[master4g]

my goal is to monitor traffic by IP. my network uses the 10.214.6.xxx ip range and there are roughly 100 computers connected to it. All computers are connected to a switch which then connects to another switch (unmanaged) which then connects to the internet modem. my question is:

If I get a cheap/used Managed switch off ebay etc, can I just replace the Unmanaged switch connected to our internet modem... would i be able to monitor the traffic of each ip? or does it just monitor traffic to each port so I could only see how much traffic is coming from each other switch?



Or would you guys suggest any other method of monitoring traffic which would work for our current setup? maybe getting some other device (router with dd-wrt?) to replace that main switch?

thanks

[zx10guy]

What are you trying to monitor? Are you trying to monitor internet activity?

[master4g]

yea I want to monitor internet activity and bandwidth usage. also it would be nice to set up qoS and access management. thanks
Posted via Mobile Device

[zx10guy]

I assume this is tied to your other post about connecting buildings. If so, my first question is what is in the rental agreement between the tenants and you (aka the landlord) concerning the internet service?

No where do I see anything mentioning a router. How is this network set up from your ISP demarc to you?

[master4g]

Yes, this is tied to my other post.

I am not the landlord. I am the network administrator at the computer lab we have inside this apartment complex. We provide free internet service to all apartments. Several years back we had a virus problem and the ISP shut us off and said we need to have more control of our network and be able to block off certain ports, etc. Right now we have linux box running squid which acts as a gateway.

I didn't include the router in the picture becuase i am concerned about everything that comes after that.

Our setup:

Internet Modem-----> Linux box with Squid (trying to replace with managed switch which gives me control like squid does) -----> main hub-----> hubs in each building------>apartments.

[zx10guy]

You'll still need the Squid box. I assume your ISP has only provided a single public IP or a small range of addresses. A switch is not going to give you any NAT/NAT overload capability. Even a managed switch. Only some higher end managed switches will do NATs.

[master4g]

Yes, we only have one external ip, but we have our own range at 10.214.6.xxx set up for everyone in the complex.

The reason im looking for this is because, the computer lab which houses this server might close down, but the management of the apartments decided to continue providing internet service. The problem then is that we need something that will not require any maintenance at all. There will be noone to monitor the server, restart it if needed, or turn it back on if the power goes out. I was thinking if i got a managed switch i can get some of the same functionallity of the squid box but wouldn't need this attention (it can be stored away somewhere). If i cant do detailed logging like squid lets me, it would still be nice to be allowed to have QOS and also some level of power over what is blocked off and which ports can be used, etc

what do you think

[zx10guy]

You still need a router. A switch is a layer 2 device which has no concept of routing IP addresses. Only higher end layer 3 switches can do routing. Even if you get a layer 3 switch, you'll have to find one that can do NAT overloading which will make your management have seizures when you tell them how much one would cost.

NAT overloading is when you have one public IP shared by multiple private addresses...in this case the 10 subnet block you've set up. And to put more stress on your shoulders, you have to make sure the router solution you pick can provide the necessary performance given the number of clients you have, the features you are looking for, and for an amount that won't require divine intervention to part the Red Sea.

[master4g]

We have a comcast business internet connection. Our modem is also a gateway with 4 ports in the back. from my understanding, we can just hook the main switch to the gateway without the need of another router, because the gateway has its own web interface which allows me to do everything my wifi router at home does...like enable dhcp, change the private 10 subnet block, etc.

Do you have any suggestion for a certain type of manage switch ( or router) which would best fit our needs from what you understand of our situation. Pretty much my main request is that i want to be able to set up some sort of QoS and maybe some access restrictions like which ports may be used. Ideally, a device which also logs activity from the users (by IP address and not by port) would be the best.

Someone suggested I get a regular 4 port router and load up a custom firmware like DD-wrt. Im not familiar with that, but if you think that would work I can give it a shot.

what do you think?

Also, i would like to add: I really appreciate your help.

[G-Stress]

DD-WRT is very nice. I use it on 2 different routers (Linksys wrt54gs) It will allow you to set access restrictions, QoS and outbound port blocking is what I found most interesting in this thread. I just checked mine and it does have an option to block services, which should work.

It has a common list of services already set that you can choose from with pre-defined ports it looks like, but I'm sure you can add your own as well. As far as activity logging I'm not too sure, if you find a good costly solution for your setup other then DD-WRT I'd be interested in knowing. Definitely check out DD-WRT, OpenWRT and Tomato firmware DD-WRT being the best from my needs.

[zx10guy]

You left out that part about the modem. In the future to get a quicker resolution to problems, you need to state everything about your network. Pulling bits and pieces will only result in wasted time.

Per your other post, you stated your connection speed is 50 Mbit with your ISP.in this case Comcast. I could be wrong...but I've never seen any cable service provide 50 Mbit downloads. But if this is actual, your problem is going to find a router which can do routing at those speeds. You'll find many routers won't support what many people assume is their actual routing speed based on the port speed of the router's physical interface.

Here's a good chart to show you routing performance of various routers:

http://www.smallnetbuilder.com/compo...rt/Itemid,189/

For the example of DD-WRT running on a Linksys WRT-54GS, you'll see based on testing it can only route at 34 Mbps. The other factor you're going to have to deal with is how many simultaneous connections can the router support. But what the chart doesn't take into account is long term stability. On a test bench running load tests for a minute or two at a time isn't going to tell you if the router is going to be stable over time being loaded down this way. There's a reason why business grade routers cost more.

Personally, I don't like DD-WRT in a production environment because the firmware support is dependent on the "community." But if you're OK with potentially having to troubleshoot problems on your own, then go for it. But again keep in mind you have to find a compatible router which runs DD-WRT with the performance characteristics you need for LAN/WAN routing.

[master4g]

sorry for leaving out the modem part, when i first posted the question I thought it would be irrelevant and might mix people up. Origionally i just wanted to know if managed switches can monitor /control /restrict computers even if there is another unmanaged swtich between the computer and the managed swtich.

Our actual internet speed right now is 22mbps down and 5 up. the comcast guy came over the other day and i asked if if it was the fastest one they have and he said they have some new "Doc 3" modem and service which does 50mbs down. I called comcast and they verified and the actual price is even cheaper than what we are paying. (it cost 189 /mo as opposed to the 200 we pay). they said i can change over by just signing a contract, but i havn't done it yet because I'm still not sure of the the fate of the computer lab i work for. Most probably it will close in 2 months but internet will continue, but there is a possibility the internet will also shut down.

thanks for linking that site, i never thought of that aspect of a router. I have a wrt54g v8 and according to that site v5 goes 54mbps. But they also mention if you click on the router that you cant flash it with dd-wrt. It shouldn't be too hard to find a fast router on that site which also can be flashed with dd-wrt if thats what we decide

what do you think of a switch like this?:
http://www.digiconcepts.com/linksys_...witches_03.htm

you can get a used one on ebay for under $50, it has some features I would be interested in like Mac filter, Qos, and having a web interface will make life easy.

[master4g]

i ordered 6 unmanaged netgear 16 port switches($150), now i just need this one router or managed switch to finalize things

[zx10guy]

MAC filtering is worthless. Just like with any wireless connection, anyone can spoof a MAC address. In addition, you're adding additional work for yourself in managing your MAC filter tables. A better method is to take advantage of 802.1x but it requires additional infrastructure to be in place to leverage this. The best deterrent towards anyone accessing a port which they shouldn't is to just turn it off/cut the connection.