New network / some questions

Leijendeckers · ‎05-18-2013

Hello,

Regarding a network I am going to build in about a month I have a question. I fear it is actually a rather simple question but I googled for days to no avail, so I hope I can find the answer here. It regards a large (multi) home network. I have lots of experience with regular home routers / switches and the likes (but hey, that is all plug and play) but zero experience with more professional grade equipment.

The main issue is I need to make sure I am purchasing the right hardware. I will probably be tinkering with the configuration for a while, but as long as I have the correct hardware I will be fine. The network has to be operational around october 2013, so I have quite a while to get things configurated. I hope those things come with a manual .

I am starting with Comptia Network+ now, so I hope it will be some of a help with setting things up.

Situation

Two buildings will be connected in 1 LAN, the full LAN will be operating at 1Gbit/s (with cat 6 UTP cables). In the future there will probably be a third building being connected to this LAN. I believe a 1 Gbit/s network for multi home networks is more then sufficient for the coming years (and/or decade).

Building 1 (main) will have a Cisco Small Business 300 series switch as the heart of the network (300 series being level 3 so I can get rid of those slow home use routers slowing the network down to 100Mbit/s). Everything in building 1 will be connected to this switch.

Building 2 will have a switch too, which one has still to be determined. It has to support the 1Gbit/s standard and it has to have fibre connections to connect both switches (the distance is too much for a cat 6 cable and I would rather not start with cat 6a). I am hoping to go with a Small Business 200 series here.

I might even switch both switches because site 1 needs more ports and it would be more economical to purchase a smaller 300 series and a larger 200 series.

But to provide both internal networkdata (and ofcourse an internet connection) and the television signal over the network I need to setup a VLAN. For some reason the supplier of the signal is forcing the data (internet) and TV signal on two seperate ethernet networks and I am not all that happy with adding additional wires all trough both houses just so the television signal can be sent.

My questions are:

1) If I would purchase one 300 series and one 200 series switch will I be able to fully support my multi home network? Meaning setting up VLANs that work troughout both (and in the future) all three houses providing both data (including internet) and tv. I believe by putting all TVs and the TVout from the modem on the same VLAN I no longer need to use a separate switch, and thus the system will not detect the internet and tv port on the same network and freeze.

2) I believe for home use those switches are regarded as overkill, but as it only is a few hundred euros more then I would spend when purchasing consumer grade crap I do not mind spending it. But if someone has a suggestion on stuff I am missing out of when choosing these two switches please comment (mainly meant for when the 200 will not be enough, I cannot go lower then the 300 for the primary or I need a router and that will probably reduce network speed back to 100Mbit/s).

3) I only need one 300 series switch which will act as a DHCP server for the entire cabled LAN?

4) Am I missing something critical?

5) Any more comments, feel free to give them. Now is the time I need to know if I need more (or less) hardware.

Thanks in advance.

Elton Babcock · ‎05-19-2013

Some of the things I think you are missing is the ability to do NAT which is needed when you connect to the Internet or a network that doesn't know about your IP addresses.

I would also be concerned with not having a device that can do firewall. Whether it be a separate device or an integrated device. That is important.

As far as doing both TV and data on the same LAN you may want to check to make sure the devices can do QOS with the ability to mark traffic and enforce policies based on the markings. I would assume you want to give your TV traffic some priority over RAW data.

Sent from Cisco Technical Support iPhone App

Leijendeckers · ‎05-20-2013

Hello Elton,

Thank you for your reply.

I was looking at the ASA firewalls, as I consider them too expensive for home use I 'skipped' that part. Before actually going live I would put something in between. I was going to put a fileserver in at some point, I believe running a combo firewall / fileserver (ClearOS) would actually be a good idea here. I'd actually prefer a dedicated firewall, but at the cost point I am willing to make a small sacrifice here. Furthermore it would be more energy efficient this way I believe.

But I did forget about the NAT part, thanks for the reminder. Because this means I need NAT, and thus some kind of router and then I do not need the 300 series switches at all but I could drop down to the 200 series. As far as I know the level 3 switching is not going to give me any noticable network speed increase over level 2 switches when there is a router present. Any other advanced features will probably not be relevant for me.

Thanks.

Elton Babcock · ‎05-20-2013

I know this is a Cisco forum but I would recommend looking at the Juniper Netscreen 5GT firewall. You can pick them up on ebay for about 30-50 bucks. I use this on my home network. It has the ability to do QOS, VPN, NAT, Firewall policies. Great little device and can be managed through an easy to use web GUI.

It might be worth having your fileserver on the LAN instead of accessable on the Internet. I wouldn't feel safe even if the firewall had policies were only allowing specific IP addresses.

I'm not sure if ClearOS will do NAT but it should. You are also going to want to think about what will be doing your DHCP and policy DNS services if you need that on the network.

As far as the switching, it really depends on whether you are trying to route between your data VLAN and your TV VLAN. If you are then yes the router will slow that down. If not, and I can't imagine why you would want to all of the traffic is going to be switched only on the switches at the layer 2 level. The only time it will get routed if it is going out to the Internet which is slower than your network anyways.

Leijendeckers · ‎05-21-2013

Thanks again.

I looked at the Juniper 5GT and actually thought it a very good idea, at the price point they are practically giving them away. However, here in The Netherlands (and connected countries) there are only a few and they are all limited to 10 users / devices. I need at least 15 solely for the internet connection (both buildings contain quite an amount of computers, laptops, wireless devices and media thingies with a net connection).

As ClearOS is a free firewall / router (with NAT capability) I am going to try that one out first, if I cannot get it to work properly I will try to look for a 5GT in some further away countries to find one with a larger license. As the network will go live in October I have quite some time until then to tinker away . I am just glad I started this early, otherwise I would have been in for a surprise.

I do however realise I do not know as much about these matters as I thought. Because I got till october I am going to start with my Network+ course first (I got the book today) and build the network step by step. I am going to put the cables in place first (this I am certain I can do ), and when everything is patched I am going to look what switches to put the cables into. I am going to leave the basic linksys router we have now in place and work from there. As soon as I am confident I know enough to put the right parts in place I am going to replace it. With 4 months of time I should be able to make the right decisions.

Thanks for all the info. Your replies have really helped me, although I am still not 100% sure what I am going to put in place I now do know about some critical parts I left out in the first place and what to look for.

Ow and, you are right, I should not mix a firewall and fileserver in one machine. I actually found cheap intel deskboards with atom processors more then capable enough for the firewall software. And if I cannot get it to work I will just find something else to do with it. They really do look fun .

Thanks.

Elton Babcock · ‎05-21-2013

Ahh I forgot about the ten user license. What the 5GT does is only allow ten different IP addresses to have stateful sessions in the firewall. So technically if all devices on the LAN don't need Internet like a printer it would still work.

ClearOS should be a good solution as long as it is on a good reliable machine.

If you have any questions during the build just append to this forum and I'd be happy to help. I would recommend you push yourself skill wise with this build as it will really benefit you with the experience. Take care and good luck.

Sent from Cisco Technical Support iPhone App