Hello,
newbie to this forum, not so much to networking, on a practical level.
I'm asked to sort out some problems in a small local gym and improve some things:
- sorted out:
- looped network, daisychaining 4-8 port FE switches
- operator modem wifi underperforming/unavailable
- upgrade network throughput
- installed:
- new operator modem, upgraded DSL to 100mb
- 2 16 port switches netgear GS716T (1 per floor)
- 2 ASUS RT-AC5300 (1 per floor)
- new structured cabling CAT6E to wire the building
Because of a deadline I installed the cabling, switches and wifi-routers and connected it all up.
Layout:
operator modem hands out 192.168.0.x addresses (class C) on one of it's 4 LAN ports, or on it's own Wifi, which is limited for use by the staff
each switch is uplinked to the modem, itself has an ip address assigned for management
some gym equipment is connected to the switches, as is the WAN interface of the wifi-routers.
all is on fixed IP except the wifi clients (gym customers)
The Wifi routers issue different SSIDs and issue different IP addresses, 192.168.1.11-254/C and 192.168.10.11-254
All Wifi signals are locked with WPA2 Personal with AES (the best I can do I think without corp. solutions), guest networks are disabled.
Improvements TBD:
- secure remote access from outside to the local pc (windows 10), the wifi routers and the switches (web interface)
- basic monitoring - availability - performance - and alarming when smg is wrong
My basic idea: set up a raspberry PI inside on a sort of DMZ to end a VPN on. Then onward to the different internal "clients".
That same Pi will run a Nagios server to keep an eye on things. And it will also serve as log server for the routers and switches, since there's quite some suspicious traffic.
My questions:
- the routers have a ssh-enable option, would that allow me to create an ssh vpn tunnel into the network in stead of on the Pi?
- if not, suggestions on which software to use or avoid, caveats ?
- some of the gym software suppliers use Teamviewer, which I'm pretty sure will not be affected unless I would block 80/443 outgoing (which obviously I won't do)
- any other comments/hints are welcome of course!
Thanks
g
newbie to this forum, not so much to networking, on a practical level.
I'm asked to sort out some problems in a small local gym and improve some things:
- sorted out:
- looped network, daisychaining 4-8 port FE switches
- operator modem wifi underperforming/unavailable
- upgrade network throughput
- installed:
- new operator modem, upgraded DSL to 100mb
- 2 16 port switches netgear GS716T (1 per floor)
- 2 ASUS RT-AC5300 (1 per floor)
- new structured cabling CAT6E to wire the building
Because of a deadline I installed the cabling, switches and wifi-routers and connected it all up.
Layout:
operator modem hands out 192.168.0.x addresses (class C) on one of it's 4 LAN ports, or on it's own Wifi, which is limited for use by the staff
each switch is uplinked to the modem, itself has an ip address assigned for management
some gym equipment is connected to the switches, as is the WAN interface of the wifi-routers.
all is on fixed IP except the wifi clients (gym customers)
The Wifi routers issue different SSIDs and issue different IP addresses, 192.168.1.11-254/C and 192.168.10.11-254
All Wifi signals are locked with WPA2 Personal with AES (the best I can do I think without corp. solutions), guest networks are disabled.
Improvements TBD:
- secure remote access from outside to the local pc (windows 10), the wifi routers and the switches (web interface)
- basic monitoring - availability - performance - and alarming when smg is wrong
My basic idea: set up a raspberry PI inside on a sort of DMZ to end a VPN on. Then onward to the different internal "clients".
That same Pi will run a Nagios server to keep an eye on things. And it will also serve as log server for the routers and switches, since there's quite some suspicious traffic.
My questions:
- the routers have a ssh-enable option, would that allow me to create an ssh vpn tunnel into the network in stead of on the Pi?
- if not, suggestions on which software to use or avoid, caveats ?
- some of the gym software suppliers use Teamviewer, which I'm pretty sure will not be affected unless I would block 80/443 outgoing (which obviously I won't do)
- any other comments/hints are welcome of course!
Thanks
g
