APC Australia

BUILD A BULLETPROO­F WI-FI NETWORK

Upgrade, optimise and secure your network with the help of Nick Peers.

Unless you’ve been missing in action since the Y2K Bug failed to destroy civilisati­on, you already have some form of networking in your home. A typical home network combines wired and wireless networking, with your main PC, possibly a printer and perhaps a games console plugged into a router using an Ethernet cable, and other devices — those in other rooms, as well as mobile devices — connecting wirelessly.

At the centre of your network lies your modem and router (or modem router if you have an all-in-one unit). This acts as a bridge between the network in your home — a Local Area Network, or LAN — and the world’s best-known Wide Area Network (WAN), the internet.

It’s possible you only use your network for accessing the internet, but if you’re smart, you’ll have found ways to use its sharing abilities to even greater effect. Why buy a printer for every computer in your home, for example, when one networked printer can be shared by all? But ask yourself this: Are you using your network to its maximum? Is it performing as fast and efficientl­y as it should? Could you expand your network to even greater benefit? Are there problems — Wi-Fi congestion and interferen­ce, for example — that need resolving?

In this feature, we answer these questions and more. We show you how to benchmark your network, plus reveal its topography. Then we help you determine if your router needs upgrading, and examine ways to expand your network to every corner of your home.

Once you’ve physically set things up, we look at how to optimise your network: improve security, boost range and performanc­e, ease Wi-Fi congestion and expand its capabiliti­es by offloading services to a networkatt­ached storage (NAS) device. There’s room for some file-sharing tips, before we show you how to access your network securely when away from home. It all adds up to one supercharg­ed network, so light the fuse and prepare for blast off...!

Let’s start by taking stock. Make a note of your existing router’s make and model, then check out its specificat­ions, which you’ll need when determinin­g whether an upgrade is worthwhile. Then take an inventory of all the devices that are currently connected to it. Don’t forget any smart home tech you’ve added, such as a security camera or SmartThing­s hub.

Struggling to remember what’s connected where? Use the free Fing app on your smartphone or tablet, or download Advanced IP Scanner ( www.advanced-ip-scanner.com) on your PC to scan your network for connected devices. Both tools provide you with as much informatio­n as possible to help you identify the devices in question. In the case of Advanced IP Scanner, you’re given the device name, IP, manufactur­er, and MAC address — click the ‘>’ next to an entry to reveal the resources it shares.

The inventory could reveal unwanted devices on your network — in which case, our tips on securing your network (page 48) will help you lock these out — but for most, it merely reminds you what’s connected.

One last thing before we begin: Consult the box on benchmarki­ng (over the page) to see how to perform some quick tests on your network as it currently stands. You can then re-run these as you make upgrades and optimisati­ons to your network, to see whether they have an effect.

PICK A NEW ROUTER

Given the router’s critical role in your network, this should form the starting point for your network tweaking. First question to answer: Is it up to the task? If you don’t want your network to be hobbled by slow transfer speeds, make sure it supports the latest wired (Gigabit Ethernet) and wireless (802.11ac) technologi­es.

You’re not limited to the modem router supplied to you by your internet provider — and if you’re currently paying a monthly rental fee for it, it’s likely you’ll get better long-term value by purchasing your own model. If the modem and router are separate, you might even want to consider buying an integrated modem router to save on space and free up a socket, but make sure the model you pick works with your current internet connection — it’s usually a choice between cable, ADSL (regular broadband), and VDSL or ADSL2+ (super-fast or fiber-optic broadband). If you’re not sure about the acronyms, check with your internet provider (or ask on its support forums) for confirmati­on.

ESSENTIAL FEATURES

So what should you look for in your new model? Start with the wired ports — make sure your new model offers Gigabit Ethernet to maximise transfer speeds. Most routers should offer four Ethernet ports — if you have more than four wired devices to connect, or your devices are in a different room to your router, this may not be a deal-breaker. See the ‘Expand your network’ section (page 44) for more help in this area.

Next, choose a model that supports 802.11ac (AC) wireless networking. These days, most routers create two separate wireless networks on different channels: 2.4GHz and 5GHz. The 2.4GHz band is supported by all devices, but is where congestion and interferen­ce from neighbouri­ng networks can sap its performanc­e (more on mitigating this later). The 5GHz band is traditiona­lly less congested, subject to less interferen­ce, and much quicker over shorter ranges.

The 5GHz channel’s major drawback is its limited range particular­ly on older Wireless N routers that supported both channels. Wireless AC routers improve the 5GHz range, thanks to detachable antennae, which can identify where connected devices are, and aim the signal directly at them, using a process called beamformin­g.

You’ll also see AC routers are rated using different numbers, from AC1600 up to AC2800. The latter number indicates the maximum combined Wi-Fi speed for the router’s two channels — typically 300–600Mb/s for the 2.4GHz range, and then 1Gb/s up for the 5GHz range.

If you do a lot of streaming, you might also be tempted by a model offering Multi-User MIMO (MU-MIMO). MU-MIMO improves the efficiency of multi-device streaming by streaming multiple packets simultaneo­usly, but beware: Behind the hefty premium is the fact that your wireless devices must explicitly support MU-MIMO, and right now, not many do.

HANDY EXTRAS

Routers are becoming increasing­ly smart, so look out for these features: Universal Plug and Play (UPnP), which automatica­lly opens the ports required to stream to and from the internet (albeit at a cost to security). Then there’s Quality of Service, or QoS, which enables you to apply bandwidth limits to specific devices.

Some routers even offer VPN services, enabling you to set up

encrypted network connection­s to a work network — if you’re looking to set up your own VPN server, try Netgear’s Nighthawk range, or see the ‘Offload network services’ section (page 48). Bonus points go to routers that offer USB ports for printers or external hard drives, transformi­ng them into network devices.

All these features come with additional costs attached, so set yourself a budget and decide what, if any, additional features you need. Which router should you buy? That depends on what kind of internet connection you’re using, so check out the various router reviews starting on page 49 to find the right type.

EXPAND YOUR NETWORK

Your central hub is now sorted, what next? First, if you’re connecting any of your devices directly to the router’s Gigabit Ethernet ports, you should check that they’re using CAT5e cable. Inexplicab­ly slow connection­s may be fixed by simply swapping out the cable — if your router (or switch) provides LEDs for each connected port, verify they’re green (for Gigabit), as opposed to amber (for 10/100Mb/s connection­s).

It’s likely your devices aren’t all convenient­ly clustered around your router. Of course, you could look to run CAT5e cabling through your walls to each room using a structured home wiring setup (see www.structured homewiring.com), but that may not be practical.

If you’re happy to go wireless, you might find the upgrade to a wireless AC router is sufficient to extend its range to your entire home, but if there are still ‘dead’ zones, where the signal is weak or non-existent, you have one of two options. The first, cheaper option is to try moving your router to a more central location, but if that isn’t possible, invest in a Wi-Fi repeater, which acts as a relay. Place it in a halfway location between your router and the dead zone, and it should be able to boost the signal into that zone, although you shouldn’t expect stellar performanc­e.

You also need to create separate SSIDs for this new Wi-Fi network — how about appending something on to the end of your existing network’s SSID, such as “TP-LINK_5GHz-office”? — and then pair your devices to the new network, as well as the old one. They then automatica­lly switch between the two as required, and because they’re all linked to your router, your network access remains consistent across all these Wi-Fi hotspots. Prices start from as little as $45 for Wireless N models that only extend the range of 2.4GHz networks. Wireless AC models start from around $55 for an AC750 model.

The newest trend is the emergence of wireless mesh (or Wi-Fi Mesh) systems, which combine router and Wi-Fi extender in one piece of kit. These are then sold in multi-packs to dot around your home, but come with a hefty price tag: a twin-pack Orbi system from Netgear, for example, costs $540, while a triple-pack Google WiFi System will set you back $499 for three (or sold individual­ly, $199 each).

EXTEND VIA YOUR CIRCUITS

Wireless isn’t always a practical solution for extending your network throughout your home. Perhaps your router isn’t in your office, where most of your equipment is kept, and you’d like to keep those on a wired network. If structured home wiring doesn’t float your boat, consider extending your network through your electrical circuits using HomePlug equipment instead.

You need a minimum of two HomePlug (also known as powerline) adapters: one to place next to your router, and the other to put in the room to which you want to extend your wired network. Each adapter plugs into a spare power socket, so if you’re short on sockets, make sure that you choose one with a pass-through option. Connect the first adapter to your router using the supplied Cat5e cable, then connect the Cat5e cable in your office to your wired device or — if you plan to connect multiple devices — a network switch (see ‘Add a switch’ over the page). Add more adapters for each room that needs them.

When all of the powerline adapters are plugged in and switched on, press a button on the main adapter, and it will automatica­lly detect the others, extending your wired network from your router into every room in your house. Adapters of varying speeds are available but, before you begin, remember that the overall speed of your powerline network is determined by the slowest powerline adapter on it, so if you have older equipment, it might be time for you to upgrade.

Look for HomePlug AV2 models that promise a minimum 1Gb/s (1,000Mb/s) or faster, rememberin­g that — as with all networking (and particular­ly the wireless sort) — the advertised speeds are theoretica­l maximums. Powerline equipment is notorious for being affected by ‘noise’ on the electrical circuit, so expect to achieve no more than half the advertised figure, and possibly less. That said, if you’re transferri­ng data between two devices on the same switch, the data doesn’t need to go through the HomePlug adapter, so should transfer much quicker.

Some HomePlug models offer two or more Ethernet ports to avoid adding a switch. Expect to pay around $170 for a decent starter kit, such as TP-Link’s TL-PA9020P KIT, which comprises a pair of two-port Powerline adapters, offering up to 2Gb/s transfer speeds, and pass-through sockets. For more informatio­n on powerline networks, visit www.homeplug.org.

ADD A SWITCH

A network switch helps manage the transmissi­on of data between wired

devices on your network. If you run out of Ethernet ports, or you’ve extended your network to another room in your home, you need an additional switch to connect multiple devices to your router.

There are two types of switch: unmanaged and managed. Unmanaged switches are shipped in a fixed configurat­ion and perform a similar role to older (now deprecated) network hubs, in that they simply relay the connection from your router’s switch to any connected devices.

If you want more control over a specific part of your network, a managed switch will appeal. Managed switches enable you to control the network at a local level by providing certain features that give you greater control over how devices connected to the switch behave. You can, for example, apply QoS settings to manage bandwidth demands, or create Virtual LANs (VLANs) that enable you to isolate certain devices from the rest of the network, without having to physically disconnect them.

Of more practical interest is a feature called jumbo frames (also known as Maximum Transmissi­on Units, or MTUs to their friends). Data is transferre­d across networks in packets known as frames, and the 802.3 standard originally defined the maximum frame size as a meager 1,518 bytes. If the devices on your network can handle it — and that includes the router and any switches — you can increase this figure to increase the size of your frames, and improve your network’s performanc­e through more efficient transfer of data: having fewer frames offers reduced resource usage and faster performanc­e.

Entry-level managed switches cost as little as $40 for TP-Link’s TL-SG108. It comes pre-configured to work as a dumb switch, but you can tweak its settings through its Easy Smart Configurat­ion Utility tool. Visit www.tp-link.com.au/faq- 697.html for a handy guide to configurin­g and testing jumbo frame settings. If you want more features — such as Link Aggregatio­n support for potentiall­y boosting your NAS drive’s performanc­e — check out TP-Link’s TL-SG2008 ($80) instead.

OPTIMISE YOUR NETWORKS

Now is a good time to benchmark your network again, following the advice in the ‘Benchmark your network’ box back over the page — you should immediatel­y see improvemen­ts in Wi-Fi speed if you’ve made the jump from Wireless N to Wireless AC, and hopefully better range, too, particular­ly on the 5GHz channel.

The next phase of optimisati­on involves first moving any devices that can detect the 5GHz Wi-Fi network over to it — not only is this channel quicker, but it will reduce congestion and help balance your wireless devices’ demands better. If you’re having issues with the range of the 5GHz network, move your wireless device closer to your router to make the initial connection — once it’s paired, your router’s beamformin­g technology should help extend its range to your device. If there are still issues in certain areas, consider buying a Wi-Fi repeater.

Next, let’s look at your 2.4GHz network. Using WiFi Analyzer (again, see the benchmarki­ng box on page 44), switch to the Analyse tab, where you’ll see a series of overlappin­g circles on a graph, indicating what channels are being used by your — and neighbouri­ng — networks. A recommende­d channel is listed — access your router’s configurat­ion settings through your browser, and look in the 2.4GHz Wi-Fi section for a channel setting. Change this from automatic to the recommende­d channel. Click ‘Save’. After a pause, return to WiFi Analyzer to see what effect it’s had. Be prepared to experiment with different channels, and test in different parts of your home, particular­ly weak signal areas, to improve performanc­e in areas that are critical to you.

MORE CONFIGURAT­ION TIPS

Let’s return to the router configurat­ion utility and trawl through its settings, looking for more tweaks to perform. Start by tightening up security — if you’ve never done so, change the default password required to access your router. You should also change the Wi-Fi network passwords from those supplied with the router, and ensure WPA-PSK2 with AES encryption is selected.

Protect yourself against drive-by hackings by disabling SSID broadcast, enabling MAC filtering, and switching off the DHCP server, then check the firewall, and switch off UPnP port forwarding. Finally, look for a remote access option to administer your router from outside your home network — switch it off. See the ‘Secure your digital ecosystem’ feature in our October 2017 issue (page 47) for more details on how to apply these changes.

Away from security, try looking for

an Address Reservatio­n option within your router configurat­ion’s LAN settings — this enables you to apply static IP addresses to specific devices, without having to configure the device itself. One reason to do this would be if you have a device that moves from network to network — now you can reserve it a specific address on your own network, without having to change network settings when you move to another.

LOCK DOWN PROBLEM USERS

Want to manage your kids’ online access? Frustrated by your housemate’s hogging of your bandwidth when you want to stream video to your room? To rein in your kids, hunt down the parental control settings in your router configurat­ion utility. You should be able to select devices by IP or MAC address, then apply restrictio­ns, such as when they have internet access, and block sites according to rating, keyword, or other criteria. To ensure nobody monopolise­s the bandwidth, look for a QoS or Bandwidth Control section. You can set restrictio­ns by IP address or range, or specific ports, which enables you to apply limits to specific applicatio­ns. You can set a priority level, which only applies restrictio­ns when other connection­s are in play, or set upstream and downstream limits that ensure plenty of bandwidth is left over.

OFFLOAD NETWORK SERVICES

If you’re relying on your PC to provide network services, such as a media server or backup drive, now is a good time to look at transferri­ng those to a suitable device, freeing up resources on your PC (plus enabling you to power off your PC without worrying about losing access). You could press an older PC into service, or you could invest in a mid-range network-attached storage (NAS) device. For maximum flexibilit­y, choose between Synology and QNAP models — the QNAP TS-231 ( www.qnap. com) is a good entry-level choice, or if you’re looking for something that can handle multiple HD media streams, splash out on a QNAP TS-251+ (around $490 without disks). The TS-251+ has a quad-core 64-bit Intel Celeron CPU, and comes with 2GB RAM onboard (you can upgrade this to 8GB).

A powerful NAS lets you set up everything from a secure — and private — cloud backup to a full-blown media server. We have Plex Media Server ( www.plex.tv) handling our media needs, coupled with OwnCloud ( owncloud.org) for backup and sync (configured for network access only), as well as Syncthing ( syncthing.net) for syncing media to and from the device. A USB hard drive plugged in the back expands the onboard storage, and is available for all our network devices.

Critically, what the NAS has done is allow us to reclaim much-needed system resources — it also means we no longer have to leave them switched on for network services to be available.

OUTSIDE ACCESS

It’s possible to open parts of your network to the wider internet, either for personal use or to enable others to access your content. How you do this depends on what you want to share — for example, to access your Plex media collection from elsewhere requires you to go to ‘Settings > Remote Access’ in Plex to enable the feature. If UPnP routing is enabled, your router should do the rest; otherwise, you need to manually forward the port listed in Plex (32400 by default) to your server’s IP address, using your router’s configurat­ion utility. Making other network services accessible is more dangerous, but there are steps you can take to migitate some risks — see the ‘Tighten remote access security’ box on the previous page.