The FreeBSD Diary

[Free]BSD has networking in its roots. It's one of the things it does very well. Why else would the BSD TCP/IP stack be used in so many other operating systems if it wasn't the best around?

Most people who use FreeBSD will also have a home network. Whatever the size of your network, it has grown as time passed. It evolved. It might not have been planned out from the start, so the physical environment may not be exactly what you need given the growth. So that is why moving to a new location gives such a great opportunity to create what you need. Even if that need soon changes as your network further evolves.

I have recently finished setting up my old network in a new location. I now have network connections available at 5 locations throughout my new home. Using the same type of rack as I had before, I was able to improve the layout and tidy things up by using some new tools. In addition, I've added a Wireless Access Point (WAP) to my network and bought two new PCMCIA NICs for the laptops in the house.

This article will provide some tips which will help you when setting up your network, designing the rack, running the cable, and configuring your WAP. The photographs below will allow you to judge for yourself how tidy and workable the rack and cabling is. And you'll learn about some nifty little tricks which will make things just that little bit better.

The rack is where all your equipment will go. Ideally, it will have easy access, both front and back. That's why my rack has the side towards the wall, which the opposite to how a bookshelf is aligned.

Here's a checklist of items for siting and creating your rack:

• Choose the rack location. The first decision is where can you put the rack. An unused corner of the basement or a closet might be a good location.
• Room to work in front and behind the rack. You'll need room, both front and back, to work on the rack. Make sure you can access the bottom shelves easily. Squat down and make sure there's room to work.
• Power. The equipment needs power. Don't run an extension cord. Install proper power points.
• Are water or waste pipes overhead? My rack is in the basement, and there are no water pipes above it. Pipe breaks are pretty rare, but I choose to locate elsewhere.
• Level, plumb, and anchor. Make sure the shelves are level, more or less, and that the unit is straight up and down (i.e. plumb). Anchor the unit to the wall so it cannot topple over.
• Choose your jack locations. If you are going to run network cables around the house, can you route the cables back to the rack? I put Post-it notes at each location which indicated the number and type of connections which would go there.
• Work light for rack. Ensure there is sufficient lighting around your rack. Avoid fumbling with a flashlight and install a good overhead light which illuminates the work area. I have a 150 watt halogen work light on one side of the rack and existing lighting was sufficient for the other side.
• Rack monitor. Go down to a local computer recycling or used equipment location and buy a cheap and nasty VGA monitor. It doesn't have to do color. A black and white version will do. Just make sure it's small. Put it on the rack in a corner. It'll be handy when you need to work on a stubborn box.
• Keyboard drawer. I found that Staples Business Depot has one very cheap version, which works well for what I need. I want the keyboard out of the way but easily accessible when needed.
• Attach power strips to rack. Most power strips can be securely attached to the rack. I used wood screws and then mounted the power strips directly to the rack. This makes it easier to adjust the power cords.
• Remember to put the switch/hub, DSL modem, etc on the UPS. When you are setting it up, be sure to unplug the power strips from time to time to ensure you've not missed anything in the setup.
• Fire extinguisher. Buy one. Keep it near the rack, but where you can reach it easily at any time.
• Tie cords away. Keep the cables, cords, and other wires out of the way. Make liberal use of cable ties and cable tie anchors. The easier it is to work, the less likely you are to accidentally unplug your equipment.
• Consider having a traditional phone modem as backup in case the DSL dies. Over the past two years, there have been a few occasions when my DSL has offline for a few hours. During those times, I just used the modem to get online. This means you'll need a phone jack near the rack.
• All computers on the rack gives a nice, quiet office. I don't have any computers in my office; they are all on the rack. It makes for a much quieter office. I run cables from the rack to the desk, through the wall. When buying the cable extensions, tell them what you are using them for so you get the right genders on each end of the cables.
• Don't cut your cables short. If the switch needs to be moved somewhere else in the rack, it can't be done if the cable is too short. Leave enough excess to reach the ground and allow for tidy placement within the rack. Roll up the excess cable and stow it neatly out of the way. You may need it later. It is going to be a lot less bother than running new cables!

When cutting those cable ties, be sure to cut the excess off completely. Do not leave a sharp protruding edge which can be razor sharp. Invest in some side cutters, easily available from Radio Shack.

1. Communication Wiring Color Codes
2. Wiring Standards at UVI
3. CATx Stripping and Terminating
4. How To Terminate & Assemble Keystone Jacks
5. Tech Info - Cable and Wiring FAQ

It might not be that important, but I think you should know that RJ45 is not a type of connector. It is a wiring standard. That connector is actually called an 8 position modular connector. But common usage does not always follow standards.

As mentioned in the fifth link, you can run two RJ45 jacks or one jack and one or two phones from a single CAT5 cable. The choice is yours but read the last two FAQ from that link before you decide. For what it's worth, I have hooked up a phone line to one of my cat5 cables.

One thing to note: you don't have to strip each CAT5 wire. Yes, you have to remove the cable housing (also known as the jacket or protective housing) to reveal the wires inside, but you don't have to strip those wires. That applies whether you are attaching the cable to a jack or to a plug. The crimping tool or punch down tool is designed to work with non-stripped wires.

For what it's worth, I bought most of the gear for my new network at Home Depot. The one thing I bought elsewhere was the 250' of CAT5 cable, that I got from The Trailing Edge. They were a smaller company, and were selling it for $0.15 a foot as compared to the $0.52 a meter from Home Depot. But as for the rest of the gear, it was all cheaper at Home Depot.

I used this unit to test all my existing cables, and I found a few which were broken. So I cut off the plug which was faulty, put on a new plug, and I had a working cable!

I also used this to test every one of my new lines throughout the house. I'd plug a known good cable into the remote unit and plug the other end of the cable in the jack. Then I'd take the main testing unit to the rack and plug that end of the cable into the main testing unit. The first cable I tested failed the test. It took me a while to figure out why.... That was the cable I'd run to both a jack and a phone jack... DOH!

My opinion: buy a tester. It's well worth it.

What's a demarcation point? It's the point where the phone company's equipment finishes, and your equipment starts. It usually contains a test point. If you plug your phone into that point, and it works, then any problem you are having is within your own wiring. If the phone doesn't work, then your phone company needs to fix something.

At my demarcation point, I split the phone line into two parts. One went to my rack, the other went through a filter and then to the rest of the house. The filter is necessary in order to keep the DSL signal away from the house phones. Doing it this way keeps things simple. Of course, if you have only one phone, put the filter into that jack, and plug your phone into the filter. Very simple.

Eric Rosenquist suggested that I buy a WAP which supported the new wireless [draft] standard. It was a little more expensive, but at least it would support the new faster cards. Future Shop had the Linksys WAP54G for a good price (CAD$225 after rebate). While I was there, I also bought two Linksys PCM100 10/100 Integrated PC Card. I selected that item because it has a built-in dongle. My last NIC for the laptop had a dongle, and it broke off. Hopefully, the Linksys will be better in the long term.

The WAP included a wall mount bracket which doubles as a stacking tool. To use the mounting bracket, the rubber feet on the WAP must be removed. I was able to do this by gently pushing some needle nose pliers into the hole in the bottom of the foot, and popping the foot out of the unit. Remember to store the feet somewhere you'll be able to find them. Mine are in a plastic bag, which is thumbnailed to the wall beside the WAP.

Best of all, each card just worked. With both FreeBSD and Windows 98, all I had to do was put in the card and it worked. Well, that's not actually true. I did have to install the drivers for Windows 98. But it just worked.

For those of you considering wireless cards, I think you should read what Linksys has to say about wireless security. For what it's worth, I have done what they've suggested:

1. Change the default SSID.
2. Disable SSID Broadcasts.
3. Change the default password for the Administrator account.
4. Enable MAC Address Filtering.
5. Change the SSID periodically.
6. Enable WEP 128-bit Encryption. Please note that this will reduce your network performance.
7. Change the WEP encryption keys periodically.

I should mention that my WAP firmware needed to be upgraded to support 802.11b (the older slower cards, as opposed to the newer, faster cards : 802.11g). The upgrade was available on the Linksys site. At the same URL, I found a Log Viewer Utility which accepts the incoming log messages from the WAP (transmitted over the wired LAN) and displays them on your [Windows] workstation. I found this to be a very useful tool.

For what it's worth, I also upgraded the firmware in my Orinoco cards. You can get that from Proxim wireless networks.

I wanted to use DHCP for both laptops and regardless of whether or not they were using the wired NICs or the wireless NICs. We have four NICs here for two laptops. Any one of the four can wind up in either of the laptops. That's why I can't use MAC address for this.

As part of this exercise, I also upgraded my net/isc-dhcp3 (using portupdate, of course).

Here is my /usr/local/etc/dhcpd.conf:

default-lease-time 600;
max-lease-time 7200;

authoritative;
ddns-update-style none;

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers 192.168.0.18;

default-lease-time 86400;
max-lease-time 86400;

# This is a very basic subnet declaration.

subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    range 10.0.0.100 10.0.0.199;

    host dan.example.org {
        option dhcp-client-identifier "dan.example.org";
        fixed-address dan.example.org;
    }

    host sek {
        option dhcp-client-identifier "sek";
        fixed-address sek.example.org;
    }

}


This works well, for my FreeBSD laptop (dan.example.org in the example above). Regardless of what card I'm using, the laptop always gets the same IP address. That's not strictly necessary. But it's something I like. This tactic works because I have this in /etc/dhclient.conf:

send dhcp-client-identifier "dan.example.org";

The same good words cannot be said for the Windows 98 laptop. I can't get it to work with the above. It always gets an IP address in the 10.0.0.100-10.0.0.199 range and never the IP address associated with sek.example.org. I used Ethereal to sniff the packets and all that's being given up by the Windows 98 box is the MAC address.