What's new

Help networking a school

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gerlos

New Around Here
Hello,
I'm (re)building a network for a small school. As a Linux sysadmin, I don't have much hands-on experience with networking hardware (I usually step in once the metal is in place), so sorry if my questions might be trivial.

The school is in a single-floor, roughly T-shaped building, with concrete walls. There are 5 office rooms on the short side of the "T", and 4 big classrooms aligned in a row on the long side (building is approx 30 m x 60 m).
Current situation is messy and difficult to manage, so I'm going to replace most of the gear.

I'm asked to provide two wifi networks that should work everywhere. First one (let's call it "BackofficeWifi") should be used by both teachers and employees, that need to use network printers and a file server.
Second one should be used by students (let's call it "StudentsWifi") and should be able to use a second file server. Both groups of users should be able to surf the Net.

Rooms are already cabled with Cat 6 cables, connected to a 24-ports Netgear JGS524E managed switch, placed in a small room at the intersection of the "T", with the main file server that acts also as a DNS and DHCP server.

How would you setup this network?

I think we could get 4 or 5 wifi access points (one each 2 rooms), wire them to the switch, and setup them to broadcast two wifi SSIDs on two different VLANs - I've read that some AP can broadcast several SSIDs and put them on different VLANs.

Is this VLAN tech somehow "standard", or vendor-dependent? For example, current VLAN features on current Netgear switch will work with access points from other vendors?

Once I put "StudentsWifi" devices on a different VLAN than "BackofficeWifi", should I put there a DHCP server too? (I can use the second file server for the purpose)

To allow roaming between the APs I should disable automatic channel selection and set different channels on each device, right?

School hardware is quite recent so it will use the 5GHz wifi, but since a few teachers sometimes bring their older laptops, I need to keep on also the 2.4 Ghz wifi.

Looking around in my area I found these access points that seems to support multi-SSID and VLAN - are they good for this project?
- TP-Link CAP300
- Netgear WAC505B05

I've seen also that those APs use get power from PoE - should we replace the current switch to get one that provides PoE? Alternative options?

Thanks in advance,
gerlos
 
You don't really state how many active sessions you need per wireless unit. I run Cisco WAP571 wireless units at home and I believe they will support 64 sessions per unit multi-SSID and VLAN aware. If you need more active sessions per unit the Cisco WAP581 wireless units will support 256 active sessions per unit.

The other thing you don't mention is if you need to setup your switches for video on a one to many setup to save bandwidth. There is both a layer 2 method and a layer 3 method. In classrooms some time the whole class room watches the same instructional videos.
 
Thanks for your answer.

You don't really state how many active sessions you need per wireless unit.

Each classroom accommodates no more than 25 students, and teachers + employees are 12. My best guess is that there won't be more than 100 devices connected at the same time to any access point. I expect half of them to be active on average.

The other thing you don't mention is if you need to setup your switches for video on a one to many setup to save bandwidth. There is both a layer 2 method and a layer 3 method. In classrooms some time the whole class room watches the same instructional videos.

Good point, I haven't considered that. Most frequent use case is teacher's laptops (that should be connected to "BackofficeWifi") that play videos pulled from the server or from Youtube. But it doesn't happen very often - usually they just show PDF or Powerpoint slides or show local spreadsheets or documents.
Specific video setup may be overkill.
 
For the DHCP, couldn’t you use a server with dual nics?

Yes, I could. Since there's already a server for "StudentsWifi", I thought it would be easier and more reliable to simply put a separate DHCP service there (both the servers are running Ubuntu 18.04, and configuring dnsmasq as a basic DHCP server is only a matter of minutes).
 
The way i see this, your school only needs 4 APs. One in the central area, and one at the central are of each side of the T. Set 5Ghz to max, and adjust the 2.4Ghz power accordingly so that they cover all areas but overlap little.

The wifi bandwidth is limited by physical space and clients, not the AP. If you put 2 APs in the same area they wont double the available wifi bandwidth if they encroach upon each others operating frequencies, not to mention that you could end up having neighboring wifi as well.

Both the listed wifi APs are terrible. I would go with either higher end cisco or ubiquiti but you can consider asus if you dont need the features others offer, mikrotik would be great if you have the skill available for it. MU-MIMO would greatly help in a school environment.

There are 2 ways you can solve the problem. Go with plentiful of cheaper basic APs like ubiquiti or a mesh based system with wired backhaul, or go with fewer but pricier enterprise APs like ones that cisco offer that have impressive features and performance.

The other question you need to answer is, how much speed do the students need. Are there any lessons that require students to access shared resources? submit work over wifi? Or are they kids that shouldnt be on the tablets? You will need to assess how much speed is required, and how much range as you cant have both, so make sure to tweak the transmit power and frequency to get the best out of your setup, and make sure to place the APs well to avoid so much overlapping but also to cover every area. As long as a phone can reliably use the wifi you'll just need to make sure it can survive the bandwidth needed.

Multi NIC + managed switch = bonded links for faster speeds on the same network. Wireless AC practically does half a gigabit NIC which is also commonplace. You can also set it up as backup links or separate physical networks as well if you're into that kind of segregation. I usually just go straight to either 4 ports or 10Gb/s. If your PCs have multi NICs, use it all.
 
The way i see this, your school only needs 4 APs. One in the central area, and one at the central are of each side of the T. Set 5Ghz to max, and adjust the 2.4Ghz power accordingly so that they cover all areas but overlap little.

Thanks for your answer, it seems a good idea. I'd actually prefer to manage a smaller (but still effective) number of devices.

Both the listed wifi APs are terrible. I would go with either higher end cisco or ubiquiti but you can consider asus if you dont need the features others offer, mikrotik would be great if you have the skill available for it. MU-MIMO would greatly help in a school environment.

There are 2 ways you can solve the problem. Go with plentiful of cheaper basic APs like ubiquiti or a mesh based system with wired backhaul, or go with fewer but pricier enterprise APs like ones that cisco offer that have impressive features and performance.

I must admit I'm quite confused with current market offer - that's why I first asked to a local supplier that suggested me those devices.
I didn't knew of Ubiquiti. Their Unifi products seem interesting and prices affordable.

Only thing that leaves me uncertain is that (as far as I understand) their Unifi APs seem to need a controller software running on a server to work. Will they still work if something goes wrong with the server? I mean, if something break on the main server I know I can quickly spin a new dnsmasq server and restore basic network functionality without any other issue while I'm working on the main problem.
What would happen in such to situation to those APs?

The other question you need to answer is, how much speed do the students need. Are there any lessons that require students to access shared resources? submit work over wifi? Or are they kids that shouldnt be on the tablets?

Students are post graduate professionals, and shared files are just PDFs, spreadsheets and text documents, so there's no need for high speed. They are asked to fill forms from our website and upload their works, but only occasionally.

While teachers may need to move around lots of files, or upload or download videos, for students use we actually value more reliability and compatibility than speed.
 
Last edited:
If it was me I would look at the Cisco WAP581 wireless units. They are designed for coffee shops and small businesses handling lots of connections. Using single point setup you can cluster up to 16 WAP581 units which will run as one. They are probably best setup using 2.5 gig connections which will require a 2.5E switch. You could start with one gig and if you run out of bandwidth then go to the higher performance switch. It depends on your needs. Setup your VLANs to segment traffic and assign an SSID for each VLAN. If you use Cisco switches like I do you can control access for the network devices using ACL, access control lists, so you can restrict student access.

If you need something greater than the Cisco WAP581 units you need to look at PRO wireless gear.

And remember wire is your friend and will make your life easier by using more of it instead of wireless connections. Anything which does not move put a wire on it. Wire runs better and faster with less maintenance period.
 
Last edited:
Thanks for your answer, it seems a good idea. I'd actually prefer to manage a smaller (but still effective) number of devices.



I must admit I'm quite confused with current market offer - that's why I first asked to a local supplier that suggested me those devices.
I didn't knew of Ubiquiti. Their Unifi products seem interesting and prices affordable.

Only thing that leaves me uncertain is that (as far as I understand) their Unifi APs seem to need a controller software running on a server to work. Will they still work if something goes wrong with the server? I mean, if something break on the main server I know I can quickly spin a new dnsmasq server and restore basic network functionality without any other issue while I'm working on the main problem.
What would happen in such to situation to those APs?



Students are post graduate professionals, and shared files are just PDFs, spreadsheets and text documents, so there's no need for high speed. They are asked to fill forms from our website and upload their works, but only occasionally.

While teachers may need to move around lots of files, or upload or download videos, for students use we actually value more reliability and compatibility than speed.
Ubiquiti doesnt require the controller software to function, it is optional. They are usually trying to sell their bundle which isnt a good deal especially if you need internet speed. The controller is like an enterprise based SNMP management software if you've ever used one before like spiceworks for example but more specific with different GUI and functions, it is not required for the device to function.

You might think PDF files are small, but if you dealing with post graduates you are talking about 1MB at least per PDF. Now lets say an entire class of 20 people needed to go to a website and download a 2MB PDF file at the same time, the website itself could be 1MB (usually more), that means simultaneously you are hitting 30MB on top of everything else going on around the AP at the same time which while 30MB may seem small, can still cause losses if your AP is not up to the task of handling different loads. You can also set up a cache server to reduce your WAN loads. You have to remember, these students may also hang out at the establishment outside class times, they may be sitting and doing work and dealing with personal things online, so bandwidth use is gonna be far far more than you project.

The local supplier is paid to market some devices over others, not to cater to your well being. If the device is unreliable or crap but the brand has paid the dealer to exclusively recommend it (or perhaps he gets a good deal from them), then he will suggest those devices without understanding the requirements of enterprise networking. From my experience, netgear isnt reliable (can you believe i have to restart their basic simple modem every 2 months for being in modem mode, + bugs from GUI to config it properly). Some netgear devices like their prosafe switch line are reliable though but still suffer from firmware bugs. Mine would die if i turned on jumbo frames.
 
Thanks,

Ubiquiti doesnt require the controller software to function, it is optional. They are usually trying to sell their bundle which isnt a good deal especially if you need internet speed.

So one might install their software controller on a server to setup the devices and forget of it, isn't it? (Assuming one doesn't want to monitor network status)

You might think PDF files are small, but if you dealing with post graduates you are talking about 1MB at least per PDF. Now lets say an entire class of 20 people needed to go to a website and download a 2MB PDF file at the same time, the website itself could be 1MB (usually more), that means simultaneously you are hitting 30MB on top of everything else going on around the AP at the same time which while 30MB may seem small, can still cause losses if your AP is not up to the task of handling different loads. You can also set up a cache server to reduce your WAN loads.

Good point. Do you think I can mitigate the problem adding a couple more APs later on?

Most of the times students download or upload files to a Samba shared directory on our file server, so most of the traffic happens in our LAN (on the subnet we set up for students).
We already have a Squid proxy configured on our server to cache WAN traffic, but with more and more websites switching to HTTPS nowadays it's a lot less useful than in the past.

The local supplier is paid to market some devices over others, not to cater to your well being. If the device is unreliable or crap but the brand has paid the dealer to exclusively recommend it (or perhaps he gets a good deal from them), then he will suggest those devices without understanding the requirements of enterprise networking.

That's a common problem - that's one of the reasons I've asked here. ;-)

About Ubiquiti access points Vs Cisco ones - as far as I understand, there seem to be big differences in prices, and I suppose there should be good reasons for this. But, are the Ubiquity ones "good enough" to make any difference negligible for our use case?

From my experience, netgear isnt reliable (can you believe i have to restart their basic simple modem every 2 months for being in modem mode, + bugs from GUI to config it properly). Some netgear devices like their prosafe switch line are reliable though but still suffer from firmware bugs. Mine would die if i turned on jumbo frames.

In our experience our Netgear Prosafe switch worked flawlessly for more than a year. But it was a very basic configuration.

Could we use its VLAN features with either Cisco or Ubiquity APs? Is VLAN configuration vendor-dependent?

And what about PoE?

Thanks again
 
Thanks,
So one might install their software controller on a server to setup the devices and forget of it, isn't it? (Assuming one doesn't want to monitor network status)
Thanks again
I dont think they have one for PCs but you could check, however their controller isnt very useful if you can configure things yourself individually and just use a software for central SNMP.
Thanks,
Good point. Do you think I can mitigate the problem adding a couple more APs later on?
Thanks again
You could but the thing about APs is less is better. More to the point of coverage and preventing frequency overlaps, so if you dont have a lot of wifi neighbours you can add more APs for more bandwidth. MU-MIMO will help a lot, so for example 4 channel MU-MIMO wifi AC, qualcomm is doing better than broadcom here for wifi chipsets for APs.
Thanks,
Most of the times students download or upload files to a Samba shared directory on our file server, so most of the traffic happens in our LAN (on the subnet we set up for students).
We already have a Squid proxy configured on our server to cache WAN traffic, but with more and more websites switching to HTTPS nowadays it's a lot less useful than in the past.
Thanks again
sounds like you'll need the wireless bandwidth. If you dont have neighbours you can double your APs and use cisco or another mesh system as ubiquiti doesnt have this. you can also wire rooms too. Having a squid proxy cache is good, but you can also cache more things. You can also hijack some traffic and redirect them to local resources which can also help to avoid issues with hardcoded applications/devices. DNS and NTP are the main things you can redirect but theres also plenty more things you can cache such as steam for those that use it, and many other applications. Example here https://linustechtips.com/main/topic/962655-steam-caching-tutorial/ but it applies to many other specific applications like windows updates as well. there are articles and a list of applications.
Thanks,
That's a common problem - that's one of the reasons I've asked here. ;-)
About Ubiquiti access points Vs Cisco ones - as far as I understand, there seem to be big differences in prices, and I suppose there should be good reasons for this. But, are the Ubiquity ones "good enough" to make any difference negligible for our use case?
Thanks again
For more bandwidth, if you have the airspace you can deploy more devices, ubiquiti lacks mesh last time i checked. MU-MIMO and mesh along other enterprise goodies is something the pricer cisco does a lot better and provides. I suggest you way price and benefits (APs with different names vs single AP name and seamless balance along with enterprise features you rarely get on other APs)
Thanks,
In our experience our Netgear Prosafe switch worked flawlessly for more than a year. But it was a very basic configuration.
Could we use its VLAN features with either Cisco or Ubiquity APs? Is VLAN configuration vendor-dependent?
And what about PoE?
Thanks again
Netgear prosafe works well, the hardware is solid, firmware however has a few bugs in some features but you should have no issues with vlans just as long as you arent hitting the hardware limits. The only feature i had issue with was jumbo frames out of all the features the switch has. The prosafe line isnt really a consumer product from netgear, the consumer products from netgear are overpriced and crap.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top