What's the purpose of this network layout?

felixdd

Occasional Visitor
My wife used to be a partner in a small business that the owner has sold off. Wife is going to inherit the equipment and set up shop elsewhere.

I'm helping her set up the computer end of things. In some ways, I have no business doing this as I have no IT training. On the other hand, she uses a cloud-based administrative solution so all she needs is a router and 3 computers that access it. No fancy networking. No client-to-client interfacing needed. Just straight up 3 computers that need internet. Maybe a printer on top of that.

Anyways, in taking down the old gear, I noticed that the old business location has a cable modem plugging into a Cisco 867VAE-K9 router. There's then a single cat5 that is run to a consumer-grade Asus AC3100 (that I've now commandeered). The Asus C3100 has aingle CAT5 that goes to a Dlink Switch, then finally onto a patch panel to distribute Cat5 networking to the location. The building was built perhaps 10 years ago so I can understand why they hard-wired the place extensively. The old business at most had 12 client devices, but I guess having the patch panel and the switch ensures some measure of scalability.

What is confusing to me is currently the old location's network clients are networked via wifi. Not only that, the wifi is being handled by the AC3100 which is also doing local dhcp work?! In fact within the setting they had it set up with a static IP that communicates with the Cisco router (which has no other device connected to it).

Essentially, the person's running a double NAT, and only with devices behind the second router.
1657076420311.png


I haven't interrogated the Cisco router but I strongly suspect it has its DHCP running and has the Asus's MAC reserved to the static IP (because heaven forbid the previous IT guy set up the cisco as a dumb switch....). I'm guessing the ASUS was added after-the-fact to enable wireless capabilities to the location. If so, why not just plug the Asus straight into the modem, rather than going through the CIsco router?

I guess my question is...why? What possibly could be the advantage to this? Perhaps a second firewall? Existing hardware redundancy as a fall-back for if the Asus falls? Am I missing something here?
 

eibgrad

Part of the Furniture
Hard to be sure. Don't assume every admin is a networking genius. It might simply be a desire to upgrade from the CISCO primary router to one w/ better wifi, more features, w/o disturbing an otherwise working connection w/ the ISP. For many ppl, the double NAT is not really a problem.
 

ColinTaylor

Part of the Furniture
As far as I can tell the Cisco 867VAE-K9 is an ADSL/VDSL router with no WiFi capability. So the Asus would have been added to supply WiFi.

Perhaps the internet was originally supplied over ADSL or VDSL and then a cable modem was inserted in front of it when it became available. Or the Cisco is configured as dual WAN for redundancy (Ethernet to the cable modem & telephone connection for ADSL/VDSL).
 
Last edited:

ColinTaylor

Part of the Furniture
maybe the CISCO box was required for VPN capabilty with another company ?

Doesn't look like that specific model is one of Cisco's "VPN routers" (that would be the 880 series). Correction: the 867VAE-K9 does support IPSec.

Manual is here: https://cdn.cnetcontent.com/83/76/837643d8-0bc3-45cc-b8b8-5c815cd837c2.pdf

It looks pretty rubbish really - 4 10/100 LAN ports and 1 gigabit LAN port.
 
Last edited:

degrub

Very Senior Member
certainly not what we are used to today. A decade or more ago ? Maybe good enough. Depends on the use case of course. Total throughput would be my concern rather than the individual port link rates. Many companies just use the PC as a smart terminal for someone else's mini or mainframe or now a web server database. Not a lot of throughput demand there.
 

felixdd

Occasional Visitor
After some mulling I'm leaning more towards VPN for remote administrative purposes, or a switch from ADSL/VDSL to cable modem and this being a vestige of that move. I think WiFi is a reasonable thought, except I would've thought that the person would've set up the Asus as a wireless AP, while leaving the Cisco for routing. One would assume that their IT person may not be as familiar with Asus routers and that they can host OpenVPN....?

Once they've fully moved out of their old location I'm going to drill into the Cisco to look at it some more.
 

tgl

Regular Contributor
You didn't describe the physical layout very well. I'm wondering if the ASUS unit was added after the original setup, and this way was the only way to install it in a reasonable location without pulling additional cables (which maybe didn't seem worth the trouble).

On the whole though, I lean to @eibgrad's idea that it just wasn't thought through very well.
 

sfx2000

Part of the Furniture
My wife used to be a partner in a small business that the owner has sold off. Wife is going to inherit the equipment and set up shop elsewhere.

I'm helping her set up the computer end of things.

Networking for small business has changed much over the years.

Might consider hiring a consultant that has domain knowledge on best practices since this is a business network... if the business is doing anything with payment card processing, or health records, there are specific safeguards that have to be in place...

Keywords to consider - PCI compliance, EMV, HIPAA - there are others that I might have missed...
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top