What network gear would you buy?

[Teecee]

I am about to move into my new house and was wanting to go ahead and buy the network gear. I was wondering what you guys would use. I want a router, wireless, and gigabit connection to all of my PCs. For wireless I was thinking of using my Cisco 1100 b/g access point. For a router I was thinking of a dlink DGL 4300 or one of those Netgear WNR834T. Now both of those routers have 4 gig ports on them so that MIGHT be enough but I think I might need 8 ports so was wondering what 8+ port gb switches you guys would recommend. As long as this is under $1000 I am fine. I was even looking at the linksys rv082 but it isnt gigabit.

Another thing I was thinking of is just use ipcop as a router and buy a decent gigabit switch.

Any suggestions?

 

[YeOldeStonecat]

If you're thinking about IPCop..then go do it, and uplink to a giga switch if you need giga for your LAN. You're most likely not going to be able to purchase a router that can perform better or give more features. I'd recommend reaching up a bit higher in specs (over 1.0MHz with 512 megs)..so you can run the Copfilter add-on. Or run Endian instead. IMO...the transparent proxy features (http/pop3/smtp/ftp antivirus/antispam/antimalware filtering) of Copfilter/Endian are what make linux router distro's stand up above the rest of the crowd. Else...I'd just be running my RV082.

 

[thedude42]

Cheap with high functionality and gigabit would definitely be to buy a dumb gig switch, and build an machine IPcop with 2 10/100 nics for modem/wireless AP and a gig NIC for the switch, and something like a Level One AP that support RADIUS if you so desire.

I say the cisco is a waste because the IPcop router can handle access control by a MAC+IP combination, and unlike the problematic MAC filtering on the access point itself, IPcop it won't tell the world what MAC address it is expecting. You can add the WPA security if you want to protect communication, but access control should be taken care of (with a RADIUS option if you like). With IPcop providing physical interface abstraction between your internal (green) and wireless (blue) networks, it's a tough system to top with a single SOHO device that does routing and wireless access.

Personally, I use ipcop, I don't use copfilter (dansguardian addon) but I use advanced proxy and squidguard. I like it for gee wiz logging purposes, but honestly the proxy feature isn't what really gets me going.

There are so many addons out there for IPcop that functionality goes far beyond the simple traffic forwarding router. My personal favorite is "Banish" which allows for CIDR, single IP and MAC address blocking from both the internet and inside the priivate networks.

The logging feature is fantastic, probably the best use for an old hard drive 20 gigs or less (even 10 gigs is a bit of overkill) and the web interface integrates whois lookup so you can see where your firewall hits are comming from. A fun addon for the firewall log is "geoip" which actually puts a country flag image next to each IP so you can see where the traffic came from at a glance (helps when you're compiling block lists for entire countries, like China).

Lest see... "iptraf" is a nice one that shows real-time network activity. Not to mention the default feature of the web interface that lists all the current connections, again with integrated whois, and nice color codings of what traffic is internet, the IPcop machine itself, or your local internal networks.

My most recent addition which I absolutely love is a layer 7 QOS addon which allows me to reserve bandwidth for critical services like remote access, ACK traffic and VPN access, while lowering priority of things like p2p downloads. The default install of IPcop has a simple QOS feature, but I found that it didn't work properly on my connection after upgrading it to the 8000/512 service, but the QOS addon I installed and use now works wonderfully.

OK, so i'm a whore for IPcop, but bang for the buck, the only thing I would consider upgrading to after this is a full on cisco infrastructure, which would cost alot more than I have to spend on a home network if I were to get it to do what this little linux box does on its own. Some people fawn all over the linux firmware for the linksys routers, but there you're still stuck with a bridged wireless/wired network with no ability to add a third locked down sub net for servers, and you still need an external logging server if you want to keep a log history and little possibility of add ons with the limited hardware storage capability.

 

[-(Xyphox)-]

That netgear router will do just fine with a GB switch. The new RangeMax next's are quite nice i have played with a few of them

 

[Teecee]

Great advice guys. The cisco would only be a waste if I had to buy one. I already own one so that is why I was thinking of that. Do you think the cisco is a waste even it is free? The power and bandwidth that cisco AP have is amazing so that is why I suggested that. I dont care about the pre-n crap. My house has data drops in the places I want them so I just use wifi for laptop web browsing.

Any suggestions on a certain gb switch? The less noise it makes the better. It can be unmanaged, I do not plan to VLAN my home network I have a Cisco 4506 core and 3560s on the edge with everything else cisco so if I want to play at work I can. I have never really looked into a SOHO switches before so that is why I am asking.

IPcop does sound like it is the way to go for a router. I have an old dell 2.0-2.4ghz desktop laying around with 512mb-1gb ram in it that would fit the bill perfectly. Would have to check to see how many PCI slots I have available but I should have plenty for 3 nics.


So any thoughts on a certain brand or model of gb switch? Anything from 8-24 ports would be great.

Thanks for the great advice.

 

[Teecee]

A quick question about IPcop. Would this NIC work in there? Would there be any that you might recommend?

 

[thedude42]

Thing is, most ethernet cards can be reduced to just a few chipsets. I haven't run into a single 10/100 single port ethernet card that IPcop didn't support. I even have an old server dual port NIC that works fine in IPcop, autodetects no problem, both interfaces as seperate NICs.

There are some intel gigabit NIC's that work great too, and for only about 30 bucks, that's what I reccomend.

As for the cisco being a waste, that's strictly a money issue. Definitely use it if you've got it, I know I would.

The d-link gbit unmanaged switches that are rack mountable seem to be their entry level enterprise stuff, and the 4 port I had worked great. In the years since they have definitely improved, and 16 ports is probably going to be the sweet spot for noise since that wouldn't require the cooling a 24 port might. But again, if you have a gbit cisco handy, by all means. You would make me jelous.

The real advantage of having a managed switch would be having one supporting VLANs. With IPcop and the seperate physical interfaces (up to 4 without having to do any work under the hood) it's very nice to be able to split up a single switch into the seperate VLANs rather than having to stack 2-3 seperate switches or use a crossover cable for the AP to wireless network's interface on IPcop (if it's a plain AP that isn't auto mdix capable, and not an AP/router with a switch interface).

Building IPcop with 4 interfaces is nice because if you decide you want to put somehting in the DMZ in the future, you just plug in and go. That being said, IPcop allows you to change the configuration on the fly without having to reinstall, so you can always add the 4th later if you desire.

 

[Teecee]

Thanks for the advice. I only have gb cisco switches at work. Not at home. I will give a look at the dlink 16 ports. I will be using 3 intel pro1000 nics and a built in nic for the ipcop box.