Network problem

[SLY_Z_28]

Hey guys, noob here.

I have a network of 10-15 computers. So its a Class C address, correct? that starts with 192.xxx.xxx.xxx. Will i need to subnet this small of a network? How would one go about doing so?

There are wired computers, and 2 wireless routers. One for the public and one for a staff meeting room.

[YeOldeStonecat]

You have room to add more than 225 more computers and it'll still be fine as a class C. No reason to subnet.

However....I'd recommend making a VLAN for your wireless "public" guests, so they can't cause problems with the main business network. A simple managed switch that can do port based VLANs would be able to do this. Or, depending on your access point...some of them support a feature which can VLAN each wireless client.

[SLY_Z_28]

You have room to add more than 225 more computers and it'll still be fine as a class C. No reason to subnet.

However....I'd recommend making a VLAN for your wireless "public" guests, so they can't cause problems with the main business network. A simple managed switch that can do port based VLANs would be able to do this. Or, depending on your access point...some of them support a feature which can VLAN each wireless client.

I was going go to go with these two wireless devices listed below, but if i only went with one because i can make a VLAN with the Cisco SRW2024, which one would you recommended?

Cisco RVS4000
Cisco WAP4400N

[bilbus]

i think you mean 192.168.x.x, but there is no point in subneting it into anything smaller.

You can do a vlan for the wireless, or another subnet. If you router supports a second subnet that may be the easiest way.

[YeOldeStonecat]

I was going go to go with these two wireless devices listed below, but if i only went with one because i can make a VLAN with the Cisco SRW2024, which one would you recommended?

Cisco RVS4000
Cisco WAP4400N

The SWR2024...that'll take care of your VLANs easily...probably the quickest and easiest way to keep the network simple and securely separated.

Router to port 1 of the switch, primary network into ports 2-20 of the switch.

Ports 2-20 making up VLAN 1, which also has port 1 as a member.
Port 21 ...create VLAN 2, also make port 1 (the router) a member of that VLAN 2.

For "budget" access points, I've had the best success in using the wrt54gl routers....flashed with DD-WRT or Tomato firmware, configured in access point mode. And if you need good range...replace the stock antennas with a pair of extra long high gains.

The wap4400 models....I've used them before...they're OK for internet access, but under higher traffic seem to get flakey.

[SLY_Z_28]

i think you mean 192.168.x.x, but there is no point in subneting it into anything smaller.

You can do a vlan for the wireless, or another subnet. If you router supports a second subnet that may be the easiest way.

FYI, this is a small business, would that change the IP addressing scheme? Why not a random range from 192.0.1.1 to 223.255.254.254? Say 199.1.30.0 so i can increase security and remember that specific business?

[YeOldeStonecat]

I usually make business networks a bit different than 192.168.0.x or 192.168.1.x....only due to possibility of remote users VPN'ing in from home. Most home routers are 192.168.0.xxx or 192.168.1.xxx. VPN setups usually prefer different IP ranges. Easier to build the main office network on a different setup than go and try to change a dozen home users home routers after the fact.

For security purposes...it doesn't really have one. Your network is hidden behind NAT, those IPs aren't seen. The fact that its 192.168.1.xxx or 10.50.10.xxx is irrelevant to security.

[SLY_Z_28]

The SWR2024...that'll take care of your VLANs easily...probably the quickest and easiest way to keep the network simple and securely separated.

Router to port 1 of the switch, primary network into ports 2-20 of the switch.

Ports 2-20 making up VLAN 1, which also has port 1 as a member.
Port 21 ...create VLAN 2, also make port 1 (the router) a member of that VLAN 2.

For "budget" access points, I've had the best success in using the wrt54gl routers....flashed with DD-WRT or Tomato firmware, configured in access point mode. And if you need good range...replace the stock antennas with a pair of extra long high gains.

The wap4400 models....I've used them before...they're OK for internet access, but under higher traffic seem to get flakey.

Excellent explanation, that gives me a great idea now whats going on, thank you again.

Another question, If i wanted to incorporate VPN, I know that i cant use something that has the same IP range. So if my business network starts with 10.1.30.0...I could use 192.168.1.1. for associates and 172.0.1. for my home network that i can connect to?

[YeOldeStonecat]

Another question, If i wanted to incorporate VPN, I know that i cant use something that has the same IP range. So if my business network starts with 10.1.30.0...I could use 192.168.1.1. for associates and 172.0.1. for my home network that i can connect to?

[SLY_Z_28]

The SWR2024...that'll take care of your VLANs easily...probably the quickest and easiest way to keep the network simple and securely separated.

Router to port 1 of the switch, primary network into ports 2-20 of the switch.

Ports 2-20 making up VLAN 1, which also has port 1 as a member.
Port 21 ...create VLAN 2, also make port 1 (the router) a member of that VLAN 2.

For "budget" access points, I've had the best success in using the wrt54gl routers....flashed with DD-WRT or Tomato firmware, configured in access point mode. And if you need good range...replace the stock antennas with a pair of extra long high gains.

The wap4400 models....I've used them before...they're OK for internet access, but under higher traffic seem to get flakey.

I checked on the DD-WRT and there was a lot of info there. I also checked on tomato too.

Now i just want to confirm, the public wireless will be controlled by the switch with VLAN as you recommend earlier but if the switch is not close to the public, will DD-WRT or Tomato Firmware take care of that distance and let it connect wireless? Or would i use a remote base station like the Cisco Aironet 1140? Would the 1140 need its own static IP?

[SLY_Z_28]

anyone?

[bilbus]

FYI, this is a small business, would that change the IP addressing scheme? Why not a random range from 192.0.1.1 to 223.255.254.254? Say 199.1.30.0 so i can increase security and remember that specific business?

192.168.x.x is a valid private range .. 192.0.x.x is owned by someone.

You can not just choose random ip addresses for your network, most of these addresses are owned.

For access points i like dlink 3200APs, much more powerful then linksys models. They are entry level buisness class WAPs so they dont lock up like the home grade linksys ones.

By far the easiest solution is to have two networks (or vlans .. but vlans can be complicated if you have not done them before)

and two access points (or 1 AP if you use a vlan and multi ssid on the dlink APs) plug each ap on the appropiate network.

I would guess the less secure network has a its own internet connection, or your router has a seperate interface.

[bilbus]

in his example the switch just controls access.

The AP is what users will connect to, and that is pluged into the switch.

The vlans on the switch just prevent the office vlan from talking to the public vlan .. and vice versa