WHY!?

Ok! So my friend called me and asked me to come over to his Inn and price him on redoing
his Inn networking. As I was looking at his equipment I noticed that 1. he using walmart
routers and switches - a big issue with me, 2. the WiFi to the guess is on the same network
as business side, An there no IP isolation setup. Meaning that anyone can connect and see
what on what. WHY do people do this? This can be a huge security risk not to the guess but
to the business side too. So I told my friend he need a new network installed. He not too happy
but the risk he can't afford to have on him.

Plane: A - my way
1.) Run green cat5e to all offices to a patch panel.
2.) Run blue cat5e to five point of the Inn to five new Ubiquiti nodes
3.) Use a Dell Dual Core 3gig ram W/3 network cards running IPFIRE, Green
zone business, Blue Zone WiFi Guess with IP Isolation. Red Zone for Internet firewall.
4.) have two switches one 24 cisco green zone, and one 8 port cisco blue zone.
5.) install two wired network green zone laser printers, and two receipt printers.
6.) run new dell office computer with windows 7 (Buy Request) and have
domain user login protocols for security.

Plane: B - would be his way. Buy Walmart gear. aka be cheap.
1. keep the old wireing
2. just get new walmart WiFi routers
3. upgrade the dell computer with xp to win 7.
4. use his old inkjet printers.

Why would he want his way is be-on-me. What do you think on my plan?

Plan A sound much better, Plan B seems to be asking for even more trouble or the problem with his wifi wont go away with Plan B setup. I am not a network wiz but I have setup 4 Rv parks with Ubiquiti equip and it works wonderful. Why not setup some vlans on the network then you can separate the guest network from the office using maybe a Mikrotik router, This is just a idea.
kb0vwg
wqoi992

I thought of that, but then rookie could hit the reset button and through out of wack faster then
separated switches. planing ahead..lol...

Yep

kc0vgj said:

I thought of that, but then rookie could hit the reset button and through out of wack faster then
separated switches. planing ahead..lol...

Click to expand...

And for some reason people are drawn in by the reset button. lol
Press me Press me please lol.
kb0vwg
wqoi992

kids in a candy shop....lol..

kc0vgj said:

I thought of that, but then rookie could hit the reset button and through out of wack faster then
separated switches. planing ahead..lol...

Click to expand...

If you use Cisco switches to setup the VLANS it wouldn't matter if they hit the reset button. The VLAN and config data is saved and loaded automatically when the devices are rebooted.

kc0vgj said:

Ok! So my friend called me and asked me to come over to his Inn and price him on redoing
his Inn networking. As I was looking at his equipment I noticed that 1. he using walmart
routers and switches - a big issue with me, 2. the WiFi to the guess is on the same network
as business side, An there no IP isolation setup. Meaning that anyone can connect and see
what on what. WHY do people do this? This can be a huge security risk not to the guess but
to the business side too. So I told my friend he need a new network installed. He not too happy
but the risk he can't afford to have on him.

Plane: A - my way
1.) Run green cat5e to all offices to a patch panel.
2.) Run blue cat5e to five point of the Inn to five new Ubiquiti nodes
3.) Use a Dell Dual Core 3gig ram W/3 network cards running IPFIRE, Green
zone business, Blue Zone WiFi Guess with IP Isolation. Red Zone for Internet firewall.
4.) have two switches one 24 cisco green zone, and one 8 port cisco blue zone.
5.) install two wired network green zone laser printers, and two receipt printers.
6.) run new dell office computer with windows 7 (Buy Request) and have
domain user login protocols for security.

Plane: B - would be his way. Buy Walmart gear. aka be cheap.
1. keep the old wireing
2. just get new walmart WiFi routers
3. upgrade the dell computer with xp to win 7.
4. use his old inkjet printers.

Why would he want his way is be-on-me. What do you think on my plan?

Click to expand...

h


You know write english well. Hard to figure this out. But I think I finally got it.
Question, how many devices on the business side of the system?

How many wired connections on the gust side? How many wifi access points on the gust side? Is the gust side open or password access?

How many floors of the Inn? How many rooms per floor?

Can you get a size of the complete building or a GPS and I can look at the place.

In some ways your Plan A will work better but there is an even better way if I had all the above information

if it was me, i would fiber tie 24-48 even 64 port 10/100 switches between areas of the Inn depending on the number of rooms. remember now, you can run effectively about 250 feet of Ethernet without a repeater. they say 300, but its actually about 250-278 Feet. and fiber will run for the length of the property easily.

Cable color is just a preference, labeling the cables is even better, or a chart next to each switch with port # and connected area. laminated or protected from elements of course.


Barracuda Firewall and a Barracuda Spam Filter would be in place for me to prevent any unknown nasties from getting into the LAN. VLAN's handled by Cisco, AP's handled by Commercial Grade 600mW points. the main junction would be a gigabit Cisco tying in everything.

Everything critical of business operations would be Cat 6 Gigabit, stuck in a VLAN with ZERO cross talk to the other VLAN's. anything else Cat5E.


At home, i run Smoothwall on a P-4 legacy box. 1GB of DDR, dual 80GB Drives ( One for the OS Itself and the other for the logs of the firewall ) that gets filtered into a 24 Port Cisco box. 2Gbit Nics on the P-4 box. one direct to the modem and the other to the Cisco LAN Side. two Amped Wireless 600mW AP's control the WiFi in the house ( 4780 sq. ft ) and the 1.25 Acre yard, which in turn is completely bathed in at least 3/5 bars on wifi signals from front yard sidewalk to back yard fence.

Hard wire locations are next to the switch, and the main bedrooms. a NAS Box is also tied in. and 2 networked printers.

I use color coding for Zones and I do label all my wire, The WiFi side is Blue - three of the node are wired the other two act as repeaters. His wife told him to go my way. I'm in the middle of finishing the job. I have the server installed and the patch panel installed with the switch. waiting for dell and the POS software to come in. The WiFi is working like a charm, and faster. All rooms have connections.

IPFire is the best Firewall I have worked with.

Out of curiosity, how much did Plan A end up costing?

^ ^ ^ This

Cat5e Green - $069.98 x5
Cat5e Blue - $0$69.98 x2 + one free box he had
OptiPlex 3020 Micro - $449 x3
Ubiquiti Unifi - $0$72 x5
Laser printer $080 x2
Samsung pos printer - $150 x2
Dell - IPFIRE - Free
cisco 24 switch $195
Cisco 8 port free
pos software - $800
others - $30.00
----------------------------------------
Total - $3681.86 plus tax&shipping

we did reuse the LCD monitors and other equipment, Almost finished with the install. The Wifi Side Works Great. No more complaints so far. I used wifi analyzer for android in were there was dead spot and they now have signal. The servers are now located in a closet locked with a/c vent and exit vent in the door. FYI the Max running for cat5e 295ft / 600ft with extender.

objective met:
1. improve WiFi on the grounds
2. New work-station in front desk & Office
3. Less equipment in front desk & Office (aka) Clutter
4. Business center has better performance.
5. less paper wast with pos printer
6. Firewall / security added to the network.

No I did not get payed to to this. we horse traded...lol

Awesome! Looks good man.

Thank, waiting for the new dells to come in. win 7 pro.

i know what the MAX is without a repeater. though if you get to that MAX you have data reliability issues and errors at a much higher percentage. ~ 260 ft. is where that level begins to increase.