Hardware requirements in this situation…
-
Atom will do just fine. Don't expect it to fly.. and don't think about adding Snort or Dans (clamd) to it.
Since it is single core (600 Mhz to 1.6 Ghz Atom E6xx) .. you may want to keep an eye on the CPU usage. If its running 75 -85% constantly then I recommend moving to an Intel Celeron G530 based system. With that you could easly use Snort and Dans (clamd).. and it will still fly ;)
-
Right now I'm not looking to run Snort or Dans, just thins the things i listed in my first post. But my "worry", if you can call it that, is - what will happen if those 60 people start to go online. If the Atom can cope and will provide fast throughput on the networks.
I'm guessing a 1.6Ghz system will be fine, but as I said, I have no direct experience yet.
The Atom is indeed Singlecore but does support hyperthreading, which is active in pfSense (cpu0 and cpu1). -
It will handle 4 x 40=160Mbps easily. CPU usage may go high with 60 users downloading all at the same time but it can handle the load.
-
2 subnets will be capped bigtime. One is a free-ish public wifi point (capped at 2mbit per device, vpn blocked etc.) and another is for actual customers using an account through CP. But less restrictions max. 8mbit per device for example.
The final subnet is for the company stuff itself, and is 'unmetered'.I guess I'm gonna need that network card :) Unless someone else has useful advise.
-
You can use VLANs and a manged switch to get extra interfaces, perhaps you already have suitable one?
Steve
-
@Steve - No, my switches are unmanaged. Replacing them (3x 24p gbit) would be much more expensive than getting the extra card.
-
That would certainly be true but an additional 5 or 8 port managed switch may not be. It's just a suggestion, I would personally not do VLANs unless I have to. Removing complexity usually results in less problems. ;)
Steve
-
@Steve - No, my switches are unmanaged. Replacing them (3x 24p gbit) would be much more expensive than getting the extra card.
You can get a Netgear 10-port Smart switch for under $100. Use that for your VLAN backbone and then segregate the subnets with unmanaged switches branching off the Netgear Smart switch. Technically you can have 9 physical VLANs ports on it going to 9 unmanaged switches for each VLAN. It can handle lots of VLANs if you have other managed switches connecting to it.
-
Hmm I see, but as you said yourself, removing complexity is better. :)
-
Hmm I see, but as you said yourself, removing complexity is better. :)
Actually, asterix was proposing the cost-effectiveness of a smart switch:
@asterix:You can get a Netgear 10-port Smart switch for under $100. Use that for your VLAN backbone and then segregate the subnets with unmanaged switches branching off the Netgear Smart switch. Technically you can have 9 physical VLANs ports on it going to 9 unmanaged switches for each VLAN. It can handle lots of VLANs if you have other managed switches connecting to it.
while stephenw10 was the one positing that less complexity = less problems:
@stephenw10:That would certainly be true but an additional 5 or 8 port managed switch may not be. It's just a suggestion, I would personally not do VLANs unless I have to. Removing complexity usually results in less problems.
Personally, I'm not having much fun with VLANs at the moment myself, but I also have zero experience with them :P
-
Start with a Netgear GS108Tv2. It's cheap, gigabit, extremely well built and very stable. I learnt all about VLANs playing on this. I have now moved to a 48-port GSM7248v2 managed switch which has the same GUI as the GS108Tv2 but with extra features.
-
Right, but I'm not looking to set up a VLAN kind of setup.
-
Just giving you options. There are pros and cons for vlans over additional NICs.
Steve
-
Correction .. the Netgear GS108Tv2 is a 8-port and not a 10-port… still cheaper than adding a multiport NIC. I was in similar situation when I first started using pfSense and adding the Netgear GS108Tv2 was the smart thing to do ;)
-
I see :) Thanks.
