can use 802.1x or VPN in addition to WEP encryption.

WPA encryption protocol

A stronger encryption protocol than WEP, although the same RC4 algorithm is used. A higher level of security is achieved through the use of the TKIP and MIC protocols.

TKIP (Temporal Key Integrity Protocol)– a protocol of dynamic network keys that change quite often. In this case, each device is also assigned a key, which also changes.

MIC (Message Integrity Check)– packet integrity check protocol. Protects against packet interception and redirection.

It is also possible to use 802.1x and VPN, as is the case with the WEP protocol. There are 2 types of WPA:

  1. WPA-PSK (Pre-Shared Key)– a key phrase is used to generate network keys and to enter the network. The best option for a home or small office network.
  2. WPA-802.1x— login to the network is carried out through an authentication server. Optimal for a large company network.

WPA2 protocol— improvement of the WPA protocol. Unlike WPA, the stronger AES encryption algorithm is used. Similar to WPA, WPA2 is also divided into two types: WPA2-PSK and WPA2-802.1x.

802.1X security protocols

EAP (Extensible Authentication Protocol) - Extended Authentication Protocol. Used in conjunction with RADIUS server in large networks.

TLS (Transport Layer Security)— A protocol that ensures the integrity and encryption of transmitted data between the server and the client, their mutual authentication, preventing interception and substitution of messages.

RADIUS (RemoteAuthenticationDial-InUserServer) — User authentication server using login and password.

VPN (Virtual Private Network)– Virtual private network. This protocol was originally created to securely connect clients to the network over public Internet channels. The principle of VPN operation is the creation of so-called secure “tunnels” from the user to the access node or server. Although VPN was not originally created for Wi-Fi, it can be used on any type of network. The IPSec protocol is most often used to encrypt traffic in a VPN.

Additional Wi-Fi network protection

Filtering by MAC address

MAC address– this is a unique identifier of the device (network adapter), “hardwired” into it by the manufacturer. On some equipment, it is possible to enable this function and allow necessary addresses to access the network. This will create an additional barrier for the hacker, although not a very serious one - the MAC address can be replaced.

Hiding SSID

SSID is the ID of your wireless network. Most equipment allows you to hide it, so it will not be visible when scanning your network. But again, this is not a very serious obstacle if the attacker uses a more advanced network scanner than the standard Windows utility.

Prohibiting access to access point or router settings via a wireless network

By activating this function, you can deny access to the access point settings via a Wi-Fi network, but this will not protect you from traffic interception or intrusion into your network.

Despite the most modern technologies, you should always remember that high-quality data transmission and a reliable level of security are ensured only by the correct configuration of equipment and software performed by experienced professionals.

For building a Wi-Fi network serious planning is required, since errors in calculations can lead to additional waste of money and time. Company specialists ITcom in Kharkov have professional skills in working with Wi-Fi equipment of all types and standards. We will help you configure Wi-Fi router, install Wi-Fi hotspot, connect a wireless Wi-Fi client, set up a repeater etc. to work in local wireless network, organizing shared access of several computers to the Internet, creating a home wireless network, connecting to the wireless Internet and much more.

Specialist ITcom in Kharkov will make the necessary calculations for determining the possible coverage area of ​​a Wi-Fi network and achieving maximum speed of information exchange, selects the optimal location of the access point and clients, configures wireless equipment and connects it to the network.

Creating, building, organizing and configuring an office or home wireless Wi-Fi network requires, although less labor costs than a regular network, but nevertheless takes a lot of effort and time. After all, such a seemingly simple procedure as organizing one access point results in a whole range of work:

    site survey and network design

    selection (selection) of equipment or emphasis on maximum use of the client’s existing equipment

    installation, connection and work on setting up routing, protection, etc.

    setting up end user network devices (laptops, PCs, PDAs, etc.), installing software and drivers

  • testing the operation of the wireless network (signal transmission quality, coverage, stability of data transmission, correct routing and correct operation of end users)

Wireless networks are becoming increasingly popular every year, but many administrators face difficulties in building such networks. Indeed, Wi-Fi technology has its own characteristics that should be taken into account at the planning stage. Today we will try to give a brief educational program necessary for successful planning and deployment of a wireless network.

Let's first understand what Wi-Fi is and what advantages and disadvantages this technology has. Actually, the term Wi-Fi originated as a play on words and has no decoding; at the moment it is used to refer to wireless networks according to the IEEE 802.11 standard, or more precisely a group of standards. The most common standard is 802.11g, which provides for operation at speeds of up to 54 Mb/s and 802.11n, which theoretically allows operation at speeds of up to 600 Mb/s; the most common devices of the n standard support speeds of up to 150 Mb/s.

In Russia, 13 channels in the 2.4 GHz band are allocated for the operation of Wi-Fi devices; without registration, networks can only be operated indoors and in industrial areas; also, since July 15, 2010, the use of the 5 GHz band has been allowed, but the transition to it is difficult due to the need to ensure compatibility with equipment that does not support operation in this frequency range (and this is almost all equipment imported at least until July 2010). Therefore, in the future we will consider operation in the 2.4 GHz band.

Now we have come to a very important point, the understanding of which is necessary for proper planning and deployment of networks. To transmit data, Wi-Fi uses a certain frequency channel, the channel grid step is 5 MHz, and the channel width is 20 MHz. This means that devices operating on adjacent channels will interfere with each other. For a better understanding of the situation, below is a schematic representation of the channel distribution in the 2.4 GHz band.

As you can see, there are only three independent channels in the band that can operate without mutual interference, for example 1, 6 and 11. In the 5 GHz band, things are better, 22 independent channels can be used, however, as we have already said, the deployment of networks in this range is hampered by compatibility issues. The 802.11n standard allows the use of wide channels (40 MHz wide), which use the bandwidth of two adjacent non-overlapping channels, for example 1+5 or 5+9, thus allowing the operation of only two, conditionally independent channels.

Why do we pay so much attention to this? Because these factors directly affect the speed of the wireless channel. It should be remembered that the channel bandwidth is used to transmit data in both directions, including service information, and the speed also greatly depends on the distance between points and the presence of interference. The maximum achievable speed in practice usually does not exceed half the available channel speed; for 802.11g this value rarely exceeds 20-22 Mb/s. The available channel bandwidth is divided between the devices using it, which should also be taken into account when planning the network and calculating its throughput.

All this seriously complicates the construction of productive Wi-Fi networks, especially in the presence of neighboring networks, so it is worth using wireless networks mainly for access to the Internet, e-mail, terminal services, etc. services that do not require high network bandwidth. We strongly do not recommend using a wireless connection for network nodes that are demanding on channel speed.

Before you start planning, it wouldn’t hurt to reconnoiter the situation on air. For these purposes, you can use the free program inSSIDer, below shows the situation in the 2.4 GHz band in a typical multi-story residential building.

The program allows you to see that a large number of 802.11n devices using a wide channel are operating in the neighborhood. At the same time, real interference to our network can be created by an 802.11g transmitter operating on channel 11. Having such information, you can select the least loaded sections of the range for use in your network. However, not everything is so rosy, most equipment out of the box is configured to automatically select a channel, so after a while the situation may change.

To build a wireless network, we need at least one access point. If you are deploying an enterprise-scale network or planning to further expand your coverage area, then we recommend using access points, abandoning wireless routers and other combined devices. The fact is that the standard does not describe the interaction between access points and different manufacturers use different technologies, which makes them incompatible with equipment from other manufacturers or even other types of proprietary equipment. Therefore, we recommend using equipment from the same manufacturer and preferably the same model; otherwise, it is necessary to further clarify the possibility of working together in the mode of interest.

The first and only access point must operate in the Access Point mode; in this case, the device serves client connections, but does not establish connections with other access points. A distinctive feature of any wireless network is its SSID, which is unique for each network. Within one network, all devices must have the same identifier, while several SSIDs allow you to divide the network into subnets, for example, with different levels of security.

At home or in a small office, one access point is usually enough and most of the problems we have listed are unlikely to be relevant; it’s another matter for networks with a relatively large coverage area, when the power of one device is not enough. Here you can go in two ways: use an antenna with a higher gain or deploy the infrastructure using several access points.

The first way, despite its simplicity, is fraught with a number of dangers; your network may be accessible outside the building (territory) and may interfere with neighboring networks, in which case problems with regulatory authorities cannot be avoided. This is also not always acceptable from a security point of view.

What to do when one access point is not enough? Place the second one. Below we will look at the ways this can be done, their advantages and disadvantages.

If you need a network with high throughput and there is a wired network in the locations of the access points, then additional points should also be included in the “Access Point” mode (Access Point), in this mode, each access point provides full channel speed in its coverage area, without sharing it with other points.

Both points must have the same SSID and the same encryption parameters, but must operate on different channels, preferably independent ones. The relative position of the points should be selected in such a way that the coverage areas intersect without significant signal attenuation. Client devices make decisions about connecting to a particular access point automatically, based on the signal strength. Thus, mobile users can move freely throughout the coverage area without interrupting communication. If it is necessary to use more than 3 points, then it is necessary to alternate independent channels so that their coverage areas do not intersect.

This scheme is optimal when you need to deploy a wireless network over a wired one, for example, guest Internet for clients of a company or in a cafe. However, its implementation is fraught with the greatest difficulties, since it requires the use of several independent channels, which may not always be possible.

There are situations when it is necessary to expand the coverage area to an area that does not have wired communications, which makes it impossible to use the first scheme; in this case, an additional access point can be configured as a repeater, which will relay the signal from the main access point.

Both points must have the same SSID, the same encryption parameters and operate on the same channel; in the repeater settings, you must specify the MAC address of the access point or another repeater whose signal you want to relay. In this case, the repeater must be located in the area of ​​reliable reception of another device, which somewhat reduces the overall coverage area. It should also be remembered that the channel is divided among all devices in the general coverage area. When using repeaters, the operating speed of each subsequent link drops, since the channel is divided into transmitting the same information between sections of the network (repeater device and repeater access point). Those. if a client device operating through a repeater uses a 1 Mb/s channel, the total channel load will be 2 Mb/s, when using two repeaters it will be 3 Mb/s, etc.

There is another mode of the access point - a wireless bridge, it can be of the Point-to-point or Point-to-Multipoint types, in this case the access points establish a connection with each other. In Point-to-point mode, only two access points can be connected; in Point-to-Multipoint mode, one point can establish a connection with several. This mode is usually used to connect two sections of a network when laying a cable between them is impossible or impractical, and there are no special requirements for bandwidth. For example, to connect thin clients in a separate warehouse on company premises. In this case, it is advisable to use directional antennas to reduce the coverage area and not interfere with other networks.

Each point must have the same SSID, channel and encryption parameters; in the settings you will need to specify the MAC address of the point with which you want to establish a connection. In this mode, access points do not serve wireless clients. Using a wireless bridge has its own characteristics, since the points receive and transmit packets only to each other, it is impossible for the client device to detect a working bridge; inSSIDer will also show the clear range. At the same time, networks using adjacent channels may experience severe interference in the coverage area of ​​the bridge. Therefore, use this scheme only inside your premises or territories, avoiding crossing other areas where other wireless networks may be deployed, and always try to use directional antennas with the minimum required gain.

And finally, the most delicious thing, WDS mode, it combines access point and bridge modes; in this mode, points can establish connections with each other and simultaneously serve clients. This mode allows you to create a wide variety of wireless network configurations that are absolutely transparent to client devices; the point can operate both in bridge mode and in bridge+access point mode, which allows, unlike a chain of repeaters, to provide wireless coverage only where you need . For example, you need to forward the guest Internet to another building, but you do not want it to be available in the parking lot, where you will have to locate an intermediate point.

In this case, you should also use one channel, SSID and encryption settings for all points, and also remember that with each link the speed will drop due to the transmission of repeated data in the common band. You should also avoid point-to-point ring schemes unless they support Spanning Tree Protocol, as network speeds will drop sharply due to a broadcast storm. When setting up points, you should specify the mode and MAC addresses of the points with which you want to establish a connection.

In conclusion, I would like to give general recommendations: when designing and deploying networks, remember that the frequency range allocated for Wi-Fi is very limited, so try not to use antennas with a gain greater than necessary, and also take measures to prevent interference with neighboring networks. Remember, violation of the rules for operating wireless networks entails administrative liability under Articles 13.3 and 13.4 of the Administrative Code, which provide for a fine with possible confiscation of equipment.

  • Tags:

Please enable JavaScript to view the

VKontakte Facebook Odnoklassniki

Gone are the days when a single home computer was the pride of the owner and the center of leisure for the whole family.

The pace of development of electronics leads to the fact that soon there will not be a single household item that does not have a processor installed, albeit small. And even now in every home there are five or two devices capable of storing, processing and transmitting information. And sooner or later there comes a time when we, tired of running with a flash drive from one device to another, begin to think that it would be nice to connect them with each other.

Of course, ideally it would be to think through the composition of the equipment in advance so that incompatibility problems and unnecessary expenses do not arise. But in practice, it often happens that a host of different devices is already present in your home and you need to somehow connect them together, minimizing effort and costs as much as possible.

Photo from the site hardnsoft.ru

The optimal cost/effectiveness ratio is a wired Ethernet network. Of course, it requires drilling into walls to lay the cable, but it works very reliably and is unrivaled in terms of connection speed, especially if you use ports with a speed of 1 Gb/s. And if all future nodes (that’s what network nodes are called) are equipped with an RJ-45 port and rarely move around the apartment beyond the designated areas, then this will be the best solution. All that is required to create a network is a few tens of meters of twisted pair cable and a simple router or switch.

But we will consider a more complex case, when some devices are constantly moving (netbooks, laptops or tablets - whoever has what), others do not have an Ethernet port, but are equipped with a Wi-Fi module (PDAs or communicators), and others have neither , nor anything else (HD media player or external drive). You can be sure that building a network in any case is not something outstanding and is quite within the capabilities of everyone.

Photo from the site hardnsoft.ru

Types of Wi-Fi networks
Obviously, at home, the only possible universal solution will be a wireless network based on Wi-Fi. First, you need to decide on the basis of which Wi-Fi standard the future network should be designed. At the moment, there are four varieties of them: 802.11a, 802.11b, 802.11g and 802.11n, colloquially called a, b, g, n - after the last letter.

The most common is b, which is also the slowest: the transmission channel speed does not exceed 11 Mb/s (compare with 100 or 1000 Mb/s for Ethernet). Moreover, if for Ethernet the real data transfer speed approaches the channel speed, then for a wireless network it is usually about two times lower (see the article “In the city “n” in this issue).

A and g have higher speeds - up to 54 Mb/s, but a operates at a different frequency - 5 GHz, which is not certified in Russia, unlike b and g, which operate at 2.4 GHz. This speed is sufficient for browsing the Internet and most other applications, so we will choose 802.11g as the basis for our network. As a rule, every device based on the g standard also supports b, which will ensure compatibility with less advanced devices such as PDAs.

If the speed of 20-30 Mb/s (i.e. only about 3 Mb/s) seems insufficient (for example, you plan to transfer large files over the network, such as high-definition movies, etc.), you will have to fork out n - the most modern and expensive standard, allowing you to achieve speeds of as much as 300 Mb/s. There are two versions of it - at 5 and 2.4 GHz, the first of which is also not certified, but is more effective, since it uses the currently almost unused frequency range.

Therefore, the most demanding users can be advised to purchase dual-band devices at their own risk (taking into account the very limited range of the transmitter - about several tens of meters, you can see that the risk is small). But here a compatibility problem may arise, because not all 802.11n devices operate at 5 GHz (this means high-speed mode n, since they still support modes b and g).

Sharing resources
One of the main advantages of the network is the ability to share access to information (for example, movies, music or documents). A similar problem can be solved in several ways. One of them is to share folders on one of the computers using standard operating system tools (for security, you can limit yourself to the “Read Only” mode). This method is quite simple, but requires constant operation of the computer with general data. Similarly, you can make a locally connected printer or MFP publicly available.

Looking ahead, let's say that routers with built-in USB ports provide more convenience. They allow you to connect an external hard drive or printer, making them available to each network node, and even organize a torrent download. It will be able to work completely autonomously and around the clock (it is not customary to turn off the router, and its power consumption is quite insignificant), download files not only from distributions, but also from most popular file hosting services (the latter usually requires installing modified firmware, but this is beyond the scope of this article ).

Wireless routers equipped with USB ports can also provide network access to external storage devices in the form of an FTP server. This method is a little more complicated in settings (they are performed through the router’s web interface), but more universal, does not depend on the computer, however, it forces you to convert the file system of the external hard drive, for example, to EXT.

Photo from the site hardnsoft.ru

Equipment selection
Now let's talk about what equipment we need. To organize a Wi-Fi network, you need a so-called access point: it is responsible for sending data packets from one device to another. But it is only suitable for connecting several devices over the air, so we will use a Wi-Fi router that has such a point inside as the “heart” of our wireless network, as well as a built-in switch for wired devices. It is he who can provide not only the connection of “wired” devices (storage system or desktop computer) along with wireless ones, but also the connection of this entire facility to the Internet. Without a switch, we would have to keep one of the computers constantly on.

Photo from the site hardnsoft.ru

So, conduct an audit of your computer hardware and choose a router that is suitable for the price with the required set of ports and wireless standard. For example, it can be a budget option with four hundred-megabyte Ethernet ports and an 802.11b/g access point, or a sophisticated one with eight Gigabit Ethernet ports, a dual-band 802.11n access point and three USB 2.0 ports, covering almost any need.

Particular consideration should be given to cases where the connection to the Internet is made not through a local Ethernet network, but via ADSL (an example is the well-known “Stream”), or in a more exotic way (WiMAX, GPRS or some other way). Then this should be taken into account when choosing a router. Stream will require a special router with a built-in ADSL modem, or, if you couldn’t find one or want to save a little money, you can use your existing ADSL modem, connecting the Internet through it, and all other nodes through an additional inexpensive router connected to the modem .

Photo from the site hardnsoft.ru

To work in WiMAX networks (Yota, Comstar and the like), there are special devices that include a WiMAX modem and a Wi-Fi access point. In this case, a router is either not needed at all, or can only be used to connect wired devices; you just need to pay attention to the fact that it can connect to the WAN via Wi-Fi (usually this is not possible using standard firmware). The same applies to a GPRS/EDGE connection (or a more modern version, the so-called 3G) - the easiest way is to purchase a communicator that can share an Internet access channel using the built-in Wi-Fi module.

It is still better to connect all devices with Ethernet ports with wires: files will be transferred more reliably and faster. The rest will use built-in Wi-Fi adapters or must be retrofitted with such adapters. For most laptops, it is easy to purchase and install a built-in PCI Mini / PCIe Mini card, or use an external USB adapter, which also fits some media players and NAS.

For a torrent network drive, an external USB drive or flash drive (64 GB models are already quite affordable) connected to the router (it must have a USB port) is suitable. A flash drive has the advantage that it does not require additional power, unlike the vast majority of USB hard drives (the built-in USB port in the router is very limited in terms of power provided), but it works slower. However, for most applications its speed is sufficient. You can organize a “rocking chair” in a media player or NAS, many of which support download mode, but this is less convenient, since it requires constantly turning on two devices instead of one.

Manual setting
To manually configure a network in each of the devices connected to it, you need to set three parameters - the IP addresses of the device and gateway, and the subnet mask. Everyone probably knows that an IP address is a unique number with which you can transfer data to any node on the network.

There are two versions of the address - v.4 and v.6, consisting of 4 and 6 bytes, respectively. The 6-byte version is not supported by all devices, but it will be the dominant one in the future. For now, the usual 4-byte one will suffice for us.

Photo from the site hardnsoft.ru

Since the IP address is unique, it does not have to be the same between devices on the same network. This is an immutable rule, violation of which is fraught with either a complete failure of the network or permanent problems. Therefore, you will have to use your imagination and come up with four numbers from 0 to 255 for each of the devices. To make this difficult task even easier, there are certain rules.

Data in computer networks is transmitted using so-called packets or sets of bytes, equipped with a header indicating the IP address or addresses of the destination nodes. Obviously, transmitting packets to all billions of computers on the Internet at once would make the work impossible, so the networks are divided into smaller subnets, and IP packets for local computers should not leave the subnet. To simplify the transmission of packets, all nodes on the same network are assigned similar IP addresses: 1, 2 or 3 bytes are the same, the rest are different. The subnet mask will help determine the number of matching bytes. Units are written in the place of matching bits, and zeros are written in place of different bits.

Thus, the class C network mask 255.255.255.0 means that only 1 byte, the last one, can change, that is, there cannot be more than 256 nodes in this network (in fact, only 255, since the address x.x.x.255 is reserved for broadcast packets, delivered immediately to all network nodes). It is unlikely that you will have more devices, so it is advisable not to fantasize and use this particular format. Addresses from 192.168.0.0 to 192.168.255.255 are reserved for addressing nodes in a type C network. Considering that they can also be used in the local network of your Internet provider, and also taking into account the restrictions on the use of broadcast packets, it is reasonable to choose addresses from 192.168.0.0 to 192.168.0.254 or from 192.168.N.0 to 192.168 for home network nodes .N.254, where N is any number from 1 to 254 (but must be the same for all network addresses!), if the first specified range coincides with the provider’s network range. Let's leave the subnet mask as standard: 255.255.255.0.

And the last thing is the gateway address. A gateway is a network node through which all other nodes connect to the Internet. So for us this will be the address of the router (usually 192.168.0.1) or the always-on computer that we decided to use as it. When setting up the router itself as a gateway, we specify it (if it is connected directly to the provider’s network) or the address of the ADSL modem (if it is connected via a modem).

Photo from the site hardnsoft.ru

The story about IP addressing will be incomplete if we do not mention one more, “special” address - 127.0.0.1. It is used to indicate the so-called local host, that is, the same computer from which the packet is sent. If you want to access files on the hard drive of the same computer you are currently working on through a browser, use the address 127.0.0.1, or localhost.

Photo from the site hardnsoft.ru

Automatic setup
Although it's easy to manually configure IP addresses, there are ways to automate this process. The main one is the DHCP server. As a rule, it is already built into most routers. It is enough to activate this option in the settings, and all network nodes that support the DHCP client function will be able to obtain an IP address themselves: you just need to tell them “Obtain an IP address automatically.”

Photo from the site hardnsoft.ru

This can be convenient in some cases: for example, when friends often come to you with their laptops and you don’t want to go into their settings every time. In addition, some devices, such as smartphones and media players, do not allow you to configure the IP address manually and only accept the automatic option.

Although manually entering addresses also has its advantages - the network configuration becomes more predictable, and some programs strive to remember the IP address of a network resource, so after changing it (which can happen at any time in automatic mode) they happily report that “the resource is unavailable "

Photo from the site hardnsoft.ru

Safety
Is it necessary? Many users do not pay due attention to security, which is partly facilitated by the policy of equipment manufacturers: in order to make the initial configuration of devices as easy as possible, all security systems are disabled by default. In wired networks this is acceptable, since to achieve absolute security it is enough to disconnect your home network from the Internet, and then a possible attacker will have the only way to penetrate your network - to get inside the apartment and connect to your router.

Even when connected to the Internet, your internal resources are not visible from the outside: to ensure their visibility, you need to configure the Port forwarding function in the router (as they say, “forward ports”). Then, when accessing a local resource from an external network, the router will redirect the packet to the local network node where the required resource is located (each type of resource has its own port number). Initially, Port forwarding is not configured at all, which allows you to be calm until you decide to become interested in this issue and configure the function yourself.

The situation is completely different with a wireless network. Since radio radiation spreads well even through walls, connecting to it is possible at some distance from your apartment. That is, an attacker living in a neighboring apartment or simply walking into the entrance (and sometimes sitting on a bench near the house) can easily connect to an unprotected (“open”) network. With the use of directional antennas this is possible even at a distance of several kilometers!

And don't say that you have nothing to hide. In the best case, attackers can simply steal your traffic (even if you have unlimited traffic, the speed will still drop), and in the worst case, they can commit some illegal action (say, steal passwords from a bank) by accessing the Internet through your network. And then the security service, having discovered the hack, will track the hacker's IP address, which will lead to - where do you think? - straight to you! And explaining that you have nothing to do with it will be quite problematic.

Therefore, using an open wireless network is not acceptable. There are three ways to protect data: authorization, encryption and packet filtering. Authorization is used to allow access to network resources only to those nodes that know the secret key. Encryption prevents possible interception of transmitted data by an attacker. Finally, packet filtering blocks network access to all but pre-defined users. You might think that authorization and filtering are similar; in fact, this is not so - node packets that have not passed filtering do not even reach the authorization stage.

But encryption and authorization are similar in that they are usually controlled by the same security standard. Modern routers and access points support the following standards: WEP (aka Shared Key), WPA-Personal (sometimes referred to as WPA-PSK), WPA-Enterprise, WPA2-Personal and WPA2-Enterprise. All but the last two are best not used due to insufficient security, and WEP encryption (sometimes controlled by separate settings) also leads to a noticeable drop in transmission speed.

However, there are no other options on the 802.11b network, and the few WPA implementations from different manufacturers are generally incompatible with each other. And if there are such devices in your network, the entire network will work in mode b, with all the ensuing consequences, including snail’s speed.

So it is highly advisable to get rid of legacy devices that do not support 802.11g. In laptops this is usually possible by replacing the built-in Wi-Fi card or using an external USB adapter, but in PDAs... Old PDAs will have to be replaced entirely or not used at all on the network.

Now let's talk about the difference between Personal and Enterprise encryption options. The first of them uses the generation of access keys based on a password, which, of course, should be chosen as long as possible, using letters of different case, numbers and special characters. If you fail to connect one or more devices, you should try entering the key in hexadecimal form, which is provided in almost all devices.

Of the two key encryption options - TKIP and AES - it is recommended to choose the second, more secure one. The combination TKIP+AES option that is sometimes encountered seems redundant and can lead to problems. Enterprise encryption is more secure, but requires a special RADIUS server. Therefore, if you do not have the time and/or desire to set up such a server, it is advisable to limit yourself to the “personal” option, especially since WPA2-Personal provides a quite sufficient level of security - in conversations about hacking wireless networks, WEP or, less often, WPA is usually mentioned and almost never WPA2. The decrease in network performance when using WPA2 encryption is almost invisible.

For those who want to take their security level to the paranoid level, we can recommend enabling filtering by MAC addresses. A MAC address is a unique device identifier, different for each wireless adapter, laptop or PDA. By adding the MAC addresses of your devices to the list, you can be sure that only they will be able to access the network, and activating the hidden network mode (turning off the Broadcast SSID) will not give an attacker even a reason to become interested in it. Additionally, you can activate the firewall (aka firewall) built into the router, leaving only the necessary ports open. In addition to protecting against port scanning, this is good against DoS (denial of service) attacks. You can also enable MAC filtering in the firewall, which will protect against unauthorized access through the wired network segment. Of course, this still won’t protect you from the attention of the mafia or intelligence services, but it will be several orders of magnitude more reliable than the lock on your front door.

Photo from the site hardnsoft.ru

The delights of high speeds
Appetite, as they say, comes with eating. It’s the same in building a network: having assembled and tested “at least some kind of network,” you immediately want “the same one, but faster.” Wide distribution of high-quality films of 30-40 GB each and other entertainment content requires impressive resources not only for storing it, but also for transmission. Therefore, if finances and the availability of available equipment allow, it makes sense to build a network immediately with a reserve for the future, that is, based on 802.11n.

True, expecting from this standard a threefold increase in speed compared to Fast Ethernet would, perhaps, be overly optimistic. As tests show (see the article “In the city of “n” in this issue of the magazine), the maximum that can be expected is to get very close to 100 Mb/s. Well, a fourfold increase in speed (compared to g) is also not bad. This will allow, for example, to transfer a gigabyte file in a couple of minutes or directly watch a Full HD movie from a network drive.

However, if you are just going to open the movie file with a player program, smooth viewing will be possible only if its size does not exceed one DVD disc. Due to possible dips in speed, which is almost inevitable with radio communications, jams may occur on larger files. If you want to watch movies this way, you will have to install a video streaming server, but this is a topic for a separate article.

To achieve even such relatively modest results in speed, you need to spend some time. First - on the selection of equipment. Since we nevertheless chose a router as the main element of the network (we will immediately discard the budget option - using a computer with a Wi-Fi card instead, since we decided to go for a walk), a lot depends on it.

The best choice would be to use a dual-band (2.4/5 GHz) device, since the 5-GHz band, due to its unoccupied nature, provides noticeably better connection stability (even if the average speed does not differ much from 2.4 GHz). This will allow applications that are critical to the quality of communication (such as video players) to be placed on the 5 GHz channel, and 2.4 GHz to be used to work with devices that are incompatible with the higher frequency channel.

If there are no strict requirements for connection stability, you can limit yourself to a single-band 2.4 GHz device (you should not purchase a single-band 5 GHz router - it is incompatible with most client adapters. However, I have never seen such ones). But you should pay attention to the company and model, otherwise there is a risk of disappointment. If you have a fast Internet channel connected via VPN or PPPoE, do not choose a model with a weak processor, as it may not keep up with the speed of the channel.

For laptops, it is preferable to use the built-in card. Of course, a USB adapter is convenient and versatile, but due to its limited size, most dongles have an ineffective antenna, which has a detrimental effect on the quality of communication. The antenna built into the lid of the laptop is unrivaled here. Unfortunately, due to problems with certification in Russia, it can be difficult to purchase a built-in card, but this can be done without any problems abroad - through online stores. A wide variety of such cards allows you to choose an option suitable for price and characteristics for almost any laptop, and sometimes even with free shipping.

As for 802.11g devices, they, of course, will work on the n network in compatibility mode, but if this is not necessary, it is better to disable this mode. Now we’ll tell you in more detail how to configure 802.11n for maximum performance.

802.11n - squeeze out the last one
How to ensure stable network operation at high speed? To better understand all the intricacies of the settings, we’ll tell you a little about what reserves were used to increase the speed in 802.11n.

First, the modulation type was changed from direct sequence spread spectrum (DSSS) to orthogonal frequency division multiplexing (OFDM), increasing the speed from 54 to 65 Mbps. The “green field” mode made it possible to reduce the size of the introductory packet and thereby reduce the overhead costs of service information. And finally, combining packages (Frame Bursting) made it possible to reduce the required amount. Thus, the speed has increased slightly to 72.2 Mb/s. “Where is the promised 300 Mb/s?” - you ask, and I will answer that the laws of physics are unshakable, and 72 Mb/s is all that can be obtained in one standard communication channel.

A further increase in speed was achieved only by the “brute force method” - the number of possible channels was increased to four (the so-called MIMO, or multi-beam transceiver mode), and the frequency band in each channel was doubled. All this added up to a maximum speed of almost 600 Mb/s. However, there are no devices on the market with such bandwidth yet, since the number of channels in real devices is limited to two. But this leaves the possibility of releasing them in the near future without any problems.

Now let's talk about how to use this magnificence. Often there are very few settings in the driver - only the channel number and frequency band. And it’s the second default parameter that is not configured in the best way: it is set to 20 MHz instead of 40, which gives only half the speed! Of course, this needs to be fixed. It is advisable to choose the channel number experimentally - for the best quality of communication and the absence of interference with other devices. You can use “Auto” - the router will try to select the least loaded channel, and all adapters will adapt to it.

All other options listed earlier must be enabled, otherwise the speed will drop. Unfortunately, the use of “green field” and Frame Bursting leads to packet collisions when there are devices on the network that do not support them (and these are all 802.11g devices). It is also advisable to activate the WMM (Wi-Fi multimedia) mode - this will ensure more stable operation of streaming applications, such as VoIP, through the use of the QoS (Quality of Service) service. Enabling WMM mode in the router may be required for the operation of some adapters, which otherwise will refuse to work at high speed. The WMM No-Acknowledgement checkbox in the settings can add a little more speed, but cause an increase in the number of errors in conditions of strong interference.

In order for all the features of the 802.11n network to function, clients exchange information with each other about what exactly each of them can do. The 802.11d protocol is responsible for this. Without it, the maximum speed will not be achieved, so it must be turned on. But it’s better not to use non-standard “improvers” like Afterburner: not only will they work only on those devices that are supported (and there are very few of them), but they will also only work in 802.11g mode, plus they impose a lot of other restrictions.

And finally - about the physical configuration of the network. “What could be the configuration? - you say. - Arranged the pieces of iron - and forward! But just this moment can significantly affect the quality of radio reception, and therefore the speed and stability of the channel. If in the case of a single antenna, radio waves propagate from it evenly in different directions, then in the case of two antennas (namely, two channels are used in modern n-standard routers), due to interference, the signal level can vary greatly. Try tilting or rotating one of them and see the results.

Setting the transmitter power to maximum (where it is possible to regulate it) is not the best solution. Of course, a more powerful signal is guaranteed to “reach” the farthest corners of your apartment, but it can drown out the response of the receiving device, and as a result, communication will be ineffective (the so-called near-field effect).

Attention should also be paid to the location of the devices. It is advisable to install the router higher, if possible at an equal distance from all reception points. This is especially critical in houses with reinforced concrete walls, since the internal reinforcement of such walls noticeably weakens the radio signal. In general, experiment and your efforts will be rewarded. At the planning stage, try to borrow equipment from friends for a while to figure out what and how. It is possible that you will need to audit other devices in your apartment: for example, a wireless mouse operating at a frequency of 47 MHz has a noticeably less impact on the operation of the Wi-Fi network than its sister based on Bluetooth technology.

Photo from the site hardnsoft.ru

Finally, we would like to thank the readers for the patience they needed to read the article to the end. As you can easily see, it contains the bare minimum of recommendations, and we tried to avoid specific examples. This was done deliberately, since specific implementations of certain parameters may vary from one manufacturer to another, but once you get the gist, it will not be difficult for you to determine which checkbox is responsible for the desired parameter. The most important idea that I would like to convey to the reader is that there is nothing complicated in creating wireless networks. Just do it and you will succeed!

 

It might be useful to read: