Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about feasibility of proposed network

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 5 Posters 2.5k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      AverageGuy
      last edited by

      I'm involved in starting a new charter school.  We're moving into a building that housed a public school and has existing network switches and a single gigabit ethernet cable running to each classroom.  We plan to put a switch in each classroom with one port to the teacher's workstation, one port to an wireless AP and one or more ports to student work stations.  The front offices will have switches connected to a workstation and a voip phone.  I am planning to have separate vlans for each group, students, wireless, voip and teachers/staff.  The wireless APs will be used to support Chromebooks.  Evenually there will be 500 or so students each with a chrome book.

      Does this sound reasonable?  The existing switches are Dells but I don't have the model number handy.  Also I want to be sure pfSense will support such a system.

      I've never had to deal with a network this complex before.

      Thanks,
      Jim.

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        while there technically doesn't seem an issue with this, it might be cheaper & easier to manage to pull some more cables (no clue how difficult this is, in your situation).
        ( i do school-IT for a living & know about the limited funds)
        small managed switches still cost $80-$350 / piece. each need to be configured with their vlans. each need some form of cabinet, to physically protect them from tampering.

        i don't know the layout of the school in your situation, nor the total amount of end points.
        personally i'd put a small 10-12U cabinet in each (big)hallway/floor and pull wires towards the required endpoints. (with the exception of classes with say 20-30 endpoints, that justifies their own cabinet)
        Put in 1 or 2 bigger switches (=24-48p) in the cabinets. The cabinets themselfs will have uplinks towards your central network/server rack.

        the latest 802.11ac-AP's needs 2 copper uplinks to fill their maximum theoretical throughput. who knows what'll happen in 2 years.
        also, is the wiring in the building capable of moving to 10Gbe in a couple of years? Cat6a or better will be required.

        its very difficult to do major changes to a network when the school is operational. (teachers dislike people with a drill hammer while class is in session)

        1 Reply Last reply Reply Quote 0
        • V Offline
          vbentley
          last edited by

          @AverageGuy:

          The wireless APs will be used to support Chromebooks.  Evenually there will be 500 or so students each with a chrome book.

          Does this sound reasonable?

          I don't do school networks so I am not an authority on this. However, wireless networks are not switched networks, they behave a lot like old fashioned ordinary Ethernet where there is contention for the network. The more transmitting stations per segment, the slower it gets for everyone using it.

          Lets say for example that due to the physical construction of the building that 802.11g bandwidth of 54Mbps is the maximum performance that is reliably achievable and that within the 2.4Ghz space you can get 3 bands operating without interference. That would give a theoretical maximum of 3 x 54Mbps = 162Mbps. Divided equally between 500 wireless chromebooks = 0.324Mbps (324Kbps each). Lets also assume that you can throw in some 5Ghz kit, and due to the size of the campus run 6 2.4Ghz bands without interference. So being generous, ignoring any degradation of wireless performance and assuming you can achieve four times what I have estimated as a 'worst' case, 4 x 162Mbps = 648Mbps, divided by 500 chromebooks = 1.3Mbps each.

          I think you need to discuss this with someone that has practical experience of large scale wireless network deployment. It will probably need more than one wireless survey to get access point locations determined for the best performance but without specialist advice you risk spending good money on something that performs no better than individual dial-up modem access per student.

          Does this sound reasonable?

          Trademark Attribution and Credit
          pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

          1 Reply Last reply Reply Quote 0
          • A Offline
            AverageGuy
            last edited by

            @heper:

            while there technically doesn't seem an issue with this, it might be cheaper & easier to manage to pull some more cables (no clue how difficult this is, in your situation).
            ( i do school-IT for a living & know about the limited funds)
            small managed switches still cost $80-$350 / piece. each need to be configured with their vlans. each need some form of cabinet, to physically protect them from tampering.

            You already guessed it.  It will be rather expensive to run additional cables and we're looking at donated hardware for the switches and APs.  We have almost no budget.  Fortunately our donor has access to a lot of recycled equipment.

            Thanks,
            Jim.

            1 Reply Last reply Reply Quote 0
            • A Offline
              AverageGuy
              last edited by

              @vbentley:

              I don't do school networks so I am not an authority on this. However, wireless networks are not switched networks, they behave a lot like old fashioned ordinary Ethernet where there is contention for the network. The more transmitting stations per segment, the slower it gets for everyone using it.

              Lets say for example that due to the physical construction of the building that 802.11g bandwidth of 54Mbps is the maximum performance that is reliably achievable and that within the 2.4Ghz space you can get 3 bands operating without interference. That would give a theoretical maximum of 3 x 54Mbps = 162Mbps. Divided equally between 500 wireless chromebooks = 0.324Mbps (324Kbps each). Lets also assume that you can throw in some 5Ghz kit, and due to the size of the campus run 6 2.4Ghz bands without interference. So being generous, ignoring any degradation of wireless performance and assuming you can achieve four times what I have estimated as a 'worst' case, 4 x 162Mbps = 648Mbps, divided by 500 chromebooks = 1.3Mbps each.

              I think you need to discuss this with someone that has practical experience of large scale wireless network deployment. It will probably need more than one wireless survey to get access point locations determined for the best performance but without specialist advice you risk spending good money on something that performs no better than individual dial-up modem access per student.

              Does this sound reasonable?

              I hear what you are saying, but for the next year we have a very small budget.  At least initially we'll only have about 100 chrome books to worry about so I'm hoping that we will be able to manage for a year with a single AP in each room.  I think a survey will consist of placing APs in various places and see what kind of coverage we have, rather than a formal survey which costs money.

              Thank you for the analysis.  It's very helpful.  Next year we'll have more funding and may be able to afford a specialist.

              Jim.

              1 Reply Last reply Reply Quote 0
              • DerelictD Offline
                Derelict LAYER 8 Netgate
                last edited by

                Designing a wireless network for 16 classrooms with 30 laptops in each and a cafeteria with 500 laptops in it are two very different things.

                I don't see pfSense as being a limiting factor in anything you are trying to do.  Your challenges are at layers 1 and 2  - how do you run the necessary cable and how to you configure/secure the switch ports.

                One gig-e drop to each classroom with a managed switch is going to be enough if you can secure it.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • V Offline
                  vbentley
                  last edited by

                  @AverageGuy:

                  I think a survey will consist of placing APs in various places and see what kind of coverage we have, rather than a formal survey which costs money.

                  By learning how to do a survey properly yourself you will learn how to spot advise that as more likely to sell you more kit than just enough kit to get the job done.
                  http://www.wi-fiplanet.com/tutorials/article.php/3761356/How-to-Conduct-a-Wireless-Site-Survey.htm
                  http://www.networkworld.com/article/2925081/wi-fi/7-free-wi-fi-stumbling-and-surveying-tools-for-windows-and-mac.html

                  You should try out Kismet https://www.kismetwireless.net/. Data collection will be manual but it will only cost you your time and any knowledge gained using Kismet will be useful if you choose to use it as part of your security system later.

                  Trademark Attribution and Credit
                  pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by

                    Not mentioned in that link is NetSpot for the Mac. You can conduct small surveys with the free version. http://www.netspotapp.com/

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • A Offline
                      AverageGuy
                      last edited by

                      @Derelict:

                      Designing a wireless network for 16 classrooms with 30 laptops in each and a cafeteria with 500 laptops in it are two very different things.

                      I don't see pfSense as being a limiting factor in anything you are trying to do.  Your challenges are at layers 1 and 2  - how do you run the necessary cable and how to you configure/secure the switch ports.

                      One gig-e drop to each classroom with a managed switch is going to be enough if you can secure it.

                      Thanks.  It's going to be a challenge.  I don't have any formal education in network design/administration and have never ventured into enterprise wide configurations, so I'm really going to have to do some quick learning.  Since it's a school we've got to filter various sites.  I'm looking at squid for that.  Do squid and pfsense play well together?  Excuse me if that's a really dumb question.  I'm venturing into unknown territory.

                      Jim.

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        AverageGuy
                        last edited by

                        @vbentley:

                        @AverageGuy:

                        I think a survey will consist of placing APs in various places and see what kind of coverage we have, rather than a formal survey which costs money.

                        By learning how to do a survey properly yourself you will learn how to spot advise that as more likely to sell you more kit than just enough kit to get the job done.
                        http://www.wi-fiplanet.com/tutorials/article.php/3761356/How-to-Conduct-a-Wireless-Site-Survey.htm
                        http://www.networkworld.com/article/2925081/wi-fi/7-free-wi-fi-stumbling-and-surveying-tools-for-windows-and-mac.html

                        You should try out Kismet https://www.kismetwireless.net/. Data collection will be manual but it will only cost you your time and any knowledge gained using Kismet will be useful if you choose to use it as part of your security system later.

                        That's great information.  This will be an exclusively Linux site but I may be able to shake a Windows laptop loose to do a survey.  I may start with Kismet since it runs on Linux.

                        Thanks,
                        Jim.

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          AverageGuy
                          last edited by

                          @Derelict:

                          Not mentioned in that link is NetSpot for the Mac. You can conduct small surveys with the free version. http://www.netspotapp.com/

                          Thanks, but I have no access to Apple hardware.

                          Jim

                          1 Reply Last reply Reply Quote 0
                          • B Offline
                            backL2 Banned
                            last edited by

                            This post is deleted!
                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.