A private network is a network that is either not connected to the Internet or indirectly connected via NAT (Network Address Translation) so that its addresses do not appear on the public network. However, a private network allows you to connect to other computers that are on the same physical network. This allows computers to share files and printers while limiting internet connectivity. This wikiHow teaches you how to set up a private network.
Step 1. Plan your network
Create a diagram showing all the devices connected to your network. The devices you want to connect to your network will differ depending on what you think you need. Examples of devices are an internet connection, firewall, modem or router, server, VPN, switch or hub and the various computers connected to your work. To avoid confusion, you should use symbols that are industry standard when creating your diagram. Here are some of the things you may need to include in your network diagram:
If your private network is connected to the Internet, you must indicate your Internet connection on your network diagram. The default symbol for the Internet connection is an icon that resembles a cloud. When you create a network diagram, you start with a cloud symbol to represent your internet connection. That is, if your private network has an Internet connection.
A firewall is a network security device that controls incoming and outgoing traffic based on predetermined rules. This can protect any network connected to the internet. They can be set to block or allow traffic based on status, port or protocol. Some firewalls also have antivirus software and threat detection built in. A firewall can be placed before or after a modem/router to protect against outside threats. In most network diagrams, the firewall is represented by a brick wall.
Routers or modems transport data between networks so that different networks can communicate with each other. This can be between your private network and the Internet, your private network and your server, or different networks that are connected to each other. If the router is connected to the internet, draw a line from the cloud symbol to the router symbol on your diagram. The default symbol for a router is a circle with four arrows, arranged with a cross in the middle. The two arrows left and right should point inwards. The arrow at the top points up, and the arrow at the bottom points down. If it's a wireless router, add two antennas to the top of the circle.
VPN stands for 'Virtual Private Network'. This is a must for any private network connected to the Internet. A VPN filters all internet traffic through a remote proxy server, making it nearly impossible to find out the IP address of the devices connected to the network. In a network diagram, the typical symbol for a VPN is a padlock.
Some networks have a server that contains centralized data and programs for all computers connected to the network. Any servers you have should be connected to your router. The typical network symbol for a server is a box that resembles a computer case.
Switches and hubs:
A router allows different networks to communicate with each other, while a switch and hubs allow devices connected to a network to communicate with each other. The difference between a switch and a hub is that a switch can shift the total network bandwidth to the devices that need it most, while a hub distributes the total bandwidth evenly among all devices. Usually several computers are connected to a switch or hub. The switch or hub is then connected to the router. The typical symbol for a switch or hub is a square or rectangle with two lines intersecting in the middle, with arrows at either end.
Computers on a network are usually represented with a simple icon that resembles a computer screen and keyboard. Smartphones and tablets can also be included in a diagram. The computers are connected to the switch or hub, which in turn is connected to the router, or firewall.
Use straight lines from one device to another to show what is connected to what in the diagram.
Step 2. Create an address plan
All devices connected to a network must have a unique IP address. IPv4 (IP ver. 4) addresses are written as follows: xxx.xxx.xxx.xxx (four numbers separated by three dots), in all countries that support RFC-1166. Each number runs from 0 to 255. This is known as 'Dotted Decimal Notation' or 'Dot Notation' for short. The address is divided into two parts: the network part and the host part. If the first number is 240 to 255, then the address is 'experimental'. Multicast & Experimental addresses are beyond the scope of this article. However, be aware that because IPv4 does not treat them in the same way as other addresses, they should not be used.
For "Classful" networks, the network and host portion are as follows (where denotes the network portion, "x" denotes the host portion):
- When the first number is 0 to 126 - nnn.xxx.xxx.xxx (ex. 10.xxx.xxx.xxx), these are known as 'Class A' networks.
- When the first number is 128 to 191 - nnn.nnn.xxx.xxx (eg 172.16.xxx.xxx), these are known as 'Class B' networks.
- When the first number is 192 to 223 - nnn.nnn.nnn.xxx (eg 192.168.1.xxx), these are known as 'Class C' networks.
- When the first number is 224 to 239 - The address is used for multicasting.
- The network portion of an IP address specifies a network. The host part specifies an individual device on a network.
- The range of all possible numbers of the host part indicates the address range (eg 172.16.xxx.xxx -- the range is 172.16.0.0 to 172.16.255.255).
- The lowest possible address is the network address (eg 172.16.xxx.xxx -- the network address is 172.16.0.0). This address is used by devices to specify the network themselves and cannot be assigned to any device.
The highest possible address is the broadcast address (eg 172.16.xxx.xxx -- the broadcast address is 172.16.255.255). This address is used when a package is intended for all devices on a specific network, and cannot be assigned to any device.
- The remaining numbers in the range are the host range (eg 172.16.xxx.xxx -- the host range is 172.16.0.1 to 172.16.255.254). These are the numbers you can assign to computers, printers, and other devices.
- Host addresses are individual addresses within this range.
Step 3. Assign the devices to a network
A network is a group of connections separated by a router. Your network may not have routers or modems if it is not connected to the Internet. There is only one router between your private network and the public internet. If you only have one router or no routers at all, your entire private network is considered one network.
If additional routers are used, they become 'internal routers'. The private network becomes a 'private intranet'. Each group of connections is a separate network that needs its own network address and range. This includes connections between routers and connections directly from a router to a single device
Step 4. Choose a network host range
The host range chosen should be large enough to address each device. Class C networks (eg 192.168.0.x) allow 254 host addresses (192.168.0.1 to 192.168.0.254), which is fine if you don't have more than 254 devices. But if you have 255 or more devices, you will either have to use a class B network (eg 172.16.x.x) or divide your private network with routers into smaller networks.
Step 5. Write '192.168.2.x' in the corner of your diagram
If you have more than one network, it's best to write down each address near the network it belongs to.
Step 6. Assign a host address to each computer
Assign each computer a number between 1 and 254. Write the host addresses next to the devices they belong to in the diagram. In the beginning you can write the full address (eg 192.168.2.5) next to each device. However, as you become more proficient, writing only the host part (eg.5) can help save time.
Switches do not require addresses for the purpose discussed here. Routers require addresses, as described in the "Important Notes" section
Step 7. Write down the subnet mask near the network address
For 192.168.2.x (a class C), the mask is: 255.255.255.0. The computer needs it to know which part of the IP address is the network and which part is the host.
For class A addresses the mask is 255.0.0.0, for class B it is 255.255.0.0 (More information can be found in the 'Important Notes' section)
Step 8. Connect your network
Gather all the necessary materials you need. This includes cables, computers, Ethernet switches and routers. Locate the Ethernet ports on the computers and other devices. Look for the 8-pin modular connector. (RJ-45 style) It looks like a standard telephone jack, except it's a bit bigger because it has more conductors. Connect the cables between each device as shown in the diagram.
- If unforeseen circumstances require you to deviate from the schedule, make notes to indicate the changes.
- Many computer, electronics, and even department stores sell small modems and routers designed to allow multiple users to share a single Internet connection. Almost all of them use PAT, to eliminate the need for more than one public IP (additional public IPs may be expensive, or not allowed, depending on your provider). If you use one, serve one of the host addresses from your private network to the router. If you're using a more complex commercial router, you'll need to assign a private host address to the interface that connects to your private network, your public IP to the interface that connects to the Internet, and configure NAT/PAT manually.
- If only one router is used, the interface used to connect the router to the private network becomes both the 'DNS Server Interface' and the 'Default Gateway'. You will need to add its address to these fields when you configure your other devices.
- Switches cost more, but are smarter. They use addresses to decide where to send data, allow more than one device to talk at a time, and don't waste the bandwidth of the other devices' connections. Hubs are cheaper when only a few devices are connected, but they don't know which interface leads where. They just iterate everything from all ports, hoping it gets to the right device, and let the recipient decide whether they need the information or not. This wastes a lot of bandwidth, only allows one computer to talk at a time, and slows down the network when more computers are connected.
- If you have a firewall on your computers, don't forget to add the IP addresses of all your network computers to your firewall. Do this for each of your network computers. If you don't do this, you won't be able to communicate, even if you've done all the other steps correctly.
- Many devices can determine whether you are using a crossover or straight-through cable. If you're not lucky enough to have auto-sensing on at least one of the wired devices, you'll need to use the right type between them. Computer/router-to-switch requires a straight-through; computer/router-to-computer/router a crossover. (Note: The ports on the back of some home modems actually belong to a switch built into the router, and should be treated like a switch).
Step 9. Boot all computers connected to the network
Turn on all other connected devices.
Step 10. Configure the computers for networking
To do this, set the Internet options on each computer. This differs depending on whether you're using Windows, a Mac, or Linux. Go to the dialog where you can change the TCP/IP protocol. Change the radio buttons from 'Obtain from DHCP server automatically' to 'Use the following IP address:'. Enter your IP address for that computer, and the correct subnet mask (255.255.255.0). If you don't have any routers, leave the 'Default gateway' and 'DNS server' fields blank. If you connect to the internet via NAT, please use the one assigned to the router Host address between your private network and the Internet, and the DNS server and default gateway. If you are configuring a home network with a relatively new router, you can ignore this section as long as the network is properly connected. The router will assign network addresses to everything on the network that enters your network until it finds another router.
If your network is distributed using one or more internal routers, each router needs an address for each network connected to it. This address must be a host address (just like that of a computer) within the host range of the network. Usually the first available host address (that is the second address in the address range, e.g. 192.168.1.1). But any address in the host range is good as long as you know what it is. Do not use the network address (eg 192.168.1.0) or broadcast address (eg 192.168.1.255).
- For networks that contain one or more user devices (eg printers, computers, storage devices), the address the router uses for that network becomes the "default gateway" for the other devices. The DNS server, if present, should remain the address used by the router between your networks and the Internet. Networks that interconnect routers do not require a default gateway. For networks that contain both user devices and routers, each router on that network Enough.
- A network is a network, no matter how big or small it is. When two routers are connected with a cable, they will all belong to the cable. The network address will be.0, the broadcast address will be.255. Two of the hosts will be used (one for each interface connecting the cable), and the other 252 will simply be lost because they can't be used anywhere else. In general, the small modems or home routers are not used for this purpose. When it does, the Ethernet interfaces on the private network side are usually owned by a "switch" built into the router. The router itself connects to this internally via only one interface. When this is the case, only one host IP will be used by all devices, and they will all be on the same network.
- When a router has multiple interfaces with multiple IPs, each interface and IP will create a different network.
Step 11. Verify connectivity
The easiest way to do this is with Ping. Start MS-DOS or the equivalent on other OS's (in Windows you open 'Command Prompt' via Start menu -> Accessories -> Command Prompt) and type: ping 192.168.2.[insert host number here]. Do this on one host and ping all other hosts. Remember that your router is considered a host. If you can't reach one, go through the steps again or contact a professional.
- Avoid using the IP range 127.0.0.0 to 127.255.255.255. This range is reserved for 'loop-back' functionality, that is, looping back to your localhost (the computer you are currently on).
- While devices that don't affect public systems "in theory" don't have to comply with this policy, in practice DNS services and other software can get confused by using addresses outside of these ranges if not configured specifically.
- IANA (The Internet Assigned Numbers Authority) has reserved the following three blocks of the IP address space for private networks: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255
- Network experts never deviate from this policy when private IP data can affect devices outside their own networks, and rarely do so on isolated intranets for no particular reason. Service providers have a responsibility to protect the Internet from IP conflicts by denying service should a private IP address outside these ranges affect a public system.
- Problems can also arise when software, hardware, or human error causes private IPs to be used outside of this range on the public Internet. This can be caused by anything from not properly initializing a router to accidentally connecting one of your devices directly to the internet at a later time.
- Also for security reasons, do not deviate from the assigned private address ranges. Adding Network Address Translation to a private network handing out private addresses is a low-level security method known as a "Poor Man's Firewall."
- Never connect hubs in a way that forms loops or rings - otherwise this will cause packets to repeat forever in the ring. Additional packets will be added until the hub is saturated and can no longer allow traffic through. It is best not to connect switches in this way either. If switches are connected in this way, make sure the switch has the 'Spanning Tree Protocol' supports and that the function is active. Otherwise, as with hubs, packets will be repeated forever.