wireless setup for a fraternity?

[jkgriggs]

Hi, I'm new to the forum, well I used to post years ago. Anyways, I need a new internet solution for my fraternity. We have about an 8,000sq.ft. house but don't need access in the basement so imagine its 6,000 spread out on three floors. Currently we have Comcast business cable internet and the modem has 5 ports. We have two G routers plugged into the modem, and the signal coverage seems fine, however, it is very spotty. I have to disable my network connection in windows and then enable it multiple times a day because my connection will randomly give out. This happens to everybody and often times you can connect to the router but will not have internet access. There are aproximately 30 people living in the house using the internet. So my question is how do we get this running smoothly?

Here's a few questions that are more direct that I would appreciate if you could field for me:

Will home networking gear be able to handle the amount of traffic 30 people will produce?

How would I go about blocking limewire, and bit-torrent, and other file-sharers? or at least limit the bandwidth those programs use.

Could I distribute the bandwidth evenly to everyones computer say 300kb/s per computer, to minimize hogging?

Would it be much cheaper to go wired, rather than reinvest in wireless equipment?

I know I probably left out a lot of crucial information that would be helpful when responding but if you let me know I'll field all your questions. Thanks in advance for the help and sorry about the huge post haha.

 

[GlobalFear]

Whats your budget? This is a huge factor in deciding equipment normally.

Generally, to block traffic like LimeWire you are going to need a *nix firewall of some kind. Depending on how old the hardware is, PFSense (For older gear) and Untangle are great free solutions. These will also easily handle the demand put on them by ~30 users.

Since signal coverage in your current setup is fine, we can assume the existing locations for the waps are sufficient. For a smaller budget, Netgear's prosafe line is pretty nice. If you've got the cash though, something from Cisco is ideal. You'll need to tie the two new waps to the firewall with a small switch. Pretty much any business class "dumb" switch will do the trick here, but I'd stick with Netgear for consistency.

If you're not opposed, buying gear from Ebay is a great way to save a few dollars with marginal risk.

 

[YeOldeStonecat]

I also recommend going with a *nix distro router....out of the choices...I'd go with either PFSense...if you want to allow P2P stuff and keep it from killing your network...or

Untangle..which gives you added protection from bad sites, scans all of your traffic for malware/adware/spyware/viruses/SPAM..and also allows you to specifically BLOCK P2P traffic.

PFSense has robust traffic shaping/QoS...you can set P2P traffic as a LOW priority...allowing you to maintain decent web surfing and gaming performance...so P2P traffic won't drop your network.

Since you have Comcast business...you probably have their SMC gateway..which is a combo modem/router. You were also given at least 1x public IP address..which is NOT the one your SMC obtains on the internet side. This allows you to uplink your routers WAN port to one of the LAN ports of the SMC. You enter the static IP that you were given...to the WAN interface of your router. The SMC will IP map that. So basically your routers WAN interface becomes a second public IP address on the SMC. This way...you're not double NAT'd.

I've setup Untangle a few times....it's a great powerful distro with many features. A UTM appliance (unified threat management). I've also run PFSense a few times..currently using it again at home for its QoS features with VoIP. You can drop P2P traffic to low priority...and bring online gaming and VoIP to high priority. Last weekend in testing it...I downloaded a bunch of files...I pegged my 6 meg cable connection with just these downloads...3x files at a time..each averaging 250-300-ish KB/s in download speeds. 3x of us kept surfing online without appreciable drop in browsing performance. I fired up BF2 and played online..without appreciable drop in ping.

 

[BakedA|aska]

It should be noted that inherent to wireless networks, bandwidth is shared equally among all those attached to an access point.

 

[GlobalFear]

It should be noted that inherent to wireless networks, bandwidth is shared equally among all those attached to an access point.

Not at a scale where it becomes relevant. With 15 people per ap and a speed of 30mb you are still looking at a theoretical 2mb per user. Thats more than enough to play hell with everyone else's internet usage.

 

[Verge]

knowing college kids... and knowing fratboys... I'd imagine if any sort of torrenting is going on for 30 users over those routers... the routers are crapping themselves.

 

[Captain Colonoscopy]

agree on the router crapping.... you have about 30 different people connecting to 2 home grade wireless routers that are meant to handle maybe 4-5 people at a time. You should consider business grade APs and I would recommend doubling the AP count, maybe even six for load balancing and coverage.

Your best bet will be a decent PC running Untangle or Endian for protocol control, traffic shaping, firewall, etc. You can get a good box that would be beefy enought for about $400, less if you don't mind used gear.

For the APs, I would try to find used 1121/1131/1230 Cisco APs on eBay. They will actually handle the abuse your frat boys will throw at it. I have also heard the HP ProCurve APs are good but I can't say from personal experience as we only sell Cisco.

 

[jkgriggs]

thanks for all the reply's the information provided is perfect. Let me recap my plan after reading the responses.

I plan on tracking down 2 cisco 1121 AP's on ebay as they are the cheapest of the three recommended and money is tight.

Also, I could easily bring a good desktop to manage the network. that is what you guys meant right? setting up a server to run untangle? (it'll be great for lan game servers and in house filesharing too).

after that I think I can take the two home networks and put them in the most remote sections of the house where only 3-4 people will be connected and everything should be good eh?

 

[jkgriggs]

Since you have Comcast business...you probably have their SMC gateway..which is a combo modem/router. You were also given at least 1x public IP address..which is NOT the one your SMC obtains on the internet side. This allows you to uplink your routers WAN port to one of the LAN ports of the SMC. You enter the static IP that you were given...to the WAN interface of your router. The SMC will IP map that. So basically your routers WAN interface becomes a second public IP address on the SMC. This way...you're not double NAT'd.

This caught my attention, I believe you are dead on with the case of our modem/router, however, I'm not sure I understand completely. What we have now is a modem with 5 ports in the back so, ya its a router too. We have each AP/router's WAN port plugged into seperate LAN ports on the modem. One router's IP is 192.168.1.1 the other is 10.0.0.1 so we aren't double NAT'd? right? I'm not quite sure what double NAT'd is but if you could clarify that may be why we are continually booted off the wireless network.

 

[abudhu]

I plan on tracking down 2 cisco 1121 AP's on ebay as they are the cheapest of the three recommended and money is tight.

As a fellow Fraternity man in my day, and the Fraternity IT guy as well, I will say this to you: For your sake, please keep your equipment safe and as out-of-view as possible. If your frat is anything like mine was, there will be much beer spillage on anything and everything. That or some drunkard will knock it over and break it.

 

[YeOldeStonecat]

This caught my attention, I believe you are dead on with the case of our modem/router, however, I'm not sure I understand completely. What we have now is a modem with 5 ports in the back so, ya its a router too. We have each AP/router's WAN port plugged into seperate LAN ports on the modem. One router's IP is 192.168.1.1 the other is 10.0.0.1 so we aren't double NAT'd? right? I'm not quite sure what double NAT'd is but if you could clarify that may be why we are continually booted off the wireless network.

Yes...Comcast (in my area) uses an SMC branded product..which is a combination modem/router. It's actually a pretty decent device. Has the LAN ports on the back...it runs DHCP...so whatever you plug into it..picks up the private 10.0.0.xxx IP range..and you're off and running.

You mention another router..and that hands out 192.168.xxx.xxx..so yeah whatever is behind that router (wireless clients) are getting double NAT'd. You want to flip those wireless routers to run just as access points.

What you want to do..if you build a high end *nix distro router....is have it use your other public IP address...IP map it through the SMC. You were given a static IP address to use with your business account...you might even have the account which gives you 5x IPs. You should have that on some sheet of paper that you got with your account..if you can't find that...just call them up..Comcast business support is very fast and excellent. The SMC gateway itself takes the first static public IP that your account has...but you're (at least on the ones I've handled) given your own static public IP...to use on your own server or firewall...and sometimes ..if you have the highest grade account...you're given 5x static public IPs you can use. So that first static public IP...info info you'll need is 1...the public IP itself, 2...the subnet mask, 3...the default/remote gateway, and 4...the two DNS servers (but you can substitute those with something like OpenDNS's servers if you wish..which I would recommend..makes it safer for your clients since OpenDNS blocks out known bad sites for malware.

So once you have that info...you setup your own router...the WAN interface..with that static IP information.,,,and plug your routers WAN interface into any one of the LAN ports on the SMC gateway. Presto...done!

You may also want to disable the firewall feature of the SMC appliance. Do do this...plug a computer into one of the LAN ports of the SMC gateway..leaving the PCs TCP set to obtain auto. Your PC will pick up a 10.0.0.xxx address from the SMCs DHCP. I forget the user/pass...I can find that...it's usually set by Comcast to something like "cusadmin" for a username, and "highspeed" for the password. Comcast support will also tell you this. In the web admin..you'll find a checkbox for "enable firewall"..just uncheck that.

Now...from your own router..or linux router box...uplink the LAN port to a switch..and plug all your PCs..and access points...into that. Now they're all going out through your own router/linux router..getting whatever IP range you set that to..such as 192.168.1.xxx.