This is the last posting in a trilogy about adding a second router to a Local Area Network to provide an additional layer of protection for high value computers.
The first thing I noticed after setting up a network as described in the previous posting was that a newly protected computer, plugged into the second router just worked. All the hard work is in configuring the new router. Any computer using DHCP, which is the norm, shouldn't need any changes to enable the additional protection.
One side effect of the new LAN segregation is remote control. On the network I tested with, I sometimes use Real VNC to remotely control another computer on the LAN. This is no longer possible across the divide that the second router was brought in to create. To continue with the adult/kid scenario from before, it is no longer possible for an adult to remotely control the computer of a child.
The newly created digital divide also prevents file sharing between an adult and a child. Of course, that's by design.
Also by design, an adults computer can no longer connect to the kids router to make configuration changes. Or so I thought. While this is true when dealing with private IP addresses, the kids router also has a public IP address (you can see your public IP address using www.ipchicken.com). I was surprised to find that entering the public IP address into the Web browser on an adults computer, brought up the internal Web site in the kids router.
From a kids computer, the Web site in the kids router could also be accessed by its public IP address. The router in question was a Belkin Wi-Fi G F5D7230. I'm not sure that other routers will also act this way.
From outside the LAN, the website in the kids router is not reachable. This was expected as the remote administration feature was purposely turned off--a recommended Defensive Computing step.
I use an SSL VPN from WiTopia.net whenever I access an untrusted network. The VPN worked just fine from an adults computer. In fact, it worked so well, that I could no longer see the Web site in the kids router using its public IP address. Thanks to the VPN, I was accessing the Internet from WiTopia rather than from the LAN.
Leo Notenboom, whose article "How do I protect myself from my children?" prompted this trilogy, uses Hamachi, another type of VPN. He said it works fine in this type of network configuration. There are other types of VPNs, such as IPsec, which I can't test.
Wi-Fi should present no problem in a double-router LAN. In fact, each router can have its own Wi-Fi network.
In the best case, one wireless network would use the crowded 2.4GHz band (Wi-Fi B, G and N) and another would use the 5GHz band (Wi-Fi A and N) to avoid stepping on each others feet. But most consumer routers only use the 2.4GHz band, so, if possible, configure each router to use a different Wi-Fi channel.
In my case, the adults router was a Ruckus 2825 which has a "Smart select" option for the Wi-Fi channel. Testing it on different days, it did indeed chose different channels. So far, the Ruckus router has shown excellent range, but I haven't yet put it to the acid test.
Another way to avoid having the two wireless networks interfere with each other is to turn off the wireless radio in a router when not in use. This is done using the internal Web site in the router and, as noted above, an adults computer can configure both routers. I've yet to see a Wi-Fi router with a physical switch for turning off the radio, if you know of one please leave a comment below.
All in all, the cost and inconvenience seem pretty small for the extra protection a second router can offer adult/high-value computers.
Update: September 29, 2008.The point about remote control needs to be clarified. There are two approaches to establishing the connection between the two computers: direct and with a middle-man. On a normal LAN, you can use the direct approach by entering the IP address of the controllee from the controller machine. Adding a second router limits this option to adults controlling adults or children controlling children. However, since all computers can still access the Internet, the middle-man approach still works. With this scheme, each computer first connects to a middle-man website. GoToMyPC is an example of the middle-man approach whereas Real VNC is an example of the direct approach.
See a summary of all my Defensive Computing postings.
Previously, I wrote about using a second router to provide additional protection to high-value computers--specifically, to protect computers used by adults from those used by children on a shared Local Area Network (LAN).
That article was mostly conceptual, this one covers the nitty-gritty technical details.
First, the good news. Adding a second router has no effect on the first router and no effect on the untrusted (kids) computers. Each is blissfully ignorant of the following changes.
In describing the steps, the existing/first router will be referred to as the kids router since the untrusted kids computers connect to it. The new, second router will be referred to as the adults router since its job is to protect the computers used by adults.
For the sake of simplicity, I'll start with wired Ethernet connections and assume, as is usually the case, that the kids router is handing out private IP addresses* in the range 192.168.1.x using DHCP. The steps below apply regardless of the operating system employed on any particular computer.
Here's what needs to be done:
- The high-value (adults) computers are unplugged from the kids router and plugged into the LAN ports of the adults router.
- The WAN port of the adults router is plugged into a LAN port on the kids router. WAN stands for Wide Area Network, and refers to the Internet. From the perspective of the adults router, the kids router is the Internet. On some routers, the Ethernet WAN port is a different color from the LAN ports, but not always.
- What the adults router thinks is its public IP address is really a private IP address (192.168.1.x) used by the kids router. This is configured in the adults router using the type of Internet connection option. The easiest thing is to set the adults router to DHCP or dynamic. It can, alternatively, be configured for a static IP address, but this requires a knowledge of the private IP address range used by the kids computers and router. Also, if the configuration of the kids router were ever to change in the future, the static IP address may no longer be valid and thus knock the adults computers offline.
- On the WAN/Internet side, the default gateway and the primary DNS server for the adults router is the kids router (probably 192.168.1.1). If you opted for dynamic in the prior step, this should happen automatically, after rebooting the adults router. If you opted for a static IP address, you'll have to set this manually.
- On the LAN side, the adults router can use DHCP to hand out IP addresses in any private address range other than that used by the kids router. For example, it could use 192.168.2.x or 192.168.8.x. To make things as obvious as possible, however, I suggest configuring the adults router to issue IP addresses in the 10.x.x.x range with the default subnet mask of 255.0.0.0. Along with this, set the LAN side IP address of the adults router to 10.0.0.1.
- Each adults computer needs to use an IP address in the 10.x.x.x range. Most likely the computer(s) will already be configured to get an IP address using DHCP, in which case nothing needs to be changed. If, however, one was using a static IP address, a new one probably needs to be assigned, one that is outside the DHCP range handed out by the adults router.
Once this is done, an adults computer, which used to have a TCP/IP default gateway of 192.168.1.1, will now have a default gateway of 10.0.0.1. Likewise, the DNS server and DHCP server for an adults computer will now also be 10.0.0.1.
Not to switch subjects, but elsewhere I've written that I'm a big fan of OpenDNS. Any computer can be manually set up for OpenDNS, but another approach is to configure the router to use the OpenDNS servers and the router will then pass along this setting to computers that connect to it with DHCP.
More about living with this setup, and about Wi-Fi, next time.
*For more on public vs. private IP address, see What does your IP address say about you?
See also How to check if a computer is using OpenDNS
See a summary of all my Defensive Computing postings.
If you live in a home where parents/adults have one or more computers, children have their own computer(s), and everyone shares a single Internet connection, then you should consider a second router.
While the main function of a router is to let multiple computers share a single broadband connection to the outside world, it is also invaluable in offering firewall protection. Firewalls that run on your computer have their place, but you are much safer with the additional protection offered by the firewall in a standard, ordinary, consumer-grade router. Previously, I suggested that even someone with only one computer get a router, just for the firewall protection.
Last week, Leo Notenboom, of Ask-Leo.com, wrote about using a second router to protect adults from children sharing the same Local Area Network (LAN) at home (see How do I protect myself from my children? )
Leo targets Windows users, and I take it as a given that no mix of defensive software offers perfect protection on a Windows machine. That said, the networking scheme he discusses is applicable and sensible regardless of the operating system running on any single computer. If you are an adult, sharing a network with children, and the health and well-being of your computer is important to you, then investing in a second router makes sense.
The basic idea that Leo suggests is to put the adult computers in their own LAN, protected by the second router from the LAN segment with the children's computers. Everyone still shares the single Internet connection.
In addition to the firewall, the NAT feature in a router also offers protection. For example, if the kids use private IP addresses* such as 192.168.1.x then the adults can use private IP addresses in the range 192.168.8.x. Assuming everyone uses the default subnet mask of 255.255.255.0 (a topic for another day) then the adult computers and the kids' computers can't directly talk to each other.
This networking scheme does not eliminate the need for firewall software in each individual computer.
This approach may also apply to a small business if certain computers do work that is judged to be much more important than others. Here too, the small expense of a second router offers additional protection to the most important computers. Taking this even further, it is not at all unreasonable for a small business to ban an important computer from ever touching the Internet.
Finally, anyone installing a new router should read my earlier posting Defending your router, and your identity, with a password change.
Update. September 27, 2008. For more on this subject, see my follow-up Using a second router: A techie how-to
*For more on public vs. private IP address, see What does your IP address say about you?
See a summary of all my Defensive Computing postings.
Not long ago, I purchased a Netgear WGR614 wireless G router. It's a new router and the G flavor of Wi-Fi is relatively mature so I didn't expect any problems. Silly me.
I set up the wireless network to use WPA-PSK-TKIP and connected to it just fine from my Windows XP laptop. A relative came over and their Windows XP laptop also connected to the Wi-Fi network. But, a few days later a third person tried it and their Windows XP laptop, a ThinkPad T60, refused to make a connection.
Perhaps, the vendor software managing the network connection was at fault. The first two machines had used Windows XP to handle the wireless connection. Nope. Even with Windows XP in charge of connecting, the T60 refused to get with the program. I turned off the software firewall and verified the router was using the latest firmware (which was version 9). I even turned off the firewall in the router. In the end, nothing helped and I had to switch routers.
(Credit:
Netgear)
Now, days later, I get to finish debugging this. It turns out, the problematic T60 laptop does Wi-Fi just fine. Using the vendor supplied software, and with the firewall running, it connects to WiFi G routers from both Linksys and Belkin. Then, we try the Netgear WGR614 again, and it refuses to connect.
So, the Netgear router talks to two laptops just fine but not to the T60 ThinkPad. The T60 ThinkPad talks to two WiFi routers just fine, but not the Netgear router.
Go figure.
Last week, I set up a wireless network for a client. It worked fine for a couple days and then nothing. I'm on the phone with the client checking this and checking that, both from the wireless computer and from a wired computer connected to the same router. Some things are working, some aren't, I'm struggling to get a handle on the problem. And then, the network is working. Mind you, we didn't change anything. Like a petulant child, the network just decided to start working. Much like it decided to stop working. My best guess is some type of local radio interference.
One thing we tried was verifying the password for the network, which was also Wi-Fi G with WPA-PSK-TKIP. Rather than have the client login to the router and try to find the sub-sub section where the password is, I had them purposely enter an invalid password. I wanted to see the error message you get, figuring the lack on an error message meant the password hadn't changed. This was on a Windows XP machine using Windows to control the wireless network.
There is no error message.
Thinking that something must be wrong, I verified this on another XP machine on another network. Sure enough, if you login to a WPA-PSK-TKIP network with the wrong password, Microsoft doesn't see fit to issue any error message at all.
I hate Wi-Fi.
See a summary of all my Defensive Computing postings.
Last night and this morning I couldn't get to my personal website. Other websites and email worked just fine. The website itself wasn't broken ("down" is the official nerd term), the Internet was.
A great service for pinpointing a problem like this is available at siteuptime.com. Their free Quick Check (shown below) can be used to test the availability of a website from New York, Chicago, San Francisco and/or London. The HTTP (website protocol) tests of my site showed that it was fine when accessed from all four cities.
As a politician referred to it, the "tube" between New York (where I was) and Florida (where the site resides) had sprung a leak.
The path traveled between any two computers on the Internet can be long and convoluted. Amazingly so. Fortunately, the underlying transmission protocols (TCP/IP) include a debugging command for just this type of routing problem. On Windows it is called "tracert", on Linux it is called "traceroute". I'm not a Mac person, but, according to this Apple KB item, it's also called "traceroute" on OSX where it is part of the Network Utility.
Traceroute shows every router between you and another computer on the Internet. It also shows the time it took for data to get to these intermediate routers, but that's usually not an issue. Below is an edited sample of a Windows XP traceroute between my New York computer and CNET.
C:\Documents and Settings\userid>tracert cnet.com
Tracing route to cnet.com[216.239.122.102] over a maximum of 30 hops:
... [removed]
10 10 ms 10 ms 11 ms ae-13-69.car3.NewYork1.Level3.net [4.68.16.5]
11 11 ms 10 ms 10 ms att-level3-oc192.NewYork1.Level3.net
12 50 ms 51 ms 51 ms tbr1.n54ny.ip.att.net [12.123.0.90]
13 49 ms 48 ms 50 ms cr2.n54ny.ip.att.net [12.122.16.149]
14 51 ms 52 ms 49 ms cr2.wswdc.ip.att.net [12.122.3.38]
15 49 ms 50 ms 53 ms cr1.attga.ip.att.net [12.122.1.173]
16 51 ms 49 ms 50 ms cr2.dlstx.ip.att.net [12.122.28.174]
17 50 ms 50 ms 52 ms tbr2.dlstx.ip.att.net [12.122.18.214]
18 51 ms 51 ms 50 ms 12.122.100.97
19 64 ms 99 ms 52 ms 12.87.121.22
20 51 ms 50 ms 48 ms c18-sha-redirect-lb.cnet.com [216.239.122.102]
The first column is a sequence number, the next three columns are timings and the last column is the name and/or IP address of an intermediate router. All told, the test data traveling from me to CNET made 19 intermediate stops. At least it did this time, the route is not fixed and will change over time.
Note the first line of output that says tracing stops after a maximum of 30 hops. "Hops" refers to an intermediate router. On Windows XP, the assumption is that there normally aren't more than 30 routers between you and another computer.
When things go bad, traceroute shows asterisks. Below is an edited sample of the traceroute between my home computer and my Florida-based website at the time of the problem.
C:\Documents and Settings\userid>tracert www.michaelhorowitz.com
Tracing route to michaelhorowitz.com [208.84.150.101]
over a maximum of 30 hops:
...
9 13 ms 16 ms 14 ms ae-1-0.pr0.dca10.tbone.rr.com [66.109.6.165]
10 13 ms 15 ms 16 ms 64.132.69.61
11 76 ms 72 ms 73 ms 64.128.245.106
12 72 ms 73 ms 75 ms 64.128.245.106
13 76 ms 75 ms 83 ms core2.rapidvps.net [66.97.162.162]
14 72 ms 74 ms 73 ms moors.rapidvps.net [208.84.151.160]
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
The router at moors.rapidvps.net is not necessarily the problem, it was the last normally functioning router. The real problem lied somewhere beyond it.
I sent the traceroute output and a description of the problem to the company hosting my website, and the problem turned out be with a firewall. For some reason, a firewall under their control was purposely blocking my IP address.
Every computer on the Internet is addressed by a number called an IP address. Large companies are given permanent IP addresses. Consumers, such as myself, normally share a pool of IP addresses given to our Internet Service Provider*. An ISP doles out their IP addresses to customers on an as-needed and rotating basis.
What probably happened was that another customer of my ISP was doing something bad or suspicious and that got them blacklisted in the firewall of my hosting company. But the IP address came from a shared pool and sometime yesterday it got assigned to me.
Go figure.
*I am referring here to public IP addresses, those visible on the Internet. Some IP addresses are reserved for internal use only and are referred to as "private" IP addresses. On a Local Area Network, the IP addresses assigned to each computer normally come from the private group. The most popular private IP addresses are 192.168.x.x and 10.x.x.x. Even if something gets mis-configured, routers on the Internet are programmed to throw away any packets they get with an private IP address.
See a summary of all my Defensive Computing postings.
I have, in the past, been critical of computer articles in the newspapers I regularly read, the Wall Street Journal and the New York Times. Often I've warned that you don't read PC Magazine for mutual fund advice and you shouldn't read the Wall Street Journal for computer advice. Yet, the reporters in these newspapers are significantly more technically qualified than the Orlando Sentinel.
Today, I'm in south Florida, where the Sun Sentinel is the local paper. They reprinted an article by Etan Horowitz (no relation), Set up a home wireless network, that originally appeared last month in the Orlando Sentinel.
The article contains a number of technical inaccuracies, which I'll discuss below and well as some important omissions. The hardest part of technology may very well be learning what advice to trust.
(Credit:
Belkin)
The article says "Most new laptop and desktop computers have built-in wireless networking..." New desktop computers with built-in wireless networking? Not the ones I've seen.
It warns that "...if you are using an old computer you may have to buy a wireless network adapter." True enough, but they come in multiple form factors (PC card, Express card, PCI and USB) an important point that is not mentioned.
It says that "..a printer may ... require a wireless networking adapter."
Networking a printer that does not do networking on its own, requires a print server. As far as I know, there is no such thing as a wireless networking adapter for a printer. And the print server does not need wireless networking at all, a wired/Ethernet print server can connect to a router and make any printer available to a WiFi based laptop computer.
As for the initial router configuration, the article says "... follow the instructions that came with your router and use the installation CD. If you have a desktop computer that will always be in the same room as your modem or router, run the CD on that computer. Otherwise run the CD on your newest computer."
Newest computer? I can't even guess where this came from. Initial router configuration should be done using an Ethernet connection and any computer that can read CDs and has an Ethernet port will do.
Ethernet came up again in the discussion of adding a password to a WiFi network that doesn't have one. The article says "If you aren't prompted to do this while setting up your network, you'll need to connect a computer to your router via an Ethernet cable ..."
Ethernet is not required. You can connect to the router using the wireless network and make changes to the router this way, including adding or changing the password for the WiFi network. Most likely, after adding/changing the password, the router will re-start itself and you'll have to connect to the wireless network again, using the new password.
Connecting directly to the router requires knowing its IP address. If you don't know it, the article suggests a Google search for the default IP address used by the manufacturer of the router. This is not the best approach. For one, default IP addresses may change over time. For another, your router may not be using the factory default IP address. Your computer always knows the IP address of the router, any computer running TCP/IP knows this. In Windows, open a command prompt and type "ipconfig". The IP address of your router is referred to in the output as the "Default Gateway".
Before attempting to connect to a wireless network, the article warns that "you'll have to make sure that the computer's wireless connection is turned on or that your adapter has been installed and set up."
First of all, that's an "and" not an "or". If either of those conditions are not met, the computer won't connect to any wireless network. And just what was meant by a wireless network connection being turned on? It could refer to the switch on the outside of the laptop computer that controls the wireless radio. It might refer to the definition of the wireless network being enabled rather than disabled. It might refer to a host of things.
The instructions for connecting to an existing wireless network are not the most useful. Quoting: "On Windows computers, look in the Control Panel to enable wireless connectivity and search for available networks."
If you get as far as trying to connect to a wireless network, the article says "You will be asked to choose the type of security setting (WEP, WPA etc) and enter the network key." Windows XP users that let Windows control the WiFi connection are not asked to chose the type of security. Windows is smart enough to figure out the type of security being used all by itself. And, an article targeted at a general audience has to point out that "network key" means "WiFi password".
Omissions
The article left out a number of important issues.
The Sun Sentinel version of the story says nothing about choosing WEP, WPA or WPA2 when configuring a new network. It turns out the Sun Sentinel removed this sentence from the original story: "There are several levels of security you can add to your network, but one of the most basic is to choose a security setting such as "WEP" or "WPA" and generate network keys. If possible, use WPA."
Even with this sentence, however, WPA is not at all secure if you chose a short password or use a word in the dictionary. When it comes to WPA, you should think in terms of pass sentence rather than password. The recommendation is to use at least a 20 character password. Steve Gibson offers great 64 character passwords.
Many people share a single broadband Internet connection but don't need to share files between their computers. If that's the case for you, you're much better off turning off File and Printer sharing in the definition of the wireless network and/or the wired network connection.
The article doesn't mention changing the default password for the router itself. This has nothing to do with the WiFi network, instead it controls all access to the router for the purpose of making configuration changes. I blogged about this in March, see Defending your router, and your identity, with a password change.
Finally, the article didn't even include the word firewall. Discussing wireless networking without mentioning firewalls borders on malpractice.
If you are in south Florida, you may want to complain to the newspapers. Otherwise, you'll get more of the same.
Note: One of the earliest postings I wrote on this blog, back in July 2007, was about steps to take in preparation for networking failures. See The blinking lights on a router are talking to you.
See a summary of all my Defensive Computing postings.
Recently, in the techie Q&A column in the New York Times, someone asked about changing the password in their router. Due to space limitations, the answer by J. D. Biersdorfer was short, too short. This is what you need to know.
Every router, wired or wireless, has an internal website used to make configuration changes. Accessing this internal website requires a userid/password, something totally independent of any wireless network passwords.
A year ago, in my prior blog, I discussed why it is so important to change the default router password (see Home routers can be dangerous. VERY dangerous). In brief, if your router is using the default password, your computer is vulnerable to an attack where the router is re-configured. Specifically, the dangerous configuration option is the DNS server. For an introduction to the concept of DNS servers, see my prior posting on OpenDNS.
Malicious DNS servers can result in your visiting to a website, any website, and ending up at a phony version of the site run by bad guys. If the website is that of a bank or credit card company, and you enter a userid/password, you can kiss your identity, and money, good-bye.
There are three steps to changing the password in a router:*
1. Find the router on the network
2. Log in to the website built into the router
3. Hunt around for the appropriate web page
If your router was setup by a good techie, there should be a piece of paper next to it with the IP address, userid and password. I'm sure this is rare.
Step 1: Find The Router On Your Network
Every computer on a network is assigned a unique number. The most common networking protocol, TCP/IP, uses a 32 bit binary number which is written as four decimal numbers separated by periods (such as 192.168.1.1). The unique number for computers on a TCP/IP network is called an IP address.
You can find the IP address of the router in the following ways:
1. The person who set it up tells you.
2. If you have the manual for the router, it will have the default IP address. In my experience, the default IP address is rarely changed.
3. You can download an electronic version of the manual from the website of the company that manufactured the router. Again, this will have the default IP address.
Connection-specific DNS Suffix . : localdomain2
IP Address. . . . . . . . . . . . : 192.168.1.88
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
4. The most reliable method is to ask the TCP/IP software running on your computer. It always knows where the router is. In Windows XP, Vista and 2000, open a command prompt window and enter the command "ipconfig" (see above). The IP address of the router is identified by Windows as the "Default Gateway".
Open your web browser and type this number into the address bar, as shown below.
This will connect you with the website that lives inside the router. This website will look and act like any other website even though, technically, it is not on the world wide web.
Step 2: Find The Password
Before you can see the router configuration website, you have to provide a password and possibly a userid. Usually you can't change the userid, so I'll focus on the password. In the example below, of logging in to a Belkin router, there isn't even a userid, just a password.
Below is a screen shot of logging into a Linksys router. Note that you are instructed to leave the userid blank, and only enter a password.
If you don't now the router password, start by trying the default one. The New York Times article mentioned two websites where you can find the default userid and password for many routers (here and here). Be aware though, that the sites are neither authoritative nor comprehensive. You can also find the default userid and password in the manual for the router.
If the default password doesn't work, you are safe from malicious software changing the DNS servers. Still, it's a good idea to know the password for your router.
To change a non-default password without knowing it, requires reseting the router back to the factory default settings. There should be a small Reset button for just this purpose. You may have to unwind a paper clip to press the button and may have to hold it pressed for a few seconds. The manual should explain the procedure.
Step 3: Change The Password
Simply put, you'll have to do some hunting around the website to find the page for changing the password. Every router I've seen has a different interface.
In a Linksys router it may be in the Administration tab. In a Belkin router, try the System Settings. In a recent D-Link router, you changed the password in the Admin sub-section of the Tools section.
Rather than hunt, if you have the manual in Adobe Acrobat PDF format, try doing a find for the word "password". Unfortunately, routers are complicated and there are many passwords. The password to login to the router is not the PPoE password, or the PPTP password or the L2TP password. It also has nothing to do with the password for the wireless network.
D-Link may add more complication. Their routers may have an admin password for logging in to the router and making changes, and, a separate user password for logging in to the router in read-only mode.
After changing the password, you will likely get bounced out of the website and forced to login with the new password. Do so, just to be sure the new password is working. Now write down the userid and password on a piece of paper and tape it to the router. For good luck, include the IP address too.
Be Angry?
If the person that setup your router did not tell you the IP address, userid and password, they are incompetent. It's like buying a new car and not being able to open the hood to get to the engine. The car will run and work fine, for a while. Maybe quite a while. But there will come a time when you need to poke around the engine and you won't be able to.
If your router was using the default userid/password then the person that set it up is worse than incompetent, they are guilty of negligence. It's not inconceivable for this to result in a lawsuit someday.
Update. March 11, 2008: I just set up a new Belkin N Mimo router. Not only does the new model continue the tradition mentioned above of supporting only a password (no userid), the default password is no password.
*Note: There may also be software for managing the router, but finding and installing the software can be a headache of its own. Also, there is no standard for how the software works.
See a summary of all my Defensive Computing postings.
Can't get on the Internet? Can't print to network printer? It's bound to happen sooner or later. Wired Ethernet networks are pretty reliable, wireless ones can be brutally finicky. But no matter what type you're using, it's good to be prepared for networking failures in the future.
When there is a networking problem, the knee jerk reaction may be that there is something wrong with the computer. Perfectly understandable.
But the first step in debugging a networking problem should not involve any of the computers. Rather, you should look at the lights on the box(es) sitting at the hub of the network. The hardware is talking to you and may have something useful to say.
The box(es) may be a number of things. Often there is a broadband modem (cable or DSL) and a separate router. There may even be a third box for VOIP to which a normal telephone is connected. On the other hand, all these functions may be combined in a single box. The advice is the same either way.
Before trouble strikes look at the box(es) holding your network together and make a note of the normal state of every light while the network is functioning properly. Is the light on or off? Green or Amber? Solid or blinking?
So that it's always at hand, I suggest keeping this cheat sheet right next to the device in question. Maybe even tape it to the box, so it can't get lost. Now, when the network fails, the first thing to check is the lights on the box(es).
That's step one. Step two is to examine each box and make a note of the vendor and model number. Then go online to learn what every light can tell you. It's one thing to know that a certain light is normally green, but exactly what does it mean when the light is amber? Or blinking green instead of solid green?
I try to find the manual for the device at the web site of the hardware manufacturer. In addition, I try to find documentation on the lights at the website of the broadband provider. Cable and DSL modems can be modified by an ISP, so their documentation may be more accurate than that from the hardware manufacturer.
If you were given a manual/booklet/pamphlet with the device and can still find it, great. But this would be my last choice for information as it may not be up to date, may cover multiple models or may not reflect customizations made by the ISP.
If, at your ISP's web site, you can't find anything documenting the meaning of each light, then contact your ISP and ask them. Someday, you may be very thankful you did.
- prev
- 1
- next
