Advice for a 50+ user network



  • First off, hello! I found you guys from a suggestion made by a user on smallnetbuilder and pfsense looks just great!  ;)

    I work for a non-profit organization that houses approximately 50 internet users daily.

    Right now we have Fios with the Rev.I router and a 35/35 (actually only getting 7 up) connection.

    The network seems to constantly have problems that I've never really been able to isolate…do you think the router is too slow?

    We're moving to a new location and I want to setup the network right.

    I just setup a dell optiplex 330 with 1g of ram an 80gig hd and a 1.6ghz celeron running pfSense 2.0.3

    I'd like to get two solidi nics to install in the machine. It has 1 PCI-e x16 slot and 2 regular PCI slots (low profile)
    (It has an onboard nic that I guess I could setup with vlans to handle the WAN and LAN + vlans...is that recommended?)

    The plan is to connect to this NETGEAR 8 Port Gigabit http://www.newegg.com/Product/Product.aspx?Item=N82E16833122397 (it says it's unmanaged but it has a management interface that you can set the vlans with)

    and then connect that to 5+ Engenius ENS200EXT wireless access points: http://www.newegg.com/Product/Product.aspx?Item=N82E16833168117 which can do vlan tagging to multiple ssid's.

    I was wanting to get two of these Rosewill RC-400-LX Network Adapters: http://www.newegg.com/Product/Product.aspx?Item=N82E16833166017 with the RTL 8110SC chipset but I'm not sure if the C revision is supported and I also read where several people have warned that you should stay away from realtek.

    I want to setup 3 different wireless networks (vlans);
    Guests (just internet, no torenting, access to network etc.)
    Users (Internet and internal shares and printers, no torenting etc.
    Admins (full access)

    What do you guys think?

    Thanks for any help you can offer!  ;D

    p.s. is there a way to embed those urls in the text that precedes them?



  • The intel pro 1000 GT isn't terribly expensive and it's got good reviews…is that a better choice?



  • One more thing I forgot!

    We have a voip phone system that currently has several wired and wireless phones connected to it.

    Should that have it's own dedicated nic (perhaps the onboard one) or can/should I just connect it to the switch and give it it's own vlan?
    I suppose I should setup a vlan on the AP's for the phones as well.

    Sorry, I'm pretty new to all this stuff.



  • The onboard Broadcom Nic should work fine with VLANs as long as your have a 802.1Q VLAN capable switch (the Netgear GS108E looks like it would work just fine).

    I'm not certain whether the switch would have enough ports for you though (you need 1 for pfSense, 1 for your internet connection and 5 for your access points).  That leaves you with only 1 spare port to connect to everything else.

    If you have an additional VLAN capable switch on hand, that's fine since you can trunk VLANs out to the switch from the leftover port.

    I'm not sure if your can replace the FIOS provided router though.  You may need to make some calls to check if you can hook up your own router to the ONT - or to get them to make the necessary changes so you can do so.

    It's nice to have a separate VLAN for the phones for ease of traffic shaping on VOIP (just prioritize the entire VOIP phone subnet) but make sure that only the phones are hooked up to this VLAN/ subnet.



  • @dreamslacker:

    The onboard Broadcom Nic should work fine with VLANs as long as your have a 802.1Q VLAN capable switch (the Netgear GS108E looks like it would work just fine).

    I'm not certain whether the switch would have enough ports for you though (you need 1 for pfSense, 1 for your internet connection and 5 for your access points).  That leaves you with only 1 spare port to connect to everything else.

    If you have an additional VLAN capable switch on hand, that's fine since you can trunk VLANs out to the switch from the leftover port.

    I'm not sure if your can replace the FIOS provided router though.  You may need to make some calls to check if you can hook up your own router to the ONT - or to get them to make the necessary changes so you can do so.

    It's nice to have a separate VLAN for the phones for ease of traffic shaping on VOIP (just prioritize the entire VOIP phone subnet) but make sure that only the phones are hooked up to this VLAN/ subnet.

    Thanks for the reply! I'm slightly worried about the onboard nic…It's a broadcom chip that doesn't state it's supported by BSD 8.3. The series number lies in between two supported number though and it is working.

    I read that non-vlan nics will work with vlans but that we'll run into problems due to the limited packet size.

    We can definitely change the router, we just have to release the IP address first.

    The voip system, I'm sure, will be something I'll need more help with configuring.
    The little voip router send out IP's in the .99.x range to the phones even if the phone are connected directly to our network and not directly to the voip router...I'm not sure how that works or how exactly to setup the vlan...that will probably be for another thread.  ::)

    I think I'm going to pull the trigger on these nics unless anyone has a better idea.

    Thanks again!



  • Ok, I've decided on the Intel PRO/1000 Pt Dual Port Server Adapter: http://www.amazon.com/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=pd_bxgy_e_text_y

    And the Intel PWLA8391GTLBLK PRO/1000 GT Desktop Network Adapter: http://www.amazon.com/dp/B00030DEOG/ref=gl_it_dp_o_nS_ttl?_encoding=UTF8&colid=1FOSJV15426WX&coliid=I3PVJJJYZBJQHX
    of which I can add a second one later.

    Both of them are listed in the compatible hardware list for FreeBSD 8.3, are capable of 802.1q vlan tagging and they're Intel  ;D

    Let me know if any of you see any issue with that. If not I'm gonna purchase them in the next few days.

    Thanks for any help!



  • @dreamslacker:

    I'm not sure if your can replace the FIOS provided router though.

    Yes, this is possible I'm running like that already. If the ONT->Router is already Ethernet you can just use your pfSense router. If it's provisioned for MOCA, then just call VZ to swap it to Ethernet. See the FAQ on this site for much more information on the subject:

    http://www.dslreports.com/forum/vzfiber



  • @daniev:

    @dreamslacker:

    I'm not sure if your can replace the FIOS provided router though.

    Yes, this is possible I'm running like that already. If the ONT->Router is already Ethernet you can just use your pfSense router. If it's provisioned for MOCA, then just call VZ to swap it to Ethernet. See the FAQ on this site for much more information on the subject:

    http://www.dslreports.com/forum/vzfiber

    Yup you just have to release the IP :)