Router for a 50+ user non-profit

[conradcliff]

Hey there!
So, I've been trying to get help with this for a while now and we're getting down to the wire as far as needing a solution.
I have had this posted on the DD-WRT forum for about a month and just found another forum that I posted it on today but that forum seems to be focused on cisco...then I ran accross you guys and this really seems like the right place to get help so here it goes...

So, I'm setting up the network for our new location and want to do things right

I intend to go nearly totally wireless for the network

I want a strong router that is capable of vlan tagging

I am going to be connecting that to 4 Ubiquiti UniFi wireless ap's which are capable of SSID to Vlan tagging

I will have several cheap RNX-N150RT routers configured as bridges for any wired needs

I want to setup 3 different wireless networks;
Guests (just internet, no torenting, access to network etc.)
Users (Internet and internal shares and printers, no torenting etc.
Admins (full access)

I can setup the SSID's in the ENS AP's; I still have a lot to figure out with Vlan tagging.

Our director wants to keep it simple. Wants to just get a pre-made stable router capable of handling our network load and segmenting the vlans as stated above.

We want to keep it under $500 for the router

If there isn't a router in that price range that can do this right out of the box, the next best thing I'm guessing would be like the most powerful/stable router that I can load dd-wrt onto.

Lastly, I know I could do the x86 build but that seems more complex. I'm pretty sure it wouldn't be that hard to pull off and I have loads of old computers sitting around but the director is wanting something simpler.

Also, can I setup the vlans to give higher internet bandwidth priority to the admins then the users group over and above the quests group?

Thanks for any help!

 

[Dreamslacker]

If you have old machines, try pfSense. All you need is a thumbdrive to load the pfSense image and perhaps an extra PCI/ PCIe NIC if you don't want to stick the WAN + LAN VLANs on the same interface.

Give it a try and if it doesn't work out, you're only out the cost of a small thumbdrive (you only need a 2GB unit), and nothing except a bit of time if you already have spare thumbdrives. (Use the NanoBSD VGA 1GB builds)

If it all works out, get a second thumbdrive unit and always backup your configuration file. You can get a 2nd old machine setup within minutes if the first unit fails. All that is needed to is assign the interfaces on the new machine and restore the configuration file.

 

[conradcliff]

Thanks for the reply! Quick question, I have several switches, they are unmanaged pretty cheap switches...do I just need to make sure they are L2 switches so that they don't strip the vlan tag off the packets?

Sent from my HTC_Amaze_4G using Tapatalk

 

[Dreamslacker]

Thanks for the reply! Quick question, I have several switches, they are unmanaged pretty cheap switches...do I just need to make sure they are L2 switches so that they don't strip the vlan tag off the packets?

Sent from my HTC_Amaze_4G using Tapatalk

You will need 802.1q vlan capable switches. There's no guarantee that the regular dumb switches are not going to strip the VLAN tags.

If you just want to test and experiment, you can simply hook up a cable directly from the AP to the NIC on pfSense. If your NIC is MDIX capable (almost any modern Gigabit NIC is), then a straight cable will do. Otherwise, use a cross cable.

 

[conradcliff]

Dreamslacker, thanks again for all the help!

I now have a pfsense box up and running on our network.
I'm still experiencing some problems with the network but that could be any number of issues.

One thing I'm noticing is that getting replies on the pfsense forum isn't quite as easy as I'm used to. I'm not sure if I'm asking the wrong questions or what...but when I asked if I was...no one replied, haha.

Soo, I think I'm going to be spending a little time over here to get a feel for the community...I know one thing for sure, there's at least one really helpful person

Anyway, thanks again for all your help; hopefully I'll see you around the boards

 

[KGB7]

First thing first.

Since Non-Profit is a place of work and business, I highly recommend you stay away from 3rd party firmwares as far as possible. The consequences that might and will fall on your shoulders because you used firmwares other then OEM, can be legally painful.



Having that said.

Take a look at the ubnt.com

 

[conradcliff]

I'm not sure exactly what you mean, but I'll take a look at the website. Thanks!

Edit: ahhh, yes...I actually bought 3 of their access points and will be buying a 4th...I'm assuming you sent me there to look for routers? Or maybe you were hinting at installing 3rd party software on their hardware? I'll look into it further..

Sent from my HTC_Amaze_4G using Tapatalk

 

[Dreamslacker]

Dreamslacker, thanks again for all the help!

I now have a pfsense box up and running on our network.
I'm still experiencing some problems with the network but that could be any number of issues.

One thing I'm noticing is that getting replies on the pfsense forum isn't quite as easy as I'm used to. I'm not sure if I'm asking the wrong questions or what...but when I asked if I was...no one replied, haha.

Soo, I think I'm going to be spending a little time over here to get a feel for the community...I know one thing for sure, there's at least one really helpful person

Anyway, thanks again for all your help; hopefully I'll see you around the boards

What are the problems you're facing?
I haven't quite really seen your posts over there but you generally want to post under the Hardware, Installation and firewall sub-forums over there.
The other sub-forums are really only for very specific packages/ sub-component problems.

 

[conradcliff]

Our network has been hodgepodge'd together so it's hard for me to isolate exactly what's going wrong.

I had some bad switches after lightning strike a while back and replaced them all with cheap trendnet ones. They seem to be working ok but we still have random network outages for some computers and not others.

What I really think the problem is is our actiontec mi424wr rev i router from verizon. It's their best one but I don't think it can keep up with our network...though I'm not sure.

Currently we have 29 active user: wired, wireless, computers and phones;
we have a total of about 90 devices that have been logged onto the router so you could guess around 50 devices active on average.

I have several AP's connected as well.

Sometimes the wired portion of the router seems to go down along with the AP connected to it (naturally) and sometimes the wireless portion of the router goes down leaving the AP's functional.

Sometimes the router randomly changes it's DHCP range back to default 192.168.1.x we use a 192.168.0.x but it doesn't change its lan IP so it's still located at 192.168.0.1...very strange.

Anyway, we're moving to a new building and I'm hoping to get some solid equipment in place to reduce our network outages...I was hoping that a good pfsense box was the answer but the ubiquiti routers are looking pretty nice...though using the cmi is a bit scary for me but I hear their forums and tech support are really helpful.

Ok, sorry for the long post. I think I'll take your advice and re-post my questions in a different subforum at pfsense.

Thanks again!

 

[KGB7]

I'm not sure exactly what you mean, but I'll take a look at the website. Thanks!

Edit: ahhh, yes...I actually bought 3 of their access points and will be buying a 4th...I'm assuming you sent me there to look for routers? Or maybe you were hinting at installing 3rd party software on their hardware? I'll look into it further..

Sent from my HTC_Amaze_4G using Tapatalk

Look at their products because i think they will do a great job for your work. And no, you should NOT use 3rd party firmware.

 

[conradcliff]

I looked at the routers and they got some really great reviews so I'm super interested in them.

I'm a little worried because I'm not too savy with networking especially in the cmi but I hear their forums are very helpful so I'm going to check them out.

Thanks again for the pointer!

 

[Dreamslacker]

Sometimes the wired portion of the router seems to go down along with the AP connected to it (naturally) and sometimes the wireless portion of the router goes down leaving the AP's functional.

Sometimes the router randomly changes it's DHCP range back to default 192.168.1.x we use a 192.168.0.x but it doesn't change its lan IP so it's still located at 192.168.0.1...very strange.

I'm not sure how your device is setup. Do you have multiple NICs? i.e. 1 NIC for WAN, 1 NIC for LAN & 1 NIC for Wifi access points?

Or are you using VLANs? If so, are you able to verify if the switch is both VLAN capable and in working condition (since you mentioned that you've had power surges). Also, check the VLAN configuration on the switch and avoid using VLAN ID 1 where possible.

For the DHCP range, do you have multiple subnets (one for each interface) and did you specify the proper range per subnet? (via Services->DHCP Server-> Interface name).

Lastly, are you using the embedded install (NanoBSD) or Full install?

 

[conradcliff]

I'm not sure how your device is setup. Do you have multiple NICs? i.e. 1 NIC for WAN, 1 NIC for LAN & 1 NIC for Wifi access points?

Or are you using VLANs? If so, are you able to verify if the switch is both VLAN capable and in working condition (since you mentioned that you've had power surges). Also, check the VLAN configuration on the switch and avoid using VLAN ID 1 where possible.

For the DHCP range, do you have multiple subnets (one for each interface) and did you specify the proper range per subnet? (via Services->DHCP Server-> Interface name).

Lastly, are you using the embedded install (NanoBSD) or Full install?

All those problems are with regard to the verizon fios router. The only problem I experienced with the pfsense setup is that I couldn't get any support and I'm not quite bright enough to figure it out myself

 

[Dreamslacker]

I see. Well... If you have any queries about pfSense, let me know and I'll see if it falls within my area of expertise.
If you understand basic ACLs and networking directionality (ICND 1 & 2), you should be good to go. Most of the work in pfSense rides heavily on Firewall Rules (equivalent of ACLs).

 

[conradcliff]

Thank you so much for the offer, as it is I ordered a ubiquiti maxrouterlite...still will be beyond my knowledge base but the forums and support seem really great.

Thank you again for your help though, I really do appreciate it.

Sent from my HTC_Amaze_4G using Tapatalk

 

[KGB7]

I looked at the routers and they got some really great reviews so I'm super interested in them.

I'm a little worried because I'm not too savy with networking especially in the cmi but I hear their forums are very helpful so I'm going to check them out.

Thanks again for the pointer!

You dont have to be savy or a Fabio Network Guru to use their products. The software is simple and straight forward, so anyone with basic knowledge of networking can set it up and make it work.

Its easier then setting up a printer on Windows ME.

 

[conradcliff]

Thanks for the reply. That's, good to hear. I'm just a little worried about setting up the firewall rules for the clans and the VoIP system in the cmi...I think I'll be able to do it with some help from you guys though

Sent from my HTC_Amaze_4G using Tapatalk