Good Router with SNMP or packet capturing

M

mryerse

2[H]4U
Joined
Jan 29, 2005
Messages
2,121
Can anyone suggest a good router to me that has SNMP or packet capturing for the WAN interface so that I can monitor bandwidth specific to each IP address on my local network? It also needs to be able to support up to 80 MAC address filters so I can allow certain computers access to the Internet and deny others.

Right now we have a USR8001 which is working but only supports 32 MAC addresses while we have 40 people wanting online with more coming shortly. And the SNMP service does not seem capable of showing bandwidth on the WAN by IP address, only seems to support ifInOctets and a couple other useless MIBs.

We are a Marine unit in Iraq with our own personal limited bandwidth satellite connection, so we need to be able to identify if and when and who might be using too much bandwidth.

Thanks for any help in advance.

edit: we'd like to keep cost as low as possible of course, but will pay for what we need.
 
SNMP alone won't be able to give you utilization by IP, only how many packets or bytes travel through the interface. In order to get per IP utilization tracking you will need something like NetFlow or sFlow style tracking and you won't be finding that on much your average little router, this is features of business grade routers/switches that cost at least a few hundred dollars. You might instead want to see if you can scrounge up some older PC hardware and drop a router distro that can do this sort of monitoring for you instead.

As for securing it with MAC addresses, well that's not exactly bullet proof, as very few NICs don't support spoofing. You didn't mention if wireless was a requirement but if it is I would suggest getting a actual AP that supports WPA and utilize that instead for securing it as that is difficult to crack yet.
 
Thanks, we're aware of the weak security that MAC filtering provides. Unfortunately, we are too spread out for a wireless network to cover us all. And while the guy providing the network connection did setup a 802.11G AP for us, most of those within range could not get online until my buddy and I ran a cable across the street and use ethernet to access the Internet. We do have several 802.11G APs on our network, but we want some people to be able to get on the network even if they don't want the internet, so if we restrict access to them, they won't be able to play games or share files locally. The other option is IP security, but that is hardly any more secure than MAC filtering as someone could just change their IP address to one in the scope that is allowed on the Internet.

Any other router suggestions? Should we just look at Cisco routers with Netflow?
 
I'd recommend a PC based router, as you could then setup netflow, or other per-ip traffic reporting.
 
I would love to run a PC as a router here, but having a PC shipped to Iraq is not as easy as a small router. Plus, we have limited space to put things, so a router makes much more sense.

I'd love a earlier version of WRT54GS with more memory so I could load sveasoft and use rflow, but I don't think those earlier version are as easy to come by anymore.

Any specific router suggestions?
 
How about a WRT54GL, or a Buffalo WHR-G54? ASUS also makes some routers DD-WRT supports.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
Considering a WRT54GL with open-wrt and fprobe ipkg. Need to be sure it'll display the info I need and support more than 32 MAC addresses. I know MAC security is weak, but it's good enough for us.
 
Do you think I'd see much packet loss when using ddwrt/openwrt with rflow/fprobe on a local network of 100 laptops and a 2MBps Sattelite connection?

If so, I'll probably go with the CISCO851-K9.

If I do go with the CISCO851-K9, will I have to buy software/licenses to make netflow work with something like PRTG or Solar Winds?
 
You must log in or register to reply here.
Back
Top