New home LAN setup

I

Ira

Active Member
Don't know if this will go anywhere, but let's give it a shot...

Assume you are putting together a new home network, and you have $1000 to spend on the LAN hardware (routers, switches, wireless, etc.).

Cabling, UPS, etc. is already purchased.

ISP provides the DSL modem.

Everything must be available off the shelf with no firmware mods.

Network appliances only, i.e., no PC's providing network functionality via some software package.

You need to support a few wireless-N users at a time.

Wired network must be all gigabit, with up to 16 ports.

Must support outbound VPN (connecting to corporate networks) and inbound VPN (connecting to home LAN when on the road).

SSL VPN support preferred for inbound VPN.

No game players on the system.

No A/V on the system, but that may change soon (DirecTV's system).

A couple of gigabit LAN storage devices (Synology).

Frequent work-related large file (250+MBytes) uploads and downloads over internet connection.

Security on both wired and wireless is a strong concern.

So what would you do? Would it make a big difference if you had $2000 to spend instead of $1000?

Ira
 
Forget about increasing the budget to $2000; I wouldn't even spend the $1000.
According to your list the only thing there that is above what my $30 router does would be SSL VPN (I use SSH) and for that you can get into the game for $150. Wireless APs and switches would be according to your need there.
 
video321 said:
Forget about increasing the budget to $2000; I wouldn't even spend the $1000.
According to your list the only thing there that is above what my $30 router does would be SSL VPN (I use SSH) and for that you can get into the game for $150. Wireless APs and switches would be according to your need there.
Click to expand...

+1. Especially if you're willing to budge on the no firmware upgrade mods. At this point, I'm not even sure I would call third party router firmwares a huge mod, flashing a new router to DD-WRT probably takes 5 minutes total including the hard reset. With a second update, you could have OpenVPN running on the router DDWRT as well. I have a single N wireless access point for hard to reach spots in the house ($100 for the smoke detector look alike POE AP). The most expensive thing for me was the gigabit switches to connect all the rooms.
 
For router/firewall needs check out SonicWall. They have a range of good products from SOHO to Enterprise. The TZ-100 makes a nice home unit when you need VPN features.

http://www.firewalls.com/

For switches I use HP ProCurve.

For wireless access points I use EnGenius. SonicWall has a nice line of wireless access points but they are more then most folks need for home use.

http://www.keenansystems.com/store/catalog/advanced_search_result.php?&keywords=engenius
 
Looking at the Sonicwall appliances reminded me of something else I wanted to ask...

Most manufacturers now offer a subscription based service for various types of spyware, anti-virus, etc. support in their appliances (either standalone boxes or as part of a router, etc.). Leaving out the cost factor for now, are these services as good as the typical PC-based stuff like Norton, McAfee, etc.? I know there are some good freeware packages available, too, but that's why I said to ignore the price. I guess laptops would still need their own protection when traveling. Is the only benefit to these services is that if you have dozens/hundreds of PC's in a company, you can use the appliance rather than trying to install/support dozens/hundreds of PC's? Do they offer better protection than the typical protection software on a PC?
 
Hmm... I can't recall seeing any articles comparing the performance. I'm sure that SonicWall has a white-paper or two you could read - for what that would be worth.

I like having the appliance handle it because I know that the appliance "database" will be kept up-to-date automatically - no user interaction needed - and you know how reliable end users can be.

SonicWall does offer a client based solution for anti-virus (from McAfee) - it has the added benefit that the appliance (by default) will require that the client software be installed and running before it allows the client access to the internet.

I have relied on SonicWall to handle all security for me for many years now and have never had a problem - but I do lock my networks down very tightly.
 
I've always been a fan of Netgear products - in my opinion they're best for the SOHO type environments... I use their gigabit switches around my house and they perform well.

For more high-end type uses I'm looking at their business line - check this wifi router out - it has VPN, VLAN's, etc - and is under $300. Combine that with a 16-port gigabit switch and you're probably at half your budget.

Personally I don't like combining Router and WiFi on the same device - but that's just because I prefer optimal placement for wifi. Right now I'm using a Ubiquiti Picostation 2 HP... it's a high powered N wifi AP - with open source OS, also compatible with DD-WRT and a modified POE (not standard, but with their injector it works) so you can run it anywhere in the house off 1-wire with the power supply back at the closet with the UPS. I locate that central to the house and have awesome signal.
 
For AP's,
Code: 
http://www.engeniustech.com/index.php/business-networking/indoor-access-points-client-bridges/3304-wireless-n-access-point-universal-repeater-with-smoke-detector-design-and-poe
 
If you have a 1k budget and are determined to spend it ...then splurge on a good router and switches.

I agree with Frederick C. Wilt. A SonicWall router hits that price point well. I have used their products in MANY SOHO deployments with never an issue.

I also agree with Work2Play about not liking to combine WiFi with routers. If you have the luxury of avoiding that scenario then do it.

You will have so few users/devices using the WiFi this is an area you do not have to worry as much about money. Make sure it is POE in case you move it later where power availability might be an issue.
 
Work2Play said:
I've always been a fan of Netgear products - in my opinion they're best for the SOHO type environments... I use their gigabit switches around my house and they perform well.

For more high-end type uses I'm looking at their business line - check this wifi router out - it has VPN, VLAN's, etc - and is under $300. Combine that with a 16-port gigabit switch and you're probably at half your budget.

Personally I don't like combining Router and WiFi on the same device - but that's just because I prefer optimal placement for wifi. Right now I'm using a Ubiquiti Picostation 2 HP... it's a high powered N wifi AP - with open source OS, also compatible with DD-WRT and a modified POE (not standard, but with their injector it works) so you can run it anywhere in the house off 1-wire with the power supply back at the closet with the UPS. I locate that central to the house and have awesome signal.
Click to expand...

I converted to a mix of Netgear products a few years ago after starting to have a lot of failures in Linksys stuff. I use their Pro-Safe SSL VPN firewall/router (FVS336G) and several of their Pro-Safe unmanaged switches (usually GS108's). I agree with separate WiFi appliance. I use the Netgear WND3700 wireless router (part of the home product line) for that.

For the "advanced" home/SOHO user (maybe using the LAN for VOIP, IP security cameras, NAS boxes, A/V distribution), are there any reasons/advantages to use managed switches? Some of Netgear's business-line switches have various levels of "smart" but aren't that much more expensive, e.g., GS108T vs.GS108E vs. GS108.

Work2Play -- which WiFi router are you talking about? For some reason, mine got messed up last week and I had to restore back to factory defaults and rebuild. Also, I'm not real happy with it's range so I was thinking about replacing it.

Any reason to go with a WiFi AP instead of a WiFi router (but using only its wireless capability)? A couple of times in the past, I had my non-WiFi router go bad on me, but I was able to change the IP address of my WiFi router and use it as a router temporarily while waiting on a replacement router. I guess that's one benefit of having a WiFi router even if its only used as an AP.
 
Well, if you only need wifi, then it's simpler to go with an Access Point rather than a router... with a router you have to go through and disable all the routing functions anyways and put it into Bridge mode so it's kinda pointless. To your point, yeah - it might be nice having the backup; I've only had one Netgear die on my (it was my fault - wrong power supply was plugged into it for 6 months). I have a stack of netgear routers though from years of tinkering so I'm never out for long.

The AP that a couple of us are using is this one: http://www.cyberguys.com/product-details/?productid=48019&core_cross=SEARCH#page=page-1 - it's quite powerful for what it costs. This one actually does have some routing functions all built in but we disable that. It also has the ability to act as an Access Point or a Bridge - meaning you can use two - one in the houe for general coverage, and one in your detached garage/shed/workshop/guest house - to extend high-speed wired LAN out to it. As I said above, I like it because it gets its power from the wiring closet so it can be on the UPS with everything else, but it's located in the kitchen above the cabinets very central.

I too switched to Netgear after too many Linksys failures - and have been very happy with it... they're generally really reliable. I use some of the GS108T's that are semi-smart specifically because they do support QOS and VLAN's. In my home office setup, I have to use VLAN's because my VOIP network is separate from my home network (used to have a permanent VPN into my office so I had multiple VLAN's running but only one CatX cable to the home office). I eventually made separate VLANs for wireless, voice, and video. Granted I'm not doing nearly as selective routing as I could.
 
You could also build yourself a Smoothwall firewall; the software is free; and there is little hands on.

I personally let the firewall do just a single job and the Wireless Acess point(s) do another job.

If you want you can also secondarily lock down your wireless by adding a third network card to the Smoothwall setup to create an autonomous wireless network.

It rivels the commercial SOHO stuff both in simplicity and function.

Included in the simple GUI are proxies for internet (web), email, SIP etc, VPN, SSH, QOS, IM, etc.

Gigabyte has become very reasonable for the home environment. I notice the most different in transfers of files / backups which are Gb in size. Where as a few years back it was very time consuming; today its effortless and quick.
 
pete_c said:
You could also build yourself a Smoothwall firewall; the software is free; and there is little hands on.
Click to expand...

Interesting - who is maintaining all of the various databases needed for security services (anti-virus, intrusion prevention, content filter, etc)?

Thanks.
 
Smoothwall does it's own upkeep. Noticed also that they also sell HW appliance style devices using the same base OS.

It also downloads updates from Snort and uses Clam AV for email.You can also add modules for even more granular "stuff" relating to content filtering such that it just builds its own list using Dan's Guardian.

The difference between the "free" and the "commercial" version is the type of support offered. One is for the DIY person using a forum.
 
If you like to tinker and have total control, I'd recommend RouterOS running on nice dedicted hardware. Not much can touch it once you know how to use it. The routing diagnostics/accounting and packet sniffing alone are worth spending the time.

RouterOS
Hardware (without wireless)

If you need wireless capability, this main board comes with slots to add mini-pci cards with wireless:
Router with wireless slots

I found that for wireless-N to work best, I needed to put several around the home. These work *very* well:
Engenius ECB-9500 Wireless-N AP

For the main Gigabit switch, I'm using this one:
Dlink DGS-1024D

Also had good luck with these and 9K jumbo frames:
DGS-2208
 
You must log in or register to reply here.

Similar threads

UPBeat
Universal Powerline Bus + Hubitat Integration [Open Source]
Replies
0
Views
322
UPBeat
UPBeat
G
Discussion/recommendations on expanding existing UPB / Z-Wave home system
Replies
4
Views
650
electron
electron
J
OmniPro II "sudden" hard failure - SYSTEM RESETS and generally going berserk
2
Replies
22
Views
2K
electron
electron
A
Rebuild Omnipro setup for new homeowner
2
Replies
19
Views
2K
pete_c
pete_c
BraveSirRobbin
Seeking Hardwired Sensor Home Security Solution
Replies
3
Views
2K
NormandyHA
NormandyHA
Back
Top