A private network is one which either does not connect to the internet, or is connected indirectly using NAT (Network Address Translation) so its addresses do not appear on the public network. However, a private network allows you to connect to other computers that are on the same physical network. This allows a set of computers to share files and printers, while limiting internet connectivity. This wikiHow teaches you how to set up a private network.
Steps
-
Plan your network. Create a diagram that shows all the devices connected to your network. The devices you need to connect to your network will differ depending on your needs. Some devices include an internet connection, firewall, router, server, VPN, switch/hub and the different computers connected to your work. To avoid confusion, you should use industry standard symbols when creating your diagram. The following are some of the things you may need to include in your network diagram:
- Internet: If your private network is connected to the internet, you should indicate your internet connection on your network diagram. The industry standard symbol for the internet connection is an icon that resembles a cloud. When creating a network diagram, start with a cloud symbol to represent your internet connection. That is, if your private network has an internet connection.
- Firewall: A firewall is a network security device that controls incoming and outgoing traffic based on predetermined rules. This can protect any network that is connected to the internet. They can be set to block or allow traffic based on state, port, or protocol. Some firewalls also have antivirus software and threat detection built in. [1] X Research source A firewall can be placed before or after a router to protect against external threats. In most network diagrams, the firewall is represented with a brick wall.
- Routers: Routers transfer data between networks allowing different networks to communicate. This may be between your private network and the internet, your private network and your server, or different networks that are connected to each other. [2] X Research source If your router is connected to the internet, draw a line from the cloud symbol to the router symbol on your diagram. The industry standard symbol for a router is a circle with four arrows arranged in a cross in the middle. The two arrows on the left and right should be pointing inward. The arrow on top points up, and the arrow on bottom points down. If it is a wireless router, add two antennas to the top of the circle.
- VPN: VPN stands for "Virtual Private Network". This is a must for any private network connected to the internet. A VPN filters all internet traffic through an external proxy server, which makes it almost impossible to trace the IP address of any of the devices connected to the network. [3] X Research source On a network diagram, the typical symbol for a VPN is a padlock.
- Server: Some networks have a server that contains centralized data and programs for all the computers connected to the network. Any servers you have should be connected to your router. The typical network symbol for a server is a box that resembles a computer tower.
- Switches and hubs: A router allows different networks to communicate, while a switch and hubs allow devices connected to a network to communicate. The difference between a switch and a hub is that a switch can shift the total network bandwidth to the devices that need it the most. Whereas a hub evenly divides the total bandwidth between all devices. [4] X Research source A switch or hub typically has multiple computers connected to it. The switch or hub is then connected to the router. The typical symbol for a switch or hub is a square or rectangle with two lines that cross in the middle that have arrows on both ends.
- Computers: Computers on a network are typically represented with a basic icon that resembles a computer screen and keyboard. Smartphones and tablets can also be included in a diagram. The computers are connected to the switch or hub, which is connected to the router, or the firewall.
- Lines: Use straight lines from one device to another to show what is connected to what in the diagram.
-
Create an address plan. All devices connected to a network must have a unique IP address. IPv4 (IP ver. 4) addresses are written like this: xxx.xxx.xxx.xxx (four numbers separated by three dots), in all RFC-1166 compliant countries. Each number ranges from 0 to 255. This is known as "Dotted Decimal Notation" or "Dot Notation" for short. The address is divided into two portions: the network portion and the host portion. When the first number is 240 to 255 - The address is "experimental". Multicast & Experimental addresses are beyond the scope of this article. However, do note that because IPv4 does not treat them the same way as other addresses they should not be used.
- Classful networks:
For "Classful" networks, the network and host portions are as follows (" n
" represents the network portion, "x" represents the host portion):
- When the first number is 0 to 126 - nnn .xxx.xxx.xxx (ex. 10.xxx.xxx.xxx), these are known as "Class A" networks.
- When the first number is 128 to 191 - nnn.nnn .xxx.xxx (ex. 172.16.xxx.xxx), these are known as "Class B" networks.
- When the first number is 192 to 223 - nnn.nnn.nnn .xxx (ex. 192.168.1.xxx), these are known as "Class C" networks.
- When the first number is 224 to 239 - The address is used for multi-casting.
- The network portion of an IP address specifies a network. The host portion specifies an individual device on a network.
- The range of all possible host portion numbers gives the Address Range (ex. 172.16.xxx.xxx the range is 172.16.0.0 to 172.16.255.255).
- The lowest possible address is the Network Address (ex. 172.16.xxx.xxx the network address is 172.16.0.0). This address is used by devices to specify the network itself, and cannot be assigned to any device.
- The highest possible address is the Broadcast Address (ex. 172.16.xxx.xxx the broadcast address is 172.16.255.255). This address is used when a packet is meant for all devices on a specific network, and cannot be assigned to any device.
- The remaining numbers in the range are the Host Range (ex. 172.16.xxx.xxx the host range is 172.16.0.1 to 172.16.255.254). These are the numbers you can assign to computers, printers, and other devices.
- Host Addresses are individual addresses within this range.
Advertisement - Classful networks:
For "Classful" networks, the network and host portions are as follows (" n
" represents the network portion, "x" represents the host portion):
-
Assign the devices to a network. A network is any group of connections separated by a router. Your network may not have routers if it is not connected to the internet. You only have one router between your private network and the public internet. If only have one router or no routers at all, your entire private network is considered one network.
- If additional routers are used, they become "internal routers". The private network becomes a "private intranet". Each group of connections is a separate network requiring its own network address and range. This includes connections between routers, and connections directly from a router to a single device.
-
Choose a network host range. The host range you choose should be large enough to provide an address to each device. Class C networks (ex. 192.168.0.x) allow for 254 host addresses (192.168.0.1 to 192.168.0.254), which is fine if you have no more than 254 devices. But if you have 255 or more devices, you will either need to use a Class B network (ex. 172.16.x.x) or divide your private network into smaller networks with routers.
-
Write "192.168.2.x" in the corner of your diagram. If you have more than one network it's best to write each address near the network it belongs to in your network.
-
Assign a host addresses to each computer. Assign each computer a number between 1 to 254. Write the host addresses next to the devices they belong to on the diagram. At first you may wish to write the entire address (ex. 192.168.2.5) next to each device. However, as you become more proficient, simply writing the host portion (ex. .5) may help save time
- Switches will not require addresses for the purpose discussed here. Routers will require addresses as described in the "Important Notes" section.
-
Write down the subnet mask near the network address. For 192.168.2.x, which is a Class C, the mask is: 255.255.255.0 The computer needs it to tell which part of the IP address is the network and which is the host.
- For Class A addresses the mask is 255.0.0.0, for Class B it's 255.255.0.0 (More information in the Important Notes section.)
-
Connect your network. Gather all needed materials you need. This includes cables, computers, ethernet switches, and routers. Locate the Ethernet ports on the computers and other devices. Look for the 8-pin modular connector. (RJ-45 style) It looks like a standard telephone jack except it's a bit larger because it has more conductors. Connect the cables between each device, just as in your diagram. .
- If an unforeseen circumstance causes you to vary from the diagram, make notes to show any changes
- Many computer, electronics, and even department store sell small routers designed to allow multiple users to share a single internet connection. Almost all of these use PAT, to eliminate the need for more than one public IP (extra public IPs may be expensive, or not allowed, depending on your provider). If you use one, you will need to assign one of your private network's Host Addresses to the router. If using a more complex commercial router, you will need to assign a private Host Addresses to the interface connecting to your private network, your public IP to the interface connecting to the Internet, and configure NAT/PAT manually.
- If using only one router, the interface used to connect the router to your private network will become both the "DNS Server Interface" and the "Default Gateway". You will need to add its address to these fields when configuring your other devices.
- Switches cost more, but are smarter. They use addresses to decide where to send data, allow more than one device to talk at once, and don't waste the bandwidth of the other devices' connections. Hubs are cheaper when connecting only a few devices, but they don't know which interface leads where. They simply repeat everything out all ports, hope it gets to the right device, and let the receiver decide if it needs the information or not. This wastes a lot of bandwidth, only allows one computer to talk at one time, and slows the network down when more computers are connected.
- If you have a firewall on your computers, do not forget to add the IP addresses for all of your networked computers into your firewall. Do this for each of your networked computers. Not doing so will prevent you from communicating, even if you have performed all of the other steps correctly.
- Many devices can determine if you are using a crossover or straight-through cable. If you are not so lucky to have auto-sensing on at least one of the devices connected by a cable, you must use the correct type between them. Computer/router-to-switch will require a straight-through; computer/router-to-computer/router a crossover. (Note: The ports on the back of some home routers actually belong to a switch built into the router, and must be treated as a switch)
-
Boot all the computers connected to the network. Power on all other connected devices.
-
Configure the computers for networking. To do this you will need to go to the internet options on each computer. This is different depending on if you are using Windows Mac , or Linux . Go to the dialog box that lets you change the TCP/IP protocol. Change the radio buttons from "Obtain from DHCP server automatically" to "Use the following IP address:". Type in your IP address for that computer, and the appropriate subnet mask (255.255.255.0). If you have no routers, leave the "Default Gateway" and "DNS server" fields blank. If connecting to the internet using NAT, use the Host Address assigned to the router between your private network and the internet as both the DNS server and the Default Gateway. If configuring a home network with a relatively new router, This section can be ignored as long as the network is connected correctly, The router will assign network addresses to everything on the network going into your network, until it hits another router.
- If your network is divided using one or more internal routers, each router will require an address for each network connected to it. This address will need to be a host address (just like a computer's) from the host range of the network. Typically, the first available host address (that's the second address in the address range ex. 192.168.1.1) will be used. However any address in the host range is fine as long as you know what it is. Do not use the network address (ex. 192.168.1.0), or the broadcast address (ex 192.168.1.255).
- For networks containing one or more user devices (ex. printers, computers, storage devices), the address the router uses for that network will become "Default Gateway" for the other devices. The DNS server, if present, should remain the address used by the router between your networks and the internet. For networks interconnecting routers, no default gateway is needed. For networks containing both user devices and routers, any router on that network will do.
- A network is a network, no matter how big or small. When two routers are connected by one cable, all will belong to the cable. The network address will be .0, the broadcast will be .255. Two of the hosts will be used (one for each interface the cable connects), and the other 252 will simply go to waste because they cannot be used anywhere else. Generally, the small home routers are not used for this purpose. When they are, understand the ethernet interfaces on the "private network" side usually belong to a "switch" which is built into the router. The router itself connects to this internally using only one interface. When this is the case, only one host IP will be used by all of them, and they will all be on the same network.
- When a router has multiple interfaces with multiple IP's, each interface and IP will create a different network.
-
Verify connectivity. The simplest way to do this is with Ping . Bring up MS-DOS or the equivalent on other OS's, (In Windows open the command prompt which is located in the Start Menu - Accessories - Command Prompt) and type in: ping 192.168.2.[insert host number here]. Do this on one host and ping to all other hosts. Remember, your router is considered a host. If you cannot reach one, read over the steps again or contact a professional.
Community Q&A
-
QuestionHow do I break the hard disk password?Community AnswerFirst, see what type of password has been created. If the hard disk has password type BITLOCKER, then access the control panel, find "Manage Bit Locker," and remove the security by changing its properties.
-
QuestionIs it possible to create a private network within my college dorm?Community AnswerYes. Set it up like you would at home. Grab a router, configure it, and connect any additional devices. Then it's just a matter of connecting your new network to the internet.
-
QuestionIs it possible to get an ISP from a different country than the one I am living in?Jacob DuCommunity AnswerNo it's not. The ISP needs to own fiber in your area in order to provide service. Smaller ISPs usually rent bandwidth from larger providers, but the internet isn't a virtual thing, it's physical. The ISP needs to lay those cables first.
Tips
Warnings
- Avoid using the IP range 127.0.0.0 to 127.255.255.255. This range is reserved for loop back functionality, that is, looping back to your localhost (the computer you are on currently).Thanks
- Although devices which do not affect public systems, "in theory", do not have to conform to this policy, in practice DNS service, and other software may become confused by use of addresses outside these ranges if not specially configured.Thanks
- IANA (The Internet Assigned Numbers Authority) has reserved the following three blocks of the IP address space for private networks: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255Thanks
- Networking experts never deviate from this policy if private IP data may affect devices outside their own networks, and rarely do so on isolated intra-nets without specific reason. Service providers have the responsibility to protect the Internet from IP conflicts by denying service, should a private IP address outside these ranges affect a public system.Thanks
- Problems may also arise should a software, hardware, or human error issue cause private IP's outside this range to be used on the public internet. This could be caused by anything from failure of a router to initialize properly to accidentally connecting one of your devices directly to the internet at a later time.Thanks
- As a matter of security as well, do not deviate from the allotted private address ranges. The addition of Network Address Translation to a private network handing out private addresses is a low level method of security and has been referred to as a "Poor Man's Firewall."Thanks
- Never connect hubs in any way which forms loops or rings, it will cause packets to be repeated around the ring forever. Additional packets will be added, until the hub is saturated and cannot pass traffic. Best practice is to not connect switches this way either. If connecting switches this way, ensure the switch supports "Spanning Tree Protocol" and that the feature is active. Otherwise packets will repeat ad infinitum as with hubs.Thanks
References
- ↑ https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
- ↑ https://us.norton.com/internetsecurity-iot-smarter-home-what-is-router.html
- ↑ https://us.norton.com/internetsecurity-privacy-what-is-a-vpn.html
- ↑ https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/network-switch-how.html
About This Article
1. Sketch a diagram of all the different devices connected to your network.
2. Create an address plan.
3. Assign devices to a network (if more than one router is used).
4. Assign an IP address to each device.
5. Write down the subnet mask for each device.
6. Connect all the devices as outlined in your diagram.
7. Boot up each device.
8. Manually configure each device so that it has the IP address you assigned it.
9. Ping each device to test connectivity.
Reader Success Stories
- "It's really a well summarized and knowledge rich article. It has made me fall in love with computer networking concept, which was too hard for me to understand before. Thanks a lot." ..." more