Hi,
This site was a great find. Thanks to those of you who are responsible for it!
I am designing a home/office network to replace a simple, failing router.
I am an IT professional and work with implementing ERPs, but am by no means a network engineer, so any insight from those who are knowledgeable in the area is greatly appreciated!
I've attached a first-swag of my design, but know there will likely be some changes around the DMZ and secondary router, with your insight. I also recognize that hardware selection may partially influence design, though hopefully we can leave that out for the moment.
Below is the attachment. Here are the requirements that come to mind.
Please feel free to steer me straight on anything.
Thanks,
Avery
*** Overall Requirements ***
- Design simplification, where possible (however, 'basic' is not necessary). In short, fewer network components to fail/maintain/upgrade are preferred. Overkill design not necessary, but well-thought out and future-flexible design is.
- 10/100/1000 where reasonable
- Generally, security conscious and security smart.
- Prefer to keep the cost of the network to $600 or less, if possible.
*** 'Zone' Requirements ***
Zone 1: Fully secure. This would be my personal home/office network.
- VPN (SSL & IPSec) access from the public internet (Mac and PC, 32 and 64-bit)
- Distinct wireless access
- Wired Access
-- 10/100/1000 transfer speeds between all attached computers/peripherals within the zone
-- At least 12 ports
-- Jumbo Frame capable
- Ability to mirror ports for network sniffing
- Ability to setup VLANS (even if not configured initially)
- No inbound access from Zone 2 or 3 allowed.
Zone 2: A somewhat secure zone that is used by my roommates/guests
- Distinct wireless access
- Distinct wired assess
- Ability to throttle bandwidth usage of this zone
- Ability to mirror ports for network sniffing
- Would prefer as much independence from zone 1 as possible, incase I am away and they need to bounce the network, I do not want my network affected.
Zone 3: A DMZ (or ability to add) for potential future webserver -- accessible from the public internet. This might not be added immediately, but the design should take into account this future growth.
- Wired access
This site was a great find. Thanks to those of you who are responsible for it!
I am designing a home/office network to replace a simple, failing router.
I am an IT professional and work with implementing ERPs, but am by no means a network engineer, so any insight from those who are knowledgeable in the area is greatly appreciated!
I've attached a first-swag of my design, but know there will likely be some changes around the DMZ and secondary router, with your insight. I also recognize that hardware selection may partially influence design, though hopefully we can leave that out for the moment.
Below is the attachment. Here are the requirements that come to mind.
Please feel free to steer me straight on anything.
Thanks,
Avery
*** Overall Requirements ***
- Design simplification, where possible (however, 'basic' is not necessary). In short, fewer network components to fail/maintain/upgrade are preferred. Overkill design not necessary, but well-thought out and future-flexible design is.
- 10/100/1000 where reasonable
- Generally, security conscious and security smart.
- Prefer to keep the cost of the network to $600 or less, if possible.
*** 'Zone' Requirements ***
Zone 1: Fully secure. This would be my personal home/office network.
- VPN (SSL & IPSec) access from the public internet (Mac and PC, 32 and 64-bit)
- Distinct wireless access
- Wired Access
-- 10/100/1000 transfer speeds between all attached computers/peripherals within the zone
-- At least 12 ports
-- Jumbo Frame capable
- Ability to mirror ports for network sniffing
- Ability to setup VLANS (even if not configured initially)
- No inbound access from Zone 2 or 3 allowed.
Zone 2: A somewhat secure zone that is used by my roommates/guests
- Distinct wireless access
- Distinct wired assess
- Ability to throttle bandwidth usage of this zone
- Ability to mirror ports for network sniffing
- Would prefer as much independence from zone 1 as possible, incase I am away and they need to bounce the network, I do not want my network affected.
Zone 3: A DMZ (or ability to add) for potential future webserver -- accessible from the public internet. This might not be added immediately, but the design should take into account this future growth.
- Wired access
Last edited:
