Redesigning a small network

I've been tasked with redesigning a small network (15-20) including wireless.  Cisco recommends the RV220 as the entry point Firewall/Router/Wireless and researching there are apparently some good and bad sides of having everything all in one unit depending on who you ask.  The other option would be to get a dedicated Firewall/Router and then run the wireless on a seperate device(vlan). I'm fine with either solution but my main concern is performance on the physical connections as well as reliability with the wireless having good range and not dropping or having to reboot the router continuously.  Behind the router/firewall I will purchase one of the Cisco 24-port gig switches for physical connections through the office. Anyone have advice or suggestions on models to get for the router/firewall/wireless setup? Budget is not a problem although I don't want to pay for something that is overkill for 10-15 wired workstations and 5-10 wireless including a guest wireless. Thanks in advance.

I am going to sound like a broken record.  I am no big fan of getting a wireless router.  The reason is because of the location.  It would be ideal to place your wireless access point (WAP) in the middle of your wireless clients.  A router is normally installed in some far corner somewhere.  I mean this is OK if you are bio-medical lab and you are testing wifi with rats. 
Ok, next what model of the router.  To answer that question, one has to ask you this:  What is your WAN bandwidth now and are you expected to grow any larger (size of the office and WAN bandwidth)?
The argument as to get a dedicated firewall or get a router with firewall functionality all depends on the question.

Similar Messages

  • Small network redesign help

    Hello,
      I work in a small company that has about 75 clients, and about 10 servers, and I have a refurb 4948 that's not setup yet, currently on the live network are asa5510, a sg300, voip system, and an old 2960 that's currently my core sw (the 4948 will replace this) and I'm planning on redesigning our flat network.
      We've always had a single collision domain on vlan 1 which I read is not recommended for security, and I was wondering if it's worth the headaches of setting up vlans on this small network (I'm no Cisco veteran, just learned hands on reading forums and guides) So my plan is to finally set up a dmz on the firewall and I'm reading a bit more before I get into that, and put the servers in a vlan on that dmz, I read that the 4948 can do routing so I can probably set inter-vlan on it if needed. Here's a diagram of my planned network, if you guys can give me some guidance on a best way to redesign it I'd totally appreciate it. Thanks in advanced.

    Why do you want the servers in a DMZ, are they going to be accessed from the internet ?
    I would definitely recommend putting the servers on the 4948 switch has it has much better performance than the 2960. And as you say it can route as well so perhaps it might be an idea to replace the 2960 with the 4948 and then if you do need a DMZ use the 2960 as the DMZ switch.
    Ideally you do not want your DMZ switch to have any internal LAN clients on it but that may not be possible for as you may not have enough ports. But you definitely do not want your DMZ switch to be routing, that should be left to the firewall.
    In terms of using vlans the answer is it depends. With the number of devices you have it may not be worth doing unless you are experiencing issues at the moment. It is always a good idea to have the servers on a separate vlan because if they are the same vlan a faulty NIC in a client could bring down the servers as well but that said in your setup all the clients would be in the same vlan anyway. And generally people start to consider using vlans when the IP subnet gets to be bigger than a /24 which you are nowhere near.
    I presume at the moment you route off the firewall ie. the inside interface of the firewall is the default gateway for the clients and servers ? If you stay with one vlan there is no benefit to routing on the 4948, you may as well just use this as a higher performance switch for the servers/clients.
    I can't see a need for vlans here unless you are experiencing performance issues but the 4948 could well sort that out for you.
    Perhaps you could clarify the bit about the servers and the DMZ and maybe go a bit more into what you want ?
    Jon

  • NEED HELP TO SET UP SMALL NETWORK - WIRELESS SIGNAL FROM NOVATEL U760 USB

    Hello -
    I need help setting up a small network in my new home in Florida, which has no wired broadband capability - not cable, not dsl. My options are satellite (which I'd like to avoid) or wireless broadband via Millenicom (or now Virgin Mobile) using their Novatel U760 USB stick.
    Here are the network components - someone please tell me how to set this up:
    PC #1 (has wireless card, but I've connected it by ethernet to the router)
    PC #2 (no wireless card; connected via ethernet to router)
    MACBOOK, 1 1/2 years old (2.1 GHz Intel Core 2 Duo, 4 gigs RAM), running OS 10.58, connected wirelessly to router.
    AIRPORT EXTREME BASE STATION, Model A1143.
    I'm not thrilled about using a wireless 3G signal as my primary one, (sprint network, claims 600 - 1400 kbps speed), but it costs 1/2 to 1/3 of what a slightly faster satellite signal would.
    I have not ordered this service yet. Before I do, I'd like a clear understanding that I can, in fact, set up my simple network, which I'd probably do the same as it's now configured with cable broadband - both PC's plug via
    ethernet into the Airport Extreme router, the MacBook connects wirelessly - AND,
    my question is this:
    Can I plug the wireless card - a Novatel U760 USB-stick device - straight into that USB slot in the Airport Extreme base station and will it automatically recognize that device?
    Or, do I have to plug it into the MacBook and somehow share that wireless signal between the 2 PC's (only 1 of which has a wireless card, so I'd have to get a card for PC #2)?
    And help anyone can provide will be much appreciated!
    Thanks,
    Em

    from the Airport FAQ #14:
    "Question: Can I connect my Soundsticks or other USB speakers to AirPort Express?
    Answer: No. The USB port is for connecting a printer, not for other devices."
    Im assuming other devices include USB modems.
    So, I would say your cheaper route would be to get a second wireless card and just share your internet connection from one of your PC.

  • Small Network Setup Ideas

    Looking for some recommendations for those that are more familiar with Linksys products and configuration interface. I would like to setup a small network (3 PC's) and also provide general use wifi utilizing the my businesses DSL connection. Concern - Does Linksys setup allow for me to segment my small network (i.e. 3 pc's) from the general use wifi network. For simplicity purposes I thought I would assign static IP address to my network segment (10.1.x.x range) and want to utilize DHCP for wireless network (different network segment). Also sense this is a shared service, I would like to prioritize my business traffic over the general access. Is this easily accomplished? Regarding the wireless, I only want to provide it to my clients. I suspect I can not broadcast the SSID, but how best to handle this via the Linksys setup? I have been looking at the Linksys Ultra RangePlus Wireless-N Broadband Router Model #: LKS WRT160N. My building has very think concrete walls and I would also like to provide access to an outside patio so I expect that I will likely have to deploy multiple wireless devices to maintain a strong signal. So for those Linksys experts, your advise greatly welcomed. Thanks in advance. TS

    you can use WAP4400N for getting good signals from wireless router .... Also you can go for WPC600N (Dual Band Adapter) for good connectivity ....

  • Small Network Trouble

    I am currently trying to setup a small network at my Mothers work and I have ran into a small problem. Here is the situation: I have ten iMac G4 that I have networked together using a NetGear switch. I now need to get internet to these ten computers. The hard part about this is I need the switch to get the internet from an AirPort Extreme in here office and the switch is located down the hallway in another room. I don't have the option of running a sing CAT5 cable from the Base Station to the switch it needs to be done wirelessly. I will include a link to twitpic (http://twitpic.com/1x1xsz) where I have uploaded a diagram that I drew to give you a visualization of my problem.
    Any and all suggestions are welcome.
    Thanks

    Welcome to the discussions!
    You might want to explore all the options.
    You could use wireless and setup an AirPort Express to "join" the wireless network that the Airport Extreme creates, then enable the ethernet port on the device to feed the switch.
    While this should work most of the time, you would be trusting an entire network to a single wireless connection. I would think long and hard about this and use this only if there were no other alternatives.
    You could also use a pair of ethernet powerline adapters to transmit the ethernet signal over the AC powerline. Just run an ethernet cable from the AirPort Extreme to an adapter and plug it in the wall. Plug the other adapter in the wall and then run and ethernet cable from the adapter to the switch.
    Works great. Faster and more reliable than wireless by far. Newer powerline equipment is almost up to Gigabit speeds...almost as good as running an ethernet cable.
    Just make sure that everything is on the same master electrical circuit.
    Whichever you decide upon, it would also be a good idea to have a full understanding of the store's return policy in case things don't work out as hoped. Sometimes, it really is worth the extra expense to have the security of a traditional ethernet connection.

  • Advice for Building Small Network Question

    Hello,
    I am building a small network environment which will connect to a larger office, scalability is important.  We will begin having about 30 users which will all need VOIP services.  The VOIP services will be hosted by a cloud provider.  My question is as of now I am looking to obtain a Cisco 2921 ISR Router and then a Cisco 2960-X 48Gig POE, and my main question is I am confident the switch can handle the power and operation of the phones but just to make sure I should not run into any problems with the router as far as forwarding the data, correct?  Any other comments or suggestions would be appreciated.
    Thanks,
    Joe

    Duplicate post. 
    Go HERE.

  • Help in creating a small network

    I just bought a TC and I want to make a small network with two Airport Express boxes that I already had. Right now the TC is connected and working, but I have also connected the two AE but I can not make them show in Airport utility, when
    I reset one of the AE it shows in Airport utility but I can not make any changes.
    I have TC set to "Create a wireless network", is this correct? I want to extend my network, can someone please guide me step my step, I am illiterate about Networks
    Thank you

    Ok, since you will be using a mix of 802.11n & 802.11g base stations, your only option will be to create a WDS to wirelessly extend the range of your TC.
    Here are the basic steps to set it up:
    (Note: To facilitate the WDS set up, place the base stations within near proximity of each other during the set up phase, and then relocate them to their desired locations when complete. Also, jot down the AirPort IDs for each of the base stations to be used in the WDS.)
    o Perform a "hard" reset on the Time Capsule (TC) and a "factory default" reset on the 802.11b/g AirPort Express Base Stations (AX).
    Main Base Station Setup - TC
    o Click the AirPort status menu in the menu bar and choose the wireless network created by the TC.
    o Open AirPort Utility.
    o Select the TC, and then, choose Manual Setup from the Base
    Station menu.
    o Click Wireless in the toolbar, and then choose “Participate in a WDS network” from the Wireless Mode pop-up menu.
    o Click WDS and then choose “WDS main” from the WDS Mode pop-up menu.
    o Select the “Allow wireless clients” checkbox if you want client computer to connect to this base station.
    o Click the Add "+" button and enter the AirPort ID of the AX.
    o Click Update to send the new settings to the base stations in the WDS.
    Remote Base Station Setup - AX #1
    o Click the AirPort status menu in the menu bar and choose the wireless network created by the AX #1.
    o Open AirPort Utility.
    o Select the AX, and then, choose Manual Setup from the Base Station menu.
    o Click AirPort in the toolbar and click Wireless. Choose “Participate in a WDS network” from the Wireless Mode pop-up menu, and choose the same channel as the main base station from the Channel pop-up menu.
    o Click WDS and choose “WDS remote” from the pop-up menu.
    o Enter the AirPort ID of the main base station in the WDS Main field.
    o Click Update to transfer the settings to the base station.
    Relay Base Station Setup - AX #2
    o Click the AirPort status menu in the menu bar to join the wireless network created by AX #2.
    o Open AirPort Utility.
    o Select AX #2, and then, choose Manual Setup from the Base Station menu.
    o Click AirPort in the toolbar and click Wireless. Choose “Participate in a WDS network” from the Wireless Mode pop-up menu, and choose the same channel as the TC from the Channel pop-up menu.
    o Click WDS and choose “WDS relay” from the WDS Mode pop-up menu.
    o Enter the AirPort ID of the TC in the Main AirPort ID field.
    o Click the Add "+" button and enter the AirPort ID of AX #1.
    o Click Update to transfer the new WDS settings to the relay and remote base stations.
    (ref: Pages 42-46 of "Designing AirPort Networks.)

  • Ospf in small network and cannot ping remote subnet

    OSPF all interfaces would be network 0.0.0.0 255.255.255.255 area 0

    Attached you can see a diagram of my small network. Both PC's can ping each interface on the router they are connected to. The two routers can ping each other. There are no acl or nat statements. All interfaces are up,up.All subnet masks are /24 unless identified as another.Using ospf, I wanted to advertise the all networks so the node on the left 192.168.2.50 can ping 192.168.3.50.On router4 I did:#router ospf 1#network 10.11.12.1 0.0.0.0 area 0On router5 I did the same but with network of 10.11.12.2Both routers took the ospf, but I still couldn't ping from laptop to laptop. I thought by doing those commands the other interfaces on the router would see the advertised network and would be able to route across it?
    This topic first appeared in the Spiceworks Community

  • Small network

    Probably not the best place for this post, but probably where I'll find the best people to answer my question.
    The problem... I wish to set up a very small network to use a printer and external drive with a wireless MacBook. without spending too much money.
    The MacBook (obviously) roams the house on a wireless connection. The DLink router sits handily in the cupboard under the stairs. I would like to place my printer and external drive under the stairs with the router and for them to be wirelessly accessable from the MacBook.
    The solution that comes to mind is to buy a Mac Mini for under the stairs and connect everything through this. But that seems a terrible waste of a Mini (and more inportantly Money!)
    Any better ideas of how to acieve this would be very much appreciated.
    With thanks,
    David.

    The mini will work and in fact has one advantage over the Apple Extreme Base Station but I think the AEBS is a better solution over all. The AEBS can share USB hard drives and with a USB hub it can share several. My wife and I each have our own for backing up and a third for our music and video collection. The AEBS can also share network printers and some USB printers. The last time I looked, the list of compatible USB printers hadn't been updated by Apple for quite some time, but network printers have really dropped in price. This is the sole advantage of a mini - you could hang any printer you wanted off of it.

  • Small Network Issue

    I have a small network with Time Capsule TC and two Airport Express bases AX.
    Everything seems to be working fine, but it makes me crazy to see the Status light of the AXs blinking constantly.
    In Airport utility all the base stations show Green Status light, but in the actual AX bases the Status light is blinking yellow, it has wireless Security WAP2.
    In other words: what can I do to have AX light solid green?
    Thank you

    #!/bin/bash
    export BROWSER=firefox-aurora
    export DE=xfce
    exec ck-launch-session dbus-launch openbox-session
    openbox autostart makes no references at all

  • WRT1900AC being used in small network

    I've been using the WRT 1900 AC in a wireless configuration to support one laptops wireless internet access.  Now I'd like to add it to a small network consiting of a laptop that is hard wired to network along with 10 other workstations all wired through a Cisco switch to a file server.  Ther file server provides DNS, DHCP and Active Directory services along with access to system files.  I've attached the WRT 1900 AC to the network via the Cisco switch using port 1 for the Ethernet connections.  My problem is on the laptop I connect wirelessly to the WRT1900AC and can access the internet however I can't access the file server and when I can access the file server I can't access the internet.  In my network settings I see two networks.  One for the WRT1900AC that shows internet access and one for the file server that shows no internet access.  I'm pretty sure there's a problem with where the laptop is getting it's IP address assigned from depending on what it can access.  I've tried connecting the router directly to the file server and turning on ICS for that port on the server.  The server can then connect to the internet but the wireless laptop can't.  I haven't really messed with the other workstations but assume I'll have to do the same thing with them after I determine what needs to be done with the laptop. 

    Active Directory is heavily meshed with it's DNS Server and it's DNS registration.
    The Linksys Smart Wifi firmware is designed to DNS proxy www.linksyssmartwifi.com to Linksys Cloud servers for Smart Wifi services like remote access but it also does this for local access to the router's UI.
    If you specify your Active Directory DNS server in the DHCP settings to pass to the client devices AFAIK when you look on the client devices their DNS servers will always be 192.168.1.1 instead of your Active Directory DNS Server.
    This breaks DNS registration and causes issues with Active Directory services and DNS resolution.
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

  • Need a product recommendation for small network

    Hello All!
    I just started a small computer and network consulting company (in addition to my "day job"). I work for a huge company with several hundred sites, all Cisco networking of course. I am also setting up a small network and computer consulting company to do on the side and will be dealing with small companies and helping them with their network needs. Anyway, I am looking for a entry level Cisco product because my Linksys just isn't going to cut it any more. I want to set up 3 servers and I currently have 5 static IP's from Comcast. I want something that would operate like a PIX515 firewall but that would obviously be overkill for what I am doing. I want the capability to set up port forwarding to the inside from my 5 external IP's. Wi-Fi isn't critical but would be a "nice to have" if it didn't cost too much more. What would be a good product for my needs? I want a NICE CISCO product but not an EXPENSIVE one, either. I am also interested in certification and possibly becoming a VAR soon. Any pointers would be much appreciated.
    Thanks,
    --GREG--

    I would steer clear of the 500 express. Since you seem to be new to cisco products, I would use the opportunity and buy what most of your potential customers already have. Get yourself a pix/asa and a 2900 series switch as first poster suggested. If you are interested in certifications, you will need to learn the command line interface. The 500 express will do you no good as it is all gui. This is only my opinion of course. Oh, and did I see not expensive and cisco in the same sentence. :)

  • Need configuration exmamples for 3560 small network

    Hello,
    I'm currently doing some lab exercises in Packet Tracer.
    I'm trying to setup a small network with 2x 3560 switches and 3 vlans. 1 vlan for network management, one vlan for servers and one vlan for users.
    I'm running into issues where my lab exercises don't seem to work properly, and i'm not sure what im doing wrong. I learn fairly well "by example" and was wondering if anyone can point me to some examples of such a setup.

    further, here is the layout of my lab and the packet tracer file.
    here are the configs of my 2 3560. i've cut out ports no important to the lab
    CORE 3560
    Current configuration : 1399 bytes
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    hostname CORE
    ip routing
    no ip domain-lookup
    interface FastEthernet0/10
    switchport access vlan 10
    switchport mode access
    interface GigabitEthernet0/1
    description link_to_closet_switch
    switchport trunk allowed vlan 1,10,20
    switchport mode trunk
    interface Vlan1
    ip address 192.168.1.1 255.255.255.0
    interface Vlan10
    description server_vlan
    ip address 192.168.10.1 255.255.255.0
    interface Vlan20
    description user_vlan
    ip address 192.168.20.1 255.255.255.0
    ip classless
    ============
    CLOSET 3560
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    hostname CLOSET
    ip routing
    no ip domain-lookup
    interface FastEthernet0/10
    switchport access vlan 20
    switchport mode access
    interface FastEthernet0/11
    switchport access vlan 20
    switchport mode access
    interface GigabitEthernet0/1
    description link_to_core_switch
    switchport trunk allowed vlan 1,10,20
    switchport mode trunk
    interface GigabitEthernet0/2
    interface Vlan1
    ip address 192.168.1.2 255.255.255.0
    interface Vlan10
    description server_vlan
    no ip address
    interface Vlan20
    description user_vlan
    no ip address
    ip classless
    line con 0
    line vty 0 4
    login

  • New hardware - revisiting dns/dhcp on small network

    I'm trying to replace a failed SMC wireless router with a new Airport Extreme Base Station on our small network.
    The network consists of OSX Server 10.4.x running on a G4, 6 wired client machines, and the occassional wireless client. Things were working fine with the old router, but web activity was sluggish, which I blamed on the router (but now suspect was due to my dns config). The router's wireless function broke, thus the effort to replace with Airport.
    When things were working, I had the router dishing out ip addresses via dhcp, OSX Server was running DNS for its internal needs and to resolve for a few of our services that are hosted elsewhere.
    The server machine was manually configured to look to the wireless router for routing , and look to itself for DNS. DNS could properly lookup and reverse lookup the server name from all machines.
    Clients were configured to pick up ip addresses via dhcp, and dns from the server.
    This worked, albeit web surfing was sluggish.
    I had assumed dns requests were going through the OSX Server machine, which would in turn send them via the router address to my isp's dns (assuming its not one of the few records in my internal dns).
    What I am suspecting now is that the client machines, when my server dns could not resolve a domain name, would turn directly to the isp's dns. I guess the dhcp would have supplied this info??? In other words, the OSX Server dns was not looking outside itself to resolve a name for which it didn't have a record.
    Anyway - I feel like my problem lies somewhere in the server's dns. Question: How that the OSX Server dns resolve a request for which it does not have a record? Does it need an entry for an external dns it can forward the request to? Or does the ip address in the Network config's "Router" field cover that?
    Many thanks.

    As you are using "advanced services" in the server you should use only the server (internal private IP) DNS on your server LAN. Don't use any public DNS as they don't know your LAN private IP machines names or domainname.
    The DHCP server in OS X should be setup to send out only the server IP for DNS to LAN clients and using the server DHCP it's possible to send LDAP info to clients too (you don't have to manually set directory services on each client to find your server).
    In 10.5 Apple has provided the possibility of settig up DNS forwarders in the DNS GUI, in previous versions you have to enter them in /etc/named.conf "by hand" using the terminal (pico/nano).
    Forwarders (usually your ISP DNS IPs) speed up dns lookups.
    As it sounds like you are reusing your public domainname internally you seem to already have setup you public IP services too. This is neccessary for LAN clients to be able to find them as any domains configured in your local DNS will make the DNS server think it's the SOA (?) for those domains and it will not try to forward any requests/lookups for those to any external public DNS (DNS root servers or ISP DNS/forwarders).
    If you have another static IP machine/server on your LAN you can make it a slave DNS so LAN clients can get at Internet if your server is temporarily down.

  • Connecting a 2950 Switch to an existing small network

    Wondering what's the best way to connect a 2950 Switch to an existing small network. It consists of a few computers on just basic old Linksys switches, but there's only 1 network cable going to the back room, where we have several computers that need to access the internet. I've had a spare 2950 kicking around (RMA from a customer, all ports work but a good bunch of them do not light for some reason) that I'd like to just connect to the existing network line in the back room and have it piggyback essentially so all the machines in the back room can have internet access.
    I'm just wondering how I should go about wiring and setting up this switch to work properly, as it's been awhile since I've done this, and the last time I did, it was with the ancient 1900 series switches :).
    Thanks in advance for any help.

    Hello,
    basically, it depends on if you have different VLANs implemented in your current network or not. If not, you could just connect the 2950 to one of the Linksys switches, using a crossover cable. The default VLAN for all ports on the 2950 is VLAN 1, so all you have to do is plug your computers into the (working) ports of the 2950, without configurung anything else.
    HTH,
    GP

Maybe you are looking for

  • Error message when downloading itunes 9.2

    Hi, when am downloading itunes 9.2 i am getting the error message F:\Itunes.Resources\pt_PT.Iproj\iphoneRestore.nib\objects.xib. Verify that you have access to that directory. Can anyone help please what i am suppose to do.

  • Problem while selecting data from external tables

    Hi All, I am facing a problem with external tabels. I have created an external table create table ext_org_table ( id varchar2(10) , name varchar2(100) ,id_parent varchar2(10) ,name_parent varchar2(100)) organization external ( type oracle_loader defa

  • Deleting Duplicates in iTunes following 7.7 download

    download of the new version was not successful, with resulted in me having to create my library again. Upshot is that I now have 6500 duplicate files, does anybody know a shortcut that would delete have them - will take ages to hand select each one.

  • Omit few items from GI print out to production (Mvt: 261)

    Hi Experts, I need to omit few items (packing items) from the print out after issuing materials against a Production order (mvt: 261). The reason is each FERT material has hundreds of components in the BOM, and the packing items are in majority. They

  • Installing iso images from CD

    Very green user to Solaris, I use Linux. I've heard so much about Solaris that I wanted to try it. I burned the iso images to CD. Must I boot from CD to install or do something else? This is Solaris 10 on the x86 platform. Please reply to [email prot