What's new

Home Office Network build - advice needed

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

timkwhite

New Around Here
I am about to upgrade my home network and would like to add functionality and robustness. My wife and I both work from home on occasion and I have a side business with lots of files that need to be transferred within the network. I have wired gigabit to the desktops and have wireless throughout the house but I am relocating the office (new baby on the way) which is forcing a complete redo of the network. I am locating the modem, router and server in the basement and would like to place an access point to cover the whole house (have the spot already, just need to run the wire).

I currently have a Netgear WNDR3700 which works great but I moved it to the basement and the signal strength just isn’t enough for the second floor (didn’t expect it to work, so not surprised). I haven’t had any issues with it other than some firmware update snafoos (user error).

Here are my needs.

Router with VPN (SSL and/or IPsec is fine). Needs to have at least 1 client license if IPsec.
Either wireless G or a dual radio for N. (Most likely will go with G and then add N later – not enough clients around the house to justify the N only a/p). Needs to be PoE capable.
Gigabit switch with 8 or more ports – PoE for access point.

We need to stream live video feeds to the internet (wife teaches online classes) and I need to be able to transfer lots of large-ish files (hundreds of MB’s, not GB’s) and stream music and movies to the old xbox in the living room (which is wired). The VPN will be a nice to have when I want to either access files or transfer them to my home server while away. Our connection to the interwebs is cable (8 down, 1 up), so nothing super fancy is needed on the router side.

Here is my plan.

Netgear FVS318G router
Netgear GS108P switch
Netgear WG103 access point

I don’t know if I am going overboard with the above or if lesser priced/consumer products will be sufficient. Do you think I am going to high on the products for my needs or will these business class components provide the stability I desire more so than the consumer products?

Thanks in advance for your thoughts.

Tim
 
Is there a reason Why you choose to utilize Netgear?

A couple reasons:

1. I have always used and had excellent results with netgear products.

2. The pricing of similar 'systems' from Cisco Small Business and the like were more expensive when totaled.

3. I like to keep the same brand in related systems to eliminate any interplay issues that may arrise.

4. I like they way they look - business like.

That last one may be completely useless, but I guess that is the way I am.

Tim
 
Finding a bundled IPsec client is getting tougher. NETGEAR used to bundle one license of its IPsec client with its IPsec capable routers. Not sure if they still do, so I'll check.

Cisco RV0XX series models are popular, but the bundled quick VPN app they bundle isn't a full IPsec client. See this.

Commenters in our review report stability problems on the FVS318G. I can't speak to long term use since I don't use it regularly.

Requiring PoE AP support limits your choices. You don't necessarily get better performance or stability from "business" APs. You do get more admin options (command line via SSH / Telnet) and access to more settings that you probably don't need.
 
Tim H,

Thanks for pointing out the user reveiws... never even noticed them before. Looks like the odds are against the FVS318G.

You are most likely right about not needing the business class components as I do not need to create multiple VLAN's, etc. I guess I was looking at it from a longevity standpoint and to me that means business class type items.

The PoE is needed but I am looking at a PoE injector as I only need 1 PoE port and there are nice, affordable solutions available.

D-Link, TrendNet and Netgear all have PoE capable acess points but I am not sure about their individual reliabilities (it seems ALL access points get poor reviews for reliability). I know I had to reset my modem every week until I put an APC on it... no issues since. One more reason that I am looking to keep all the components in the same manufacturer is consistency of interface. It makes a differnece when there is an issue.

After doing a lot of reading last night, I think I am sold on the SSL VPN, which limits my choices even further. Netgear does incude a IPsec license with most of their VPN capable routers, but not all. Cisco's non-standard implimentation does scare me off a bit.

Back to the drawing board.

Tim
 
Tim W,

Have you looked at the Netgear UTM range? The UTM5 (which I have at home) will provide SSL VPN and more "protection" features (with the subscription) for a similar price to the FVS318G.

I run a D-Link DAP-2553 (Wireless N capable) with a separate VLAN for guest access (mobile phones) and laptops.
 
Mr. Fixit,

Yes, that is the model I am currently looking at. I know there are a bunch of features that I will not need but it is less than the prosafe FVS336G and doesn't give up anything except the IPsec VPN license, but I will be using the SSL VPN.

I am also intruiged as it will mount in a rack... something that I have been wanting for my server and network. My day job has a few racks they are getting rid of so I should be able to get one for free. Now if they will just fit in the basement!

Current plan is as follows:

Netgear UTM5 Router (without the security subscriptions - not needed)
Netgear JGS516 16 port gig switch
Netgear WNDR3700 as access point

I have figured out a way to locate an access point near power and so this will definetly help as the PoE switch and PoE Access Point are no longer needed. The WNDR3700 has sufficient range for full coverage so no need to replace it for now.

Any additional thoughts from the group?

Thanks,
Tim
 
This may not meet your needs, but building your own pfSense box (generally with things you can find around the house...) will give you IPSec ( and OpenVPN, PPTP ), and a set of security packages like IDS, Proxy server, Anti-Virus, QOS, and various forms of blocking and routing capabilities beyond that of a mere mortal router. All without a subscription.

There is a series of articles here on SNB about building a DIY low power router.
 
GregN,

That is very intriguing... and right up my hobbiest ways. Having a UTM without the subscription costs, while most likely not as comprehensive as the commercially available products, for our SOHO sounds great.

I was up way too late last night reading all that I could find on DIY UTM's and pfsense. I have a queston from your Cerberus build...

Why did you add the 3rd NIC to the UTM appliance? Couldn't you have just used a switch and connected the A/P to that? I belive you added a switch for guest LAN access anyway... confused as to why you went that route. Any help would be greatly appreciated.

A quick look around the web and SMB and I think for the UTM I would need the following.

M/B and CPU (most likely Atom based)
Dual NIC's (WAN and LAN)
RAM
Hard Drive (I have a 160GB 2.5" Seagate... I think that should be sufficient)
1U case (for my hobbiest home rack and it looks cool :) )
No DVD/CD as I will install via USB
External Switch for the LAN
A/P - current router (WNDR3700)

This will be a bit more than the Netgear UTM5 or equivalent but without the subscription costs and will be more than sufficient for my needs.

Thanks again for all the help, this is a great resource.

Tim
 
Why did you add the 3rd NIC to the UTM appliance? Couldn't you have just used a switch and connected the A/P to that? I belive you added a switch for guest LAN access anyway... confused as to why you went that route. Any help would be greatly appreciated.

I wanted to completely isolate the guest wireless from the internal network. Separate subnet, snort rules, and QOS settings. I've expanded to four interfaces now, two LAN & two WAN (failover, and for a possible article about tarpitting, I'm waiting for pfSense 2.0RC2 to shake out). Very cool to be able to just add another interface.

M/B and CPU (most likely Atom based)

Take a look at the new Sandy Bridge boards, using Celeron G440 processor. Wasn't available when I built mine (wish it was)

Dual NIC's (WAN and LAN)

Use Intel, Some MBs come with dual intel NICs. I like the SuperMicro boards, and they do, both mATX and mITX. (SuperMicro C7Q67 & X9SCV-Q-O)

1U case (for my hobbiest home rack and it looks cool :) )

I was going to mention this, you can get old 1U servers off of EBay for dead cheap, and gut them for a case. Cheaper than a new case, and it often has that used industrial look.

No DVD/CD as I will install via USB

Dennis Wood has written a very good thread that is sticky, Confessions of a pfSense Newbie, he steps you through an install with USB. The DVD drive was the only part I didn't need, I have a USB DVD drive which would have been perfect as a temporary install device.

External Switch for the LAN

For another project (DIY SAN) I bought a 24-port Dell PowerConnect managed switch off of eBay for around $80. Other than the constant fan, it has simplified all of my connections, and allowed me to aggregate the connections to my DAS server. It is also a 1U box :)

I take it WAF isn't an issue?

This will be a bit more than the Netgear UTM5 or equivalent but without the subscription costs and will be more than sufficient for my needs.

Probably greener too (you'll need a green PSU). And it will give you hours of tinkering time, cheap entertainment without a doubt.
 
Last edited:
I wanted to completely isolate the guest wireless from the internal network. Separate subnet, snort rules, and QOS settings. I've expanded to four interfaces now, two LAN & two WAN (failover, and for a possible article about tarpitting, I'm waiting for pfSense 2.0RC2 to shake out). Very cool to be able to just add another interface.

Gotcha... figured it was something to do with separating the networks. I do not have a need for this.


Take a look at the new Sandy Bridge boards, using Celeron G440 processor. Wasn't available when I built mine (wish it was)

Will there be a differnece with less than 20 clients (2 users with PC's, smartphones, etc.)? The celeron looks to be about the cost of the processor more, but you can add more than 4gb of memory. Will this be advantageous?



Use Intel, Some MBs come with dual intel NICs. I like the SuperMicro boards, and they do, both mATX and mITX. (SuperMicro C7Q67 & X9SCV-Q-O)

Check.


I was going to mention this, you can get old 1U servers off of EBay for dead cheap, and gut them for a case. Cheaper than a new case, and it often has that used industrial look.

There are a ton around here on craigslist.. will have to keep an eye out. May even be able to score a free one from the day job.


Dennis Wood has written a very good thread that is sticky, Confessions of a pfSense Newbie, he steps you through an install with USB. The DVD drive was the only part I didn't need, I have a USB DVD drive which would have been perfect as a temporary install device.

Excellent info, thanks.


For another project (DIY SAN) I bought a 24-port Dell PowerConnect managed switch off of eBay for around $80. Other than the constant fan, it has simplified all of my connections, and allowed me to aggregate the connections to my DAS server. It is also a 1U box :)

I take it WAF isn't an issue?

Probably greener too (you'll need a green PSU). And it will give you hours of tinkering time, cheap entertainment without a doubt.

Had to look up what WAF was... LOL. I really don't need management outside of what is provided by a DHCP router and a secured access point. So no, not an issue.

Oh, and tinkering time is a priority!

Thanks for the quick responses.

Tim
 
Will there be a difference with less than 20 clients (2 users with PC's, smartphones, etc.)? The celeron looks to be about the cost of the processor more, but you can add more than 4gb of memory. Will this be advantageous?


Same Power, better processing umph, slightly more expensive. But the thing is, a Sandy Bridge board with a swappable processor has a future: more memory, more sata drives, more slots.

My D525 board, as good as it is (it too is a SuperMicro) is a lock in, I want to use it for something else, such as an HTPC or lightweight NAS, I'm out of luck. I mentioned I added an interface to Cerberus, to go beyond the three it had - I had to buy a dual NIC card, because I didn't have any slots to just add another card.

Here is an article about the new Celeron sandy bridge processors, take a look. The conclusion supporting the G440 in particular.

The problem I learned, as a tinkering hobbyist who values reuse, the embedded processor boards that look attract because of price, really have no future application - by the time I'm looking for an upgrade the fixed Atom will be too gone to be even sold used.
 
Last edited:
I am pretty sure that the atom will stay a network appliance and the extra money not spent on the processor can be used elsewhere in the network upgrade (like a gig switch that I need). I am currently using an atom board for a WHS and it works great for my needs and I can't image that the router needing more.

The upgrade hardware is all gone at this point and everything around the house is in use... until the next round of i7's are released... then it is desktop upgrade time... and perhaps a WHS 2011 box... hmmmmm....

Once I have the equipment up and running I will report back, which will be in about a month due to other priorities around the house and some upcoming travel.

Thanks again,
Tim
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top