1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mid-sized Network

Discussion in 'Networking' started by ramsey2015, May 26, 2015.

Thread Status:
Not open for further replies.
  1. ramsey2015

    ramsey2015 Thread Starter

    May 26, 2015
    I volunteer at a mid-sized church (200-300) attending members.We are looking to increase our network capabilities.We are in the process of getting the internet speed and bandwidth increased.We currently have 3 wireless network routers to allow staff access.We want to increase the reach of this and also add a guest network for the members.Also since we are going to have to replace the existing network/internet interface would like to have the following:VPN, site content filtering, VLans, wi-fi access login/usage acceptance, wired wi-fi access points.
    Of these is there a reason to establish separate physical networks vs VLans?
    Is there good software/hardware to handle wi-fi login/usage acceptance and also provide for web site content filtering?
    Recommendations on Access Points
    Also recommendations on firewall/internet appliance?

  2. kanaitpro

    kanaitpro Account Closed

    Feb 13, 2013
    for a job like this, i would have to see the place and what exactly you have going on now, as well as take various measurements on things like coverage area and interference points. it is almost impossible to advise you on what to do with anything on this scale without at least a floorplan, and that won't tell me what the layout is actually like, in terms of interference and coverage. your best bet is to get a reputable company, not necessarily a big one, or have one of the members find someone who works in network administration or the like and pay them to come out and do this for you.

    separate networks is going to be cheaper for you, as you already have the routers. you may want to consider purchasing equipment that will handle vlans for future growth or ease of maintenance. another option is to use windows server 2008 or 2012 and use active directory for the staff and have a separate open network for members (when i say open, put a password on it, and change it every two or three months). as for access points and firewalls, anything with cisco in the name is going to be overpriced.

    there are some very good options for you, and it all boils down to two things: price and skill. with more skill, you can do it cheaper, with less skill, you will pay for ease of setup. best bet is to call in a prefessional, or at least someone local who is knowledgeable who can look at the whole thing.

    whatever you use, be careful of the pretty lights. change the default password. configure it properly.
    Last edited: May 26, 2015
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Mar 30, 2008
    You can tackle your requirements in a number of ways. The first thing you need to do is to figure out what the budget is and performance requirements (since you've pretty much have the features pinned down already). For the wireless portion, you can do it a number of ways. One way is to utilize a firewall which can act as a wireless controller. In this scenario, you would buy light weight APs that hang off a wired network but are centrally controlled/managed by this firewall. An example of one such firewall is SonicWall. The other option is to approach the wireless requirement with a wireless centric system. There are two types of wireless systems out there. One is controller based where you have a central controller that manages APs. The other uses a virtual controller setup where a group of APs work together where one AP performs as the controller through an election process. Examples of wireless companies are Aruba Networks, Aerohive, Ubiquiti, and of course Cisco.

    The use of VLANs is pretty common in this situation where many administrators want to have the guest network isolated from the rest of the production network. There are methods where the guest traffic can be co-located with the production traffic and still maintain security. Going into that method is probably more than you want to deal with. A quick basic setup I would consider for this project is to find a wireless system which has captive portal capability. Depending on the captive portal features, you can have a system which does NOT require you to have some preshared key to disseminate out to people and needing to change periodically. One such system I know about allows the admin to create a guest wireless SSID with no wireless encryption needed. The captive portal presents a web page when the user connects their mobile device to the guest wireless and surfs a website. The captive portal web page pops up instead and presents a terms of use along with any identifying information you may want from the guest. If you're so inclined to prevent full open use of the guest network, the system can request a contact person the guest may know for access approval. The system then generates an email to the contact person with a link that the contact person can click in the email to grant access. Until that access is granted, the guest does not get any network resources.

    For firewall duties, I would look for a firewall with UTM capabilities. This firewall would have content filtering which will help in preventing users on the network from accessing sites they shouldn't. You should also look for a firewall with DPI (deep packet inspection) ability. This firewall would be layered on top of the wireless system you want to implement.

    As far as the other poster's comment about getting a professional company to assist, I do agree to a point. It's best to get someone with experience to implement this type of system properly. But it's not totally impossible without having professional help with regards to implementing a proper wireless system. Many manufacturers have tools which allow you to import floor plans and then drag/drop various model APs onto the floor to get an estimate on performance/coverage. It's not as accurate as a full blown site survey and doesn't take into account external interference factors, but does get you some what close.

    One thing is for sure, implementing this type of system is going to cost some money whether it be equipment or into services.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148845

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice