Recommend me a Router…

stramato

Hello, Im setting up a network for a university. We have very limited budget and this is the initial proposal:

[Classroom1] –- (Classroom1 switch) --- (router) --- (University switch) --- |
[Classroom2] –- (Classroom2 switch) --- (router) --- (University switch) --- |
[Classroom3] –- (Classroom3 switch) --- (router) --- (University switch) --- | ---[pfSense Multi-WAN] –- Internet
[Classroom4] –- (Classroom4 switch) --- (router) --- (University switch) --- |
[Classroom5] –- (Classroom5 switch) --- (router) --- (University switch) --- |

each classroom's got 40 computers, so using cheap home routers won't do it (they only have 16 or 32mb ram).

I'm thinking of building a small pfSense box for each classroom to act as a simple router/dhcp/firewall, but It won't really fit in the switch rack...

any recommendation? Are there cheap hardware-based routers for this application that you can recommend?

GruensFroeschli

Why do you need a router in every classroom?

What kind of switches are in these classrooms? Are they VLAN (802.1Q) capable?

stramato

@GruensFroeschli:

Why do you need a router in every classroom?

What kind of switches are in these classrooms? Are they VLAN (802.1Q) capable?

i doubt they're vlan capable. they have a purchase date of 2002-2004. 3Com switches 10/100 24-ports.

i need each classroom to be isolated from each other. i need them to be separate LAN's with DHCP assigned IP's.

GruensFroeschli

Is the (University switch) not VLAN capable as well?

Basically, i think in the end it will be a lot cheaper and easier to manage if you have a single router (the multiWAN capable pfSense), instead of multiple small routers.

My idea when i see your description:

–----------------------------------------
[Classroom1] –- (Classroom1 switch) --------- |                                               |
[Classroom2] –- (Classroom2 switch) --------- |                                               |
[Classroom3] –- (Classroom3 switch) --------- | (VLAN-capable University switch) | ------------- [pfSense Multi-WAN] –- Internet
[Classroom4] –- (Classroom4 switch) --------- |                                               |
[Classroom5] –- (Classroom5 switch) --------- |                                               |
                                                               -----------------------------------------
The separation of the classrooms would be done with VLANs.
Each VLAN has it's own "virtual" interface on the pfSense.
--> Each VLAN appears as if it were a real NIC, so you can run on each VLAN a separate DHCP.

stramato

@GruensFroeschli:

Is the (University switch) not VLAN capable as well?

Basically, i think in the end it will be a lot cheaper and easier to manage if you have a single router (the multiWAN capable pfSense), instead of multiple small routers.

My idea when i see your description:

–----------------------------------------
[Classroom1] –- (Classroom1 switch) --------- |                                               |
[Classroom2] –- (Classroom2 switch) --------- |                                               |
[Classroom3] –- (Classroom3 switch) --------- | (VLAN-capable University switch) | ------------- [pfSense Multi-WAN] –- Internet
[Classroom4] –- (Classroom4 switch) --------- |                                               |
[Classroom5] –- (Classroom5 switch) --------- |                                               |
                                                               -----------------------------------------
The separation of the classrooms would be done with VLANs.
Each VLAN has it's own "virtual" interface on the pfSense.
--> Each VLAN appears as if it were a real NIC, so you can run on each VLAN a separate DHCP.

hmm sounds logical. so i'll keep the existing, old switches, then upgrade the main university switch to something newer with VLAN capability.

question, can 1 DHCP server assign IP's to multiple VLAN's? Let's say each classroom will have 192.168.0.101 etc. Sorry VLAN is quite new to me.

GruensFroeschli

You would not be running a single DHCP server.
You would have a separate DHCP server for each classroom.
Each room would have it's own interface/NIC on the pfSense.
So basically something like:
Room-1: pfSense IP: 192.168.101.1, DHCPrange 192.168.101.100 - 192.168.101.199
Room-2: pfSense IP: 192.168.102.1, DHCPrange 192.168.102.100 - 192.168.102.199
Room-XX: pfSense IP: 192.168.1XX.1, DHCPrange 192.168.1XX.100 - 192.168.1XX.199

But physically this would be over a single NIC and cable.
The switch then separates which traffic should go to which room.

A good read to VLANs:
http://archive.networknewz.com/networknewz-10-20030725IntroductiontoVLANs.html
http://www.automation.com/resources-tools/articles-white-papers/industrial-ethernet/introduction-to-virtual-lans

What kind of hardware do you have right now for the pfSense which does the MultiWAN-stuff?

stramato

@GruensFroeschli:

You would not be running a single DHCP server.
You would have a separate DHCP server for each classroom.
Each room would have it's own interface/NIC on the pfSense.
So basically something like:
Room-1: pfSense IP: 192.168.101.1, DHCPrange 192.168.101.100 - 192.168.101.199
Room-2: pfSense IP: 192.168.102.1, DHCPrange 192.168.102.100 - 192.168.102.199
Room-XX: pfSense IP: 192.168.1XX.1, DHCPrange 192.168.1XX.100 - 192.168.1XX.199

But physically this would be over a single NIC and cable.
The switch then separates which traffic should go to which room.

A good read to VLANs:
http://archive.networknewz.com/networknewz-10-20030725IntroductiontoVLANs.html
http://www.automation.com/resources-tools/articles-white-papers/industrial-ethernet/introduction-to-virtual-lans

What kind of hardware do you have right now for the pfSense which does the MultiWAN-stuff?

thanks that was very helpful.

currently i have a Frankenstein PC with 5 NIC's (1 onboard, 4 PCI). 1 NIC goes to LAN, 2 NIC's go to DSL modems (static IP). I'm not yet using the remaining 2 NIC's but once I'm comfortable with pfSense (now I have to learn how to configure VLAN's in it), they will be used by 2 more DSL modems.

Pentium 4 2.66Ghz, 256MB DDR RAM, 40GB HDD. FreeBSD pfSesnse installed.

When everything works OK, I may purchase a new machine to run pfsense. Maybe a rack mount so it will look nice, now that im not buying a bunch of small routers. The pfsense idea also saved me a lot from XRoads Edge and Peplink appliances.

stramato

is this a sound diagram?

For the classrooms, I think I can actually use Static-IP's since it's a classroom anyway. But if I want to use DHCP for convenience, what is the most cost effective and simple way to put a DHCP on each room?

Also, we currently have a couple of these:
http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3C17203-US

It says VLAN-capable so I'd have to check it out.

GruensFroeschli

You just go to "Services –> DHCP Server"
There is a separate tab for each interface.
Just enable a DHCP server on each interface you want.

Yes this switch should work well.

clarknova

I don't see the need for the second switch on the second pfsense, unless you plan on adding vlans.

In fact, you could, technically, run your public wifi subnet through the first pfsense box via the first vlan switch. Each vlan acts like a physical network with its own gateway on pfsense. You may, however, have other reasons for wanting to separate the wifi network totally, such as physical separation from the first network, or load limits on pfsense 1.