Router and switch for small business

P

PointandClick

Limp Gawd
Joined
Dec 6, 2008
Messages
383
So I needed a project for my MIS Capstone class so I figured I'd take on the network for my church. I've been doing some work for them on and off for the past 10 months when they need help. There's basically two parts to the project: one is unraveling the mess they have currently, and the other is planning the network for the new addition they're about to start.

There's been so many different people work on the equipment and little to no documentation done so a good portion of my time is spent trying to work through the perpetual daisy chains and figure out what people did before. I guess the other part of this project is documentation. :eek:

Last year they were having problems with the internet. I was going through all their network gear seeing if there was a bottleneck anywhere, then find out they only had a 5/1 connection with 8-10 people there during the day. They upgraded to a 15/3 and I also went ahead and put in an Untangle box in place of their Netgear R614 and put in another access point since they were all connecting through a single G Pico Station.


I need to get a different router in place. I just don't think that little Netgear is up to the load they put on it and the Untangle box is an old Dell P4. I'm looking at either a PfSense box or something off the shelf. I would like to see a PfSense box, my only concern is what happens if I'm no longer around to take care of everything.

The second thing is getting rid of the daisy chain of switches they have throughout the building. I had been thinking along the lines of a Dell 2724/2824 or HP 1810. They do have an Allworx phone system (PITA btw). I need to meet with them to discuss what they want with the new building and see if there's going to be somewhere centrally located that I can do home runs to.

I'd like to have an idea of hardware options so I have some numbers to give them when we discuss the options. I'm not sure what kind of budget they're going to give me to work with, but I figure now would be my best chance to get the mess straightened out since they're about to start building.
 
Maybe something like an Untangle Appliance as well as an HP 1800 or 1900 series switch. You could get both for ~ $1000ish.
 
I'd prefer PfSense over Untangle since they don't really need UTM features. In going that route I'd probably just build something since most of the appliance are just Atom boxes with 4x markup. This would provide no support, but honestly I'm going to be the one they call anyway so it would be just as easy for me to go put another box in as it would to be on the phone trying to get a replacement.
 
PointandClick said:
I'd prefer PfSense over Untangle since they don't really need UTM features. In going that route I'd probably just build something since most of the appliance are just Atom boxes with 4x markup. This would provide no support, but honestly I'm going to be the one they call anyway so it would be just as easy for me to go put another box in as it would to be on the phone trying to get a replacement.
Click to expand...

They don't need it because you don't know what they are missing...

Utm is where things are going...
 
Perhaps. I've had Untangle running for the past 9 months or so and it really doesn't seem to catch all that much. Currently it says it's blocked 0 viruses and blocked about 1.3% of pages for spyware.
They run almost exclusively Macs. Of course there's still a threat, but honestly it's not a big concern.
Mainly I'm in need of a router and for that I much prefer PfSense, but I'm not ruling anything out yet.

As far as hardware is concerned, how much traffic would a dual core Atom support? We can assume it's running Untangle since I'm given to understand it's more resource intensive. There is really no VPN traffic, only me for administering things once in a while.

An i3 would really be preferable, but the less fans, the less moving parts to fail.
 
PointandClick said:
Perhaps. I've had Untangle running for the past 9 months or so and it really doesn't seem to catch all that much. Currently it says it's blocked 0 viruses and blocked about 1.3% of pages for spyware.
They run almost exclusively Macs. Of course there's still a threat, but honestly it's not a big concern.
Mainly I'm in need of a router and for that I much prefer PfSense, but I'm not ruling anything out yet.

As far as hardware is concerned, how much traffic would a dual core Atom support? We can assume it's running Untangle since I'm given to understand it's more resource intensive. There is really no VPN traffic, only me for administering things once in a while.

An i3 would really be preferable, but the less fans, the less moving parts to fail.
Click to expand...

I like how untangle blocks ads and other crap from entering the network, but that's just me.

I'd go for a i3, only because it can perform and do more than the atom if it needs to.

You could also use a passive heatsink, depending on style of case.. I'm working on some plans for home to build a nice i3 untangle box, to save on power, going to ditch the lga775 p4 firewall, and go to a i3 with 5 gig ports.

I have the case already,

So do you need rack mount firewall or a small ? You could maybe get a small case psi board ram and build one, or maybe a small shuttle and a i3 some ram and small hdd and be done with it..
 
it does catch alot, pending on what you set and how lenient it is..i have 9 racks and i have plenty of blocks in ad blocker, spyware and web filter.

i3 for sure, same power usage basically but gives you alot more head room.
 
Yeah I would like to go i3 just because of the vastly better performance with similar power usage. I'll look into a passive heatsink.

Case design is up in the air at this point. They don't currently have a rack, but I would like to look into getting a small one to put some of this gear in. Right now they have switches stacked on modems stacked on modems along with a Mac Pro and the P4 Untangle box in the same closet. I'm really surprised nothings gone up in smoke yet.
Maybe I'll get some time to start going through it this week, probably not.

As far as switches are concerned, I've seen the HP 1800/1810 recommended here a few times. How does the Dell 2824 compare? Do either do deals on refurb models?
 
PointandClick said:
Yeah I would like to go i3 just because of the vastly better performance with similar power usage. I'll look into a passive heatsink.

Case design is up in the air at this point. They don't currently have a rack, but I would like to look into getting a small one to put some of this gear in. Right now they have switches stacked on modems stacked on modems along with a Mac Pro and the P4 Untangle box in the same closet. I'm really surprised nothings gone up in smoke yet.
Maybe I'll get some time to start going through it this week, probably not.

As far as switches are concerned, I've seen the HP 1800/1810 recommended here a few times. How does the Dell 2824 compare? Do either do deals on refurb models?
Click to expand...

Half depth 2u case standard psu norco case is 55$ I have one and love it. It houses my untangle fw's, well one of them anyways :)
 
An Atom D525 can do 100 mbps easily from what I've read in other forums. I use one at home on my 25/2 connection and it barely puts a dent on the CPU usage. (I'm using Untangle transparent with a Cisco ASA5505 doing the routing) An i3 would be able to do even more. Have you considered maybe something like a Cisco ASA5055 since you don't seem to be leaning towards the UTM thing?
 
/usr/home said:
An Atom D525 can do 100 mbps easily from what I've read in other forums. I use one at home on my 25/2 connection and it barely puts a dent on the CPU usage. (I'm using Untangle transparent with a Cisco ASA5505 doing the routing) An i3 would be able to do even more. Have you considered maybe something like a Cisco ASA5055 since you don't seem to be leaning towards the UTM thing?
Click to expand...

This is what i might lean for, but i want ports on the front...

http://www.ebay.com/itm/Supermicro-...EN_Servers&hash=item19c630c2d8#ht_6356wt_1295

AND i don't need a 2.53...

Or this,

http://www.ebay.ca/itm/Supermicro-I...EN_Servers&hash=item19c56c85de#ht_4841wt_1295


BUT i can see my self maxing the cpu :(
 
As an eBay Associate, HardForum may earn from qualifying purchases.
While I understand the merits of using Untangle, PFSense, etc... why not just buy a simple firewall like Cisco ASA, SonicWall, etc.... and roll with that. NO management necessary and they just work.
 
Zyxel USG 20-50, done for around 200 bucks or under. Switch depending on needs - Dell Powerconnect, ZyXEL, D-Link Green.
 
I think there's a lot you're not saying. How many of the clients are laptops, how many desktops? How many connect wirelessly and how many connect wired? How big is the place?

Really, for any modest number of clients your standard consumer router is more than able to cope. You have a logistics problem, not a technological problem. With UTP having a cable length of 100m you can selectively place wireless repeaters so as to ensure full coverage. You just need to figure out how to run the cables - check for Listed Building status here. You might want a switch in the office. Beyond that you might want separate networks for the staff and for volunteers.
 
Router - Cisco ASA, Zyxel USG, Untangle Appliance, Homebuilt PFSense
Switch - HP Procurve 1800 or 1900
Wireless - Unifi APs

All of this can be had relatively cheap, but yet are good and reliable.
 
tangoseal said:
While I understand the merits of using Untangle, PFSense, etc... why not just buy a simple firewall like Cisco ASA, SonicWall, etc.... and roll with that. NO management necessary and they just work.
Click to expand...

To be honest....NO management necessary with Untangle or other UTMs either. Assuming you know what you're doing and are capable of setting them up right in the first place.

To the OP....some wicked fire-sales on HP ProCurve 1800 series...picked some up for around 400 bucks a few weeks ago, even purchased a few spares to keep at the office.
Also..you said client was a church? TechSoup.org subscription..and Cisco donates HEAVILY through techsoup...pickup a Cat 2960 FE switch for 150 bucks or a Cat 2960 giger for 350 or so.
Can snag some nice Cisco edge appliances for cheap there too....but, what's nice about some UTM products like Astaro or Untangle....you can do some content filtering..which may make the church happier. Course could do that with a freebie subscription at opendns and any old router too. But I'm along the line of thinking that UTM appliances are where it's at now, I strongly discourage plain old NAT routers these days.
 
a SonicWall or zytel, are both ok, but they are subscription based every year, and last time i checked they were BOTH pricy.

Pfsense is great, but remember it's just a firewall
Untangle is great too, requires a bit more cpu power, VERY easy to install and configure.
 
For the more advanced features every option will have a subscription somewhere.
-Untangle gives up basic UTM features for free, but charges for IPSEC and the more advanced features.
-SonicWall, Zyxel, etc., Charge for more advanced UTM features.

Buy/reccomend the right product for the job. Examine the client's specified requirements as well as well as their technical requirements and find what fits those. Fan-boi shoe-horning a product into a scenario will often cause issues down the road. That said, UTM features definately have their place. The Church may have Macs now but at some point either a PC will infiltrate and/or, more likely, the virus.malware world will put more focus on Macs.
 
As Quartz-1 said, unless you really need the advanced functions of pfsense a regular consumer router with OpenWRT will do fine for 20mbit+ and you can do qos although not insanely advanced though and you can run pretty advanced network filtering / services.

An option if you're on limited budget,

Main router / Firewall

Buffalo WZR-HP-AG300H
http://www.newegg.com/Product/Product.aspx?Item=N82E16833162047&Tpk=WZR-HP-AG300H
(Atheros AR7161@680MHz - 128Mbyte RAM / 32Mbyte Flash)
Fast CPU and plenty of space for "fun" things...

Switch
LG-Ericsson ES-2024G iPECS
http://www.newegg.com/Product/Product.aspx?Item=N82E16833218004
http://www.atlasgentech.co.nz/documents/Communications/LG/LG-Ericsson_ES-2000_Datasheet.pdf
Seems like a very good bang for the buck, not really that happy with HP V1810 since they do have their own odd quirks.

AP (if needed)
TP-Link TL-WR842ND - (OpenWRT supports AP-mode)
http://www.amazon.com/Multi-Functio...2?s=electronics&ie=UTF8&qid=1333386617&sr=1-2
(Atheros AR7241 @400MHz - 32Mbyte RAM / 8Mbyte Flash)

//Danne
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
That's all well and good, but this is for the guy's capstone class. Do it right, and it won't come back to bite you in the ass.
 
I honestly don't see why that solution would be worse than your own whitebox running pfsense/untangle if anything it would me more reliable since you have less components and no moving parts ;-)
//Danne
 
Quartz-1 said:
I think there's a lot you're not saying. How many of the clients are laptops, how many desktops? How many connect wirelessly and how many connect wired? How big is the place?

Really, for any modest number of clients your standard consumer router is more than able to cope. You have a logistics problem, not a technological problem.
Click to expand...

You're absolutely correct. Most of the problem is that they've added a switch here and a hub here to get a connection over here. In order to get rid of some of that they're going to need a decent sized switch at least. Most of the clients connect via wireless, but I'd like to change some of that. The main office has an iMac for example, it doesn't need to be wireless.

I was incorrect before when I said they upgraded to a 15 down connection, they have 30 now. A consumer router may do the job, but if I'm going to spend 100 bucks on one I might as well spend a little more and get something that has more features should they ever want them.

Router - Cisco ASA, Zyxel USG, Untangle Appliance, Homebuilt PFSense
Switch - HP Procurve 1800 or 1900
Wireless - Unifi APs

All of this can be had relatively cheap, but yet are good and reliable.
Click to expand...

This is along the lines of what I had in mind.

To the OP....some wicked fire-sales on HP ProCurve 1800 series...picked some up for around 400 bucks a few weeks ago, even purchased a few spares to keep at the office.
Click to expand...

Where was this at? I didn't see anywhere to purchase on the HP site, just links to resellers. Thanks for the heads up on the TechSoup too. :)

Buy/reccomend the right product for the job. Examine the client's specified requirements as well as well as their technical requirements and find what fits those. Fan-boi shoe-horning a product into a scenario will often cause issues down the road.
Click to expand...

That's what I plan on doing. I am by no means set on PfSense or Untangle or anything else. The Zyxel boxes look nice. I'm fairly certain they're not going to go for anything subscription based though.

Do it right, and it won't come back to bite you in the ass.
Click to expand...

Absolutely. I can already see that they're not going to want to drop loads of cash on this project, but I'm going to push for whats going to get the job done correctly. That's why it's such a mess right now. Half a dozen different people have added things over the years to satisfy what was needed at the time with no documentation or forward planning.

The guy that was taking care of things a few years back ordered a Mac Pro for a server and left it with the stock 1gig of ram. The shared drive that everybody dumps stuff to is a USB drive. Honestly I'm not sure what purpose the server is supposed to be filling.
 
So I met with the pastor this week to give him a heads up on some of the hardware I had in mind and try to get an idea of what he wants with the new building and some plans for the building.
At first he was a little unsure, but he just wanted to know why they needed the stuff. I explained that it would centralize everything and make management much easier. I think what really sold him was my example of being able to have a guest wireless that's separate from the rest of the network.

I guess he's got a guy working on the sound. He wants me to work with the sound and lighting people since most of that stuff is going IP based.


Today I was going to work on the rats nest in the "wiring" closet. After getting started working on the server I never got that far.
As if having a USB drive for file sharing wasn't bad enough, after I looked at it closer there is actually a 1tb internal drive (in addition to the boot drive). The 1tb external drive is shared, and the internal is used to back up the external. :eek:
They have random folders all over the place with files dumped everywhere. I honestly don't know how they find anything.

This morning was spent reworking dns entries. The guy that set the server up originally had it acting as the gateway i guess. After one of the built in nics went bad they switched to the Netgear RP614, but DHCP and DNS was left on on the Mac Pro. The DNS setup was wrong anyway, the entry for the server still had the IP for the gateway.
I disabled both and set up the Untangle box to handle DNS.

After all this I was hoping Workgroup Manager would start running worth a damn, but no luck. Authenticating with WGM took 1-2 minutes then every time you click on a user it takes a minute or so. I found a post that said to backup the config, demote it to standalone, then promote it back to master and restore. Did that but it didn't restore. Users and groups were toast.

When I got home I tried it on my VM to see if it worked and it worked flawlessly. I decided I'd try one more time from the Terminal and it finally restored properly but still runs like crap. Right back where I was.

After finally getting it back I realized that out of the 8 users in OD only one of them is still there.

If I were full time here I would just do a clean setup on the server and set up mobile accounts. They obviously don't know how to add users on the server though since most of the current people don't even have accounts. %95 of the shares have full access to everybody so it wouldn't have even mattered if I didn't get it restored.
 
Your problem is the Mac,instead of Easton money on untangle device but a synology nas and a zyxel firewall
 
I'm all for Macs, I'm coming to find out that OS X server is pretty damn finicky though. Like I said, I'd like to just do a clean install. I'm fairly certain that would take care of 99% of the issues, and I could put some logic into the shared folder structure.

I'm sure they're not going to want to buy a nas when some shmuck convinced them to drop 2 grand on the Mac Pro (but couldn't spend 100 bucks on some memory). Honestly there wouldn't be a problem with it if it were set up properly, even if it is way overkill for what they really need.
 
You must log in or register to reply here.
Back
Top