26 posts in this topic

I am going to try and keep this very brief, but it is a long story.


 


I work in a very large corporation. Prefer not to say what department just in case this is somehow against the rules.


Anyway, over 2 years ago now we convinced our IT department to let us install our own Wireless Network within the building.


 


At the time we had some needs they were not willing to allow on our official corporate network. We also were doing virtual classes using Adobe Connect, and they preferred the traffic from those classes were also not on their network, although I do believe that has more to do with our agreement of WebEx being our official virtual platform, but that is not very relevant.


 


The main point is our IT department agreed to let us go to an ISP directly and get two business lines installed directly into our department.


 


IT assigned a very cool guy to the project, and he basically laid out the entire way we would set the network up. I just actually executed it all. This was all his master plan so to speak.


 


So here are the facts you need to know


  • 2 Separate Business Lines Come Into Our Building into a Closet
  • The closet has 2 modems, each with 4 ports
  • The closet also has 10 ethernet ports in it. Each one of those ports goes to a different "drop point" that is scattered throughout the ground floor of the building (where my department resides)
  • Each "drop point" has a router.

Here is the closet with the ethernet drops on the wall and the two modems.


post-34384-0-91034500-1402058703.jpg


 


So in order to give the "illusion" of one continuous network to make it as easy as possible for anyone to connect to our network, each router is assigned the same SSID. Let's just say it is "wireless" for my example.


Then each router is manually assigned a different Start IP address.


 


Here is a schematic of the network itself.


 


post-34384-0-93741100-1402058705.png


As you can see, we kept it simple. Router 2 is 192.168.2.1, Router 3 is 192.168.3.1, so on and so forth. We also had to use a switch as there were just not enough ports on the modem.


 


Here is one of the routers along with one of the drop points.


post-34384-0-00183400-1402058705.jpg


 


 


So assigning each router it's own IP obviously has introduced some complexities in regards to actual networked devices. If we want to connect to an Apple TV for example and do AirPlay, the iPad and Apple TV each need to be connected to the same IP, which because we named all of the SSID's the same name, there is no way to know if that was the case without manually going into each device and checking it's assigned IP.


 


So some routers over time actually got their own unique SSID to simplify some stuff like using AirPlay. You want to project your iPad to the projector the Apple TV is connected to, you have to be connected to the SSID "Wireless-AppleTV"


 


So I am wondering, was there any better way to set this all up where somehow it does create one continuous harmonious network? Or did we set it up the right way initially to give the illusion of one large, single WiFi connection?


 


Remember the big thing to keep in mind here, is we want to make the end users experience as easy as possible (talking up to 2500 over the course of the year), so we need to keep it as one SSID.


 


Also the other thing to keep in mind, is we had little to no budget to do this. The total cost of equipment to do this was around $2500.


 


In conclusion, as I alluded to above, we have been using this setup for 2 years now. And it has worked out pretty good. I am just wondering if it could have been done better somehow, and if there is some way to make it all one true network so if a Printer or Apple TV is connected to Router 3 but the end user is connected to Router 9, they can still access it.


 


TIA for any help, comments, or suggestions.


Share this post


Link to post
Share on other sites

No I would not have done it like this..  Why do you need "routers" at each point.  Is it that spread out that you need wireless in each area that another can not reach?

 

So if that is the case an you need wireless in each area - what you needed is AP (access points) Any wireless router could be used as just an AP.  You turn off its dhcp server, give its lan an IP on your network and then connect it to the network via a lan port vs its wan/internet port.

 

What I would of done is gotten a dual wan port router, cheap!!  Say something like this

http://smile.amazon.com/Cisco-RV042-4-port-100-Router/dp/B0002I7288/ref=smi_www_rcolv2_go_smi?_encoding=UTF8&*Version*=1&*entries*=0

 

Now you can load balance, use your dual internet connections in failover mode, etc.  Then connect all your wireless routers at your drop points as AP, sure put them all on the same SSID..  But everyone would of been on 1 network..  say 192.168.1.0/24 -- how many clients do you have connected at any one time?  I you needed more than a /24 can provide - then use a /23, etc.

 

While your setup might work - its not the way it should of been done.

 

If you didn't want to buy a dual band router..  You can just connect the natted lan side of your isp devices, and gave one an address of say 192.168.1.1 and the other 192.168.1.2 and then using AP and either via dhcp or static on the devices pointed them to the address you wanted them to use as there gateway to the internet, etc..

 

I could draw this up for you real quick - and actually have done it in the past multiple times when people ask how to use dual internet connections, etc..

Share this post


Link to post
Share on other sites

Is that a tape player!! Wow good going ha.

 

It looks overly complicated to me. Why couldn't you have all AP's into one "switch" What are the numbers like 8,5 etc on the ports? 

 

I understand there are physical limitations of building cable etc. 

Share this post


Link to post
Share on other sites

I am gathering your using optimum bussines going by your in NJ and by the modems. I am on long island and also use optimum. Why have 2 connections? Each connection is $70 so that's $140. Its cheaper to get one ultra connection which is 115/35 up. More then enough speed .

 

What you do is connect one of those routers to the cablemodem. Then convert the rest of the Linksys routers to just APs . All connected to the one actual router. you would turn off the nat and dhcp to convert them to ap's . Give them all a different last digit ip example :192.168.1.x.

 

Use the switch and plug it into the one Linksys router to add more ports. this would give you one continuous wireless network.

Share this post


Link to post
Share on other sites

Is that a tape player!! Wow good going ha.

 

It looks overly complicated to me. Why couldn't you have all AP's into one "switch" What are the numbers like 8,5 etc on the ports? 

 

I understand there are physical limitations of building cable etc. 

He made every router its own network. each one is given its own static ip from the cable company. more complicated then needs be but works for internet purposes.

Share this post


Link to post
Share on other sites

BTW those are not "modems" those are gateways it seems, modem/router combo so doing nat..  

 

@chuck the numbers on the ports seem arbitrary to me - just the number of his downstream wireless routers.  Seems he numbered them to match up with the octet of this networks he is using behind the wireless routers 192.168.4, .5, .8 etc..

 

I really would redo this - so that all your wireless are on the same network.  All that would be required is change your routers to AP, and renumber your gateways lan ports and connect them together via one of their lan ports which you seem to have open..  Or just connect both of them to the switch, etc.

 

This way all your devices are on the same network, and could access anything on your whole network. 

 

As to why you have 2 connections, I have the same question - what speeds are they?  As already mentioned upping the speed and only having 1 connection most likely would be more cost friendly.

Share this post


Link to post
Share on other sites

Thanks everyone so far for the fast replies.

 

As I said keep in mind I actually did not come up with this all, someone else did, I just set it all up. At the time I knew next to nothing about networking, and I still would say I know very little overall.

 

So to answer the question about why we needed multiple access points. It is because this is spread out across the entire ground floor of a very big corporate building.

The whole overall area is probably at least two football fields, if not larger actually, with multiple offices, training rooms, etc.

Here is the actual blueprint of the area of the ground floor, showing where the routers are.

 

post-34384-0-88254400-1402064487.png

 

Few things to note.

  • Access Point Locations is really just the routers as explained above. They are not true access points.
     
  • The star on the top right shows where the Optimum line from the street comes into the building. It is literally on the exact opposite end of the building, so that right there runs a very long way to even get to the "Master Control" Closet by the classrooms. The 2nd star on the top right just shows a closet where Optimum had to install a amp to boost the signal of the line.
     
  • The area where 1&2 is our offices and our cubicles, etc. Where my whole department resides. About 35 people total.
     
  • The area that has the large concentration of routers 4,5,6,7,8,9 are large classrooms and meeting rooms. At any one point in time up to 150 people can be in that area. So there are so many routers there to handle all of those people connecting at once. From my understanding the thinking once since these are just consumer grade routers, one router could not provide the coverage, and also would slow down to a crawl, if all 150 people connecting to just one. Each router is set to only allow 30 clients at a time.
     
  • There are a few small areas where coverage does drop or it is not very good, but overall the main places they are set up were chosen to provide the coverage in the areas people would be the most.

 

Indeed, this is Optimum. The reason we went with 2 lines was had to in order to get 2 modems from them. We needed 2 modems to have 8 ports, in order to hook everything up as it would be hooked up when this was drawn up. Each router has its own port on the modems, while one port has a switch with 2 routers. Hence why 2 lines were ordered. Each line is 120/35 UP. I believe the thinking was also that of if we had 2 lines, it would "separate" the traffic so not everything was on one line. Again, I just followed orders.

Also to be quite honest, cost per month is not a big deal at all. $140 a month is not even like a penny to this company.

 

Basically after all this time and constantly being asked to add more networked functionality and not really being able to, I figured there just had to be a better way. It has always provided people to online access, so it has never been questioned really. Now I am questioning it.

 

So I am not doubt open to how to set everything up with Access Points instead so it could all be networked. Especially since iPads with Apple TV's as projectors is a big deal right now, it would be great. Although that all may become irrelevant, as it is my understanding Apple is introducing WiFi Direct with iOS 8, so an iPad can connect directly to an Apple TV via AirPlay and not be on the same network, it would still be nice to have everything on the same network itself.

Share this post


Link to post
Share on other sites

 I understand the point of all of the AP's, what is the point of all of the different subnets connected to two different modems? 

 

If you are going to make them all on the same wireless ssid, it really makes no sense to do it in the fashion that you did it in. 

 

 

Would you like me to come fix it/help you redesign it?  I can do an in person interview to see exactly what you need/how you need and go from there. 

 

It doesn't look like you are gaining anything from all of the subnets.  It doesn't look like you are doing any qos for anything that would be good use for different subnets.

Share this post


Link to post
Share on other sites

Also just to clarify, the Master Control Closet has the 2 modems.

The rest 1,2,3,4,5,6,7,8,& 9 are Linksys E4200v2 Routers setup as Routers. We are due for a new hardware refresh I would say, so that is why I am asking as well.

Share this post


Link to post
Share on other sites

You can link the routers together without creating different subnets.  So again I ask, why.

 

You could have a single port modem go to a router which goes to a 52 port switch and plug each of your other routers into that and have plenty of room for growth. 

Share this post


Link to post
Share on other sites

You can link the routers together without creating different subnets.  So again I ask, why.

No clue.  :laugh: As I said I did not draw this all up, I just was the person who set it all up following directions.

To be candid, I think the guy who was assigned this project was not a networking expert and just configured it in a way it would get up and running.

 

I also think, but am not sure, Cablevision may not allow customization of the modems, but I am not 100% sure there. 

Share this post


Link to post
Share on other sites

Ok here is what I would do in your situation in a small business setup.

 

1 modem with whatever service you want on it 50Mb, 100Mb, 1000Mb whatever.....

1 router to hand out dhcp and service to the network

1 switch for everything to be hardwired into (make it big enough for all of your hard wire connections)

as many access points that you need or want on the same ssid

 

You want to make different vlans for priority then do that, we can assign priority based on device or vlan if you so choose. 

 

ubiquiti makes a decent product but if you want something a little more known a cisco 321 ap would work too. 

 

It is simple, easy and can be done quickly.  ripping out that stuff that makes no sense. 

Share this post


Link to post
Share on other sites

If you want to keep your routers as access points that is fine too, you can reset them make them on the same subnet as the router that hands out dhcp, disable dhcp on each router, and  plug in a line to one of the ethernet ports. You can utilize one modem and get rid of the other one. 

Share this post


Link to post
Share on other sites

sc302 advice as always is right on the money, and exactly what I would do.

The point of 2 lines to get two "modems" so you could have more than 4 ports is just nuts - someone in actual IT said this was the best way? As mentioned connect it to a switch and have as many ports as you need. You have a switch in your drawing, you could use that from the ports that are used on it. Or you could of gotten a bigger one, or even 2 of them, etc. Dumb gig switch can be had for <$50, decent cisco switch for $200 with 10 ports (sg300) for example.

If sc302 is in the area, as he mentioned already could come out - prob even give you a neowin discount on his cost ;)

Also as mentioned the unifi wireless would be freaking perfect for this sort of setup and very good prices. Their normal N AP are $70, and would give you a true enterprise class wireless network for pennies compared to other solutions.

Share this post


Link to post
Share on other sites

If you want to keep your routers as access points that is fine too, you can reset them make them on the same subnet as the router that hands out dhcp, disable dhcp on each router, and  plug in a line to one of the ethernet ports. You can utilize one modem and get rid of the other one. 

I just ran this past my boss, and he is no doubt on board with setting it up the right way, but also let me know that we have little to no budget. So if we can utilize our current Linksys E4200v2 Routers as Access Points, and just pick up the switch itself, that would be ideal.

There is a very small chance I can maybe get a budget to pick up all new equipment, but that remains to be seen. If I can keep it under $2000-$3000, there is a chance.

 

Also I do believe I do not have access to the Cisco Modem that is provided by Cablevision itself. I tried logging into it with no luck. I tried a whole bunch of different combinations as well that were recommended here. I am open to other suggestions as to what the username and password may be for the modems, but I am pretty sure Cablevision locks them down.

 

So just to clarify, here is my Macbook's network settings when I log directly into the Modem.

post-34384-0-22539400-1402071260.png

 

Here is what I see when I try and log into the modem itself.

post-34384-0-41834900-1402071258.png

 

So what you are suggesting, can it be done without not having access to the modem to change the settings?

 

Thanks again so much to everyone. I am here to learn, and will take any and all advice.

sc302 advice as always is right on the money, and exactly what I would do.

Great to hear. He lives in my state as well, so going to take him up on his offer to help.

Thanks to you as well for always being willing to assist.

I came here with this whole issue as I know there are people like you and him willing to assist, so it is truly very much appreciated. (Y)

Share this post


Link to post
Share on other sites

user and pass combinations:

cisco/cisco

admin/admin

admin/cisco

admin/password

cisco/password

 

 

If you were to replace everything with ubiquiti's devices, depending on the ap you can get them for about 70 a pop. 

 

You can get a 10 port poe switch that would run them for about 250.  Definitely keeping it in your 2000-3000 budget.  Hell if you wanted to you could use the second modem for guest access and have the aps do both a secure/lan access and do a guest/unsecure network. 

 

Take a look at the ubiquiti pricing

https://store.ubnt.com/unifi.html

 

Take a look at this switch

http://www.amazon.com/Cisco-SG-300-10P-SRW2008P-K9-NA-10-Port/dp/B0041ORN92

Share this post


Link to post
Share on other sites

If possible I would really look into the unifi setup.. Could easy be done on your budget.. If you only go with the N, even if you went with the Pro dual band models you would still be under the $3k mark. Only if you went AC models would you be in danger of the 3k mark with the POE switch, etc.

But with a just a tiny little be of wiggle room on the $3k mark you could go with dual band AC -- their top of the line AP. I picked up one for the house a few weeks back, and very impressed with from power usage and performance. And with the controller software, and feature set - it really put you in the enterprise sort of setup on a soho budget ;)

The access points do come with their own POE injector, so if your right at the mark of the top budget. You could leverage just a normal switch until such time as you could replace with a true POE switch.

Share this post


Link to post
Share on other sites

Judging from the image of your macbook directly connected to your modem I would first want to know if you are able to have the ISP bridge the modems. Otherwise you are double nat.

 

Also, caution about the cheapest N-only ubiquti AP. It is not 802.3af compliant for PoE. Your switches won't power them; you'll need the power injectors or buy the Dual Band pro AP.

Share this post


Link to post
Share on other sites

If possible I would really look into the unifi setup.. Could easy be done on your budget.. If you only go with the N, even if you went with the Pro dual band models you would still be under the $3k mark. Only if you went AC models would you be in danger of the 3k mark with the POE switch, etc.

But with a just a tiny little be of wiggle room on the $3k mark you could go with dual band AC -- their top of the line AP. I picked up one for the house a few weeks back, and very impressed with from power usage and performance. And with the controller software, and feature set - it really put you in the enterprise sort of setup on a soho budget ;)

The access points do come with their own POE injector, so if your right at the mark of the top budget. You could leverage just a normal switch until such time as you could replace with a true POE switch.

Thanks.

As far as getting the Dual Band AC model, see below*. Hopefully I can swing that.

 

And just to clarify, what does POE mean? Point Of Entry?

Judging from the image of your macbook directly connected to your modem I would first want to know if you are able to have the ISP bridge the modems. Otherwise you are double nat.

 

Also, caution about the cheapest N-only ubiquti AP. It is not 802.3af compliant for PoE. Your switches won't power them; you'll need the power injectors or buy the Dual Band pro AP.

If I did just go down to one modem and upped the bandwidth that would take care of any potential issues with Double Natting correct?

Part of the way I am going to try and get the budget is partly based on the money I will save if I can take it down to just one line in. Each line is $140 with taxes. I believe upping it to the next package is $50 more a line. That means I can save $100 a month, so thats $1200 of the budget right there.

 

*The good thing is my boss is all about lets get the latest and the greatest as long as it is not way more expensive. So if it is just the matter of a grand or so to get the better AP's, I can hopefully swing that.

Share this post


Link to post
Share on other sites

Are all your current Cisco routers at floor-outlet level? Not the most ideal place for a wireless AP ;)

 

Unfortunately you won't resolve double nat by upping the bandwidth coming in from the provider. You'll need to speak with the ISP and have them either bridge the modems you have now or swap it out for a standalone modem-only device. You want your edge router to have a globally-addressable IP, i.e. not 192.168.X.X/24. 

 

Perhaps Budman/sc can recommend a good SMB router as what I deal with at work are normally Cisco 2911 ISR or ASA 5515; a bit more than your budget. I would definitely recommend you proceed with what SC suggested and put all of your wireless clients on the same subnet and have Ubiquiti Pro AP's doing your wifi. I'm surprised you haven't had complaints from users when they move from meeting room to meeting room that their connection drops and they have to renew their IP leases...

 

Counting every wireless host, you will only have 150 endpoints at one time? Then a small /24 subnet should do fine. As you have now. How does your wired hosts look? Are they on the same subnet as the wireless? You may want to read up on separating wireless and wired clients via vlan if you are going to purchase managed switches, if nothing else but to segregate the broadcast domain.

Share this post


Link to post
Share on other sites

I'd second the Ubiquiti APs.  We used them at a school I was at about 3 years ago, and they're still working perfectly.  It's a small school and no fancy stuff, but solid.

 

If what you have is working, then no cost to keep them, but on the plus side for UniFi, they are centrally managed and you can have multplie SSIDs.

Share this post


Link to post
Share on other sites

Thanks.

As far as getting the Dual Band AC model, see below*. Hopefully I can swing that.

 

And just to clarify, what does POE mean? Point Of Entry?

If I did just go down to one modem and upped the bandwidth that would take care of any potential issues with Double Natting correct?

Part of the way I am going to try and get the budget is partly based on the money I will save if I can take it down to just one line in. Each line is $140 with taxes. I believe upping it to the next package is $50 more a line. That means I can save $100 a month, so thats $1200 of the budget right there.

 

*The good thing is my boss is all about lets get the latest and the greatest as long as it is not way more expensive. So if it is just the matter of a grand or so to get the better AP's, I can hopefully swing that.

PoE = Power over Ethernet.  Power is supplied through the ethernet cable so there is no need to have a plug in the wall to supply power to the device.

Yes and no.   One modem and up the bandwidth and you will be fine, you can still have a double nat but we can get to that later.

Share this post


Link to post
Share on other sites

Well if your just using the 1 "modem"  -- I quote it because that is not the right term..  Its a gateway.. Modem/Router combo there would not be any more double nat.. You currently have double nat sure.  Your network from the isp device is 192.168.0.0/24 but then your natting that again since each other downstream wireless router is in router mode vs just being used as AP.

 

You know this should be fixed already.  Disconnect the 2nd "modem" and change all your wireless routers to AP..  And your all on the same network - then you can think about moving to unifi, and sure up your speed on the one line - but you really should already have your double nat issue removed and everything on the 1 network..

 

Your isp device will put everything on the 192.168.0.0/24 via its dhcp server.

 

As to logging into the isp device, isn't the default username and password on the dpq3925 blank and blank..  I would factory reset the thing and then it should be blank blank.  Did you try leaving username blank and just password?

 

From the manual

How Do I Configure My DOCSIS Residential Gateway?
 
In the address field, enter the following IP address:192.168.0.1
A Status DOCSIS WAN login page similar to the following page opens.
 
On the Status DOCSIS WAN page, leave the User Name and Password field blank and click Log In
 
The gateway opens with an Administration Management page in the forefront. You can use the Administration Management page to change your User Name and Password.

Share this post


Link to post
Share on other sites

you would also need to schedule an outage to move the physical connection from each downstream router's wan port to the switchport. and reconfigure to ap only mode.

Share this post


Link to post
Share on other sites

I see this as a complex network. Better would be two internet links terminating on perimeter security device and from there on distribute the access points using switch.

 

Like....Two Internet Links---->Firewall--->Switch---> Access Points--->Users

 

Traffic flow would be simple with this setup without any assymetric routing. You shall configure security policies on firewall based on user's IP or User authentication methods. Policy could be to allow/deny websites/applications. Assign bandwidth policies to internet and VPN traffic if VPN is a requirement. Load balancing traffic between two links terminated on Firewall.

 

Hope this helps. Feel free to revert if you have any questions.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.