1. Home
  2. Ethernet LAN
  3. router for apartment complex

router for apartment complex

Howdy Y'all!

I'm looking to get a new router for my apartment complex. At peak operation, I'd be servicing no more than 48 network devices in 16 apartment units, mostly desktops and laptops used by the renters with the exception of one web/email server visible to the outside. I'm trying to find an effective solution for as little $$$ as possible, preferably something under $200.

In order of necessity, this is a list of features for my ideal router:

  • NAT

  • a good track record for remote operation such that I won't find myself having to make an inconvenient trip to the complex to punch a stupid when a packet gets jammed somewhere. This is what is happening with my BEFW11s4 which is currently handling the routing for this place.

  • a good firewall. I don't know much about what makes a good firewall, so I'm open to recommendations on what would be good here.

  • 10 MBPS. That's all I really need for distributing broadband. Faster is okay, but this is all I really need.

  • SNMP management and monitoring

  • web-based management (though ssh or telnet would suffice)

  • dual WAN connections in case one goes out.

  • compatible with the Cisco IOS features of my Catalyst 1924 switch

  • some way to logically separate units of the apartments complex for security and bandwidth management. VLANS? My CAT switch can do port-based VLANS, but requires VTP functionality in the router.

  • dynamic domain name service client, similar to the one found in most netgear home routers

  • integrated or modular support for an ADSL bridge.

I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting some 3rd party firmware on it, but I have reservations with Linksys equipment after my experiences with my current router.

so... any recommendations on what I should get?

Thanks!

-Thomas Hallock

Reply to
Thomas Hallock
Loading thread data ...

[snip: features]

Apart form this being a bit OT here, if it has to be _cheap_: AFAIK there's very few home-``routers'' like you describe that interact well with ``cisco IOS features''. There are however a few open-source things that do more or less that. If cost is really an important factor I'd get an old pc with two network cards and start playing around with some free software. I am partial to FreeBSD[1] altough NetBSD, OpenBSD, and various linux distributions (gentoo or debian seem to be nice) will also do the trick. The price is that you'll have to gather the knowledge and the various applications and utilities together yourself.

Then again, we're talking >16 users, so I don't see why the hardware has to cost less than what you pay for _one new computer_. With a bit of accounting you can actually afford a real router to do this.

[1] FreeBSD 4.latest, as 5 hasn't entered the -STABLE phase yet.
Reply to
jpd

"jpd" kirjoitti viestissä news: snipped-for-privacy@entelocal.ipberlin.com...

A ready made FreeBSD based firewall and router distributon suitable for this purpose is m0n0wall:

formatting link
Version 1.1 came out last week. This version contains a traffic shaper and a captive portal with a Radius client for WLAN access.

We have had this serving an apartment block for over a week now. So far the results are good.

***

When using an old PC it is best to load the software (= firmware) on a Compact Flash card and use an adapter to connect it to the IDE cable. No hard drive is needed.

Reply to
Petri Krohn

How do you plan to share the costs? Will you act as an ISP to your neighbors? (And pocket the profits?)

What do you call this kind of network activity? Community networking?

***

Where do you get a 10Mbps connection that you can distribute freely at a reasonable price?

I just connected a 150 apartment block to a fiber-optic Ethernet-link. The speed had to be reduced to 6Mbps/6Mbps to get the price under 1000 euros / month

This is a though one. Not too many devices around that can do this. Some Taiwanese load balancers or "Multi-Homing Broadband Routers" have been available in Finland. One main use has been to combine to ADSL-lines for residential networks in housing co-operatives (HomePNA or Ethernet).

- Taicom TMH-121

formatting link
- Leadfly ADV420
formatting link
- Edimax BR-6524
formatting link
The price for these devices in Finland is 120 - 200 euros (including VAT)

You do the separation in the switch(es) using asymmetric port-based VLANs. I believe most new switches can be configured to work this way. This is also a standard feature in HomePNA switches.

To see how this works see the Cabletron ELS10-27MDU manual:

formatting link

***

Something like OpenWRT?

formatting link
The user inferface for OpenWRT is still lacking. My personal preference is m0n0wall (+ PC). The user interface is excellent
formatting link
What is missing from your list is a traffic shaper to stop p2p-traffic from slowing down or blocking interactive traffic. Both WRT54G + OpenWRT and m0n0wall can do the job.

Reply to
Petri Krohn

I think the poster was intending to use 10 Mbps *within the building* as it would be sharing lower speed WAN connection(s) and 100 Mbps is therefore not essential. Thanks for the useful links in your post.

Reply to
poster

Good call. Useg 10-meg equipment goes pretty cheap on eBay.

To cover your own arse, you need to isolate the tenants from each other. If someone sniffs traffic and steals credit card info, you can be held liable for not taking reasonable precautions. The cable companies got dinged for this as orignally, it was not a properly isolated setup.

You're talking about pvlans or protected ports in Cisco lingo. Essentially the "protected" ports cannot talked to each other, effectively preventing them from directly talking to each other. You also avoid having to manage 48 vlans and subnets.

If you go this route, you just need to make sure your router doesn't allow routing packets back onto the internal network. Otherwise, someone can get clever and bounce packets off the router by using a misconfigured subnet mask. The potential for someone to try ARP cache poisening or flooding would still be a concern, but probably not a huge one. Watching the syslogs on the router would help you catch that.

I think you meant vlans in the router. I would avoid using VTP if at all possible. Turn off CDP as well since that just advertises your switch/router capability.

Why worry about Dynamic DNS?

There are a bunch of 1924 switches on eBay at $9.99 at the moment. They should support protected ports.

Reply to
chris

"Petri Krohn" kirjoitti viestissä news:chdtp2$p6r$ snipped-for-privacy@news.bbnetworks.net...

Cisco calls this feature "Private VLANs" (PVLANs) or "protected ports". The feature is not supported on the Catalyst 1924 switch.

See the "Private VLAN Catalyst Switch Support Matrix":

formatting link
It is also described in RFC 3069 - VLAN Aggregation for Efficient IP Address Allocation:
formatting link

Reply to
Petri Krohn

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.