router for apartment complex

Archived from groups: comp.dcom.lans.ethernet (More info?)

Howdy Y'all!

I'm looking to get a new router for my apartment complex. At peak
operation, I'd be servicing no more than 48 network devices in 16
apartment units, mostly desktops and laptops used by the renters with
the exception of one web/email server visible to the outside. I'm trying
to find an effective solution for as little $$$ as possible, preferably
something under $200.

In order of necessity, this is a list of features for my ideal router:

* NAT

* a good track record for remote operation such that I won't find myself
having to make an inconvenient trip to the complex to punch a stupid
when a packet gets jammed somewhere. This is what is happening with my
BEFW11s4 which is currently handling the routing for this place.

* a good firewall. I don't know much about what makes a good firewall,
so I'm open to recommendations on what would be good here.

* 10 MBPS. That's all I really need for distributing broadband. Faster
is okay, but this is all I really need.

* SNMP management and monitoring

* web-based management (though ssh or telnet would suffice)

* dual WAN connections in case one goes out.

* compatible with the Cisco IOS features of my Catalyst 1924 switch

* some way to logically separate units of the apartments complex for
security and bandwidth management. VLANS? My CAT switch can do
port-based VLANS, but requires VTP functionality in the router.

* dynamic domain name service client, similar to the one found in most
netgear home routers

* integrated or modular support for an ADSL bridge.


I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
some 3rd party firmware on it, but I have reservations with Linksys
equipment after my experiences with my current router.

so... any recommendations on what I should get?

Thanks!
-Thomas Hallock
10 answers Last reply
More about router apartment complex
  1. Archived from groups: comp.dcom.lans.ethernet (More info?)

    On 2004-08-19, Thomas Hallock <altrouters.20.antialias@spamgourmet.com> wrote:
    > I'm looking to get a new router for my apartment complex. At peak
    > operation, I'd be servicing no more than 48 network devices in 16
    > apartment units, mostly desktops and laptops used by the renters with
    > the exception of one web/email server visible to the outside. I'm trying
    > to find an effective solution for as little $$$ as possible, preferably
    > something under $200.
    [snip: features]

    Apart form this being a bit OT here, if it has to be _cheap_: AFAIK
    there's very few home-``routers'' like you describe that interact well
    with ``cisco IOS features''. There are however a few open-source things
    that do more or less that. If cost is really an important factor I'd
    get an old pc with two network cards and start playing around with some
    free software. I am partial to FreeBSD[1] altough NetBSD, OpenBSD, and
    various linux distributions (gentoo or debian seem to be nice) will also
    do the trick. The price is that you'll have to gather the knowledge and
    the various applications and utilities together yourself.

    Then again, we're talking >16 users, so I don't see why the hardware has
    to cost less than what you pay for _one new computer_. With a bit of
    accounting you can actually afford a real router to do this.


    [1] FreeBSD 4.latest, as 5 hasn't entered the -STABLE phase yet.

    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
  2. Archived from groups: comp.dcom.lans.ethernet (More info?)

    "jpd" <read_the_sig@do.not.spam.it> kirjoitti viestissä
    news:1092900227.908383@entelocal.ipberlin.com...

    > If cost is really an important factor I'd get an old pc with two network
    > cards and start playing around with some free software. I am partial to
    > FreeBSD[1] altough NetBSD, OpenBSD, and various linux distributions
    > (gentoo or debian seem to be nice) will also do the trick.

    A ready made FreeBSD based firewall and router distributon suitable for this
    purpose is m0n0wall:
    http://www.m0n0.ch/wall/

    Version 1.1 came out last week. This version contains a traffic shaper and a
    captive portal with a Radius client for WLAN access.

    We have had this serving an apartment block for over a week now. So far the
    results are good.

    ***

    When using an old PC it is best to load the software (= firmware) on a
    Compact Flash card and use an adapter to connect it to the IDE cable. No
    hard drive is needed.


    --
    Petri Krohn
    petri. krohn <a@t> iki. FI(nland)
    _____________________________________________________________
    Fiber-optic Community Networking: http://www.HelsinkiOpen.net
  3. Archived from groups: comp.dcom.lans.ethernet,uk.telecom.broadband (More info?)

    "Thomas Hallock" <altrouters.20.antialias@spamgourmet.com> wrote in message
    news:altrouters.20.antialias-4AC5AB.00555419082004@geraldo.cc.utexas.edu...

    > I'm looking to get a new router for my apartment complex. At peak
    > operation, I'd be servicing no more than 48 network devices in 16
    > apartment units...

    How do you plan to share the costs?
    Will you act as an ISP to your neighbors? (And pocket the profits?)

    What do you call this kind of network activity? Community networking?

    ***

    > In order of necessity, this is a list of features for my ideal router:
    > * NAT
    > * remote operation...
    > * a good firewall...

    > * 10 MBPS. That's all I really need for distributing broadband.
    > Faster is okay, but this is all I really need.

    Where do you get a 10Mbps connection that you can distribute freely at a
    reasonable price?

    I just connected a 150 apartment block to a fiber-optic Ethernet-link. The
    speed had to be reduced to 6Mbps/6Mbps to get the price under 1000 euros /
    month

    > * dual WAN connections in case one goes out.

    This is a though one. Not too many devices around that can do this.
    Some Taiwanese load balancers or "Multi-Homing Broadband Routers" have been
    available in Finland. One main use has been to combine to ADSL-lines for
    residential networks in housing co-operatives (HomePNA or Ethernet).

    - Taicom TMH-121
    http://www.taicom.com.tw/cpebu2/BU2-WEB/PDF/DM/TMH141-%20DM-V650.pdf
    - Leadfly ADV420
    http://www.leadfly.com/ADV420_Manual_1_3_1.pdf
    - Edimax BR-6524
    http://www.edimax.com/html/english/products/BR-6524.htm

    The price for these devices in Finland is 120 - 200 euros (including VAT)

    > * some way to logically separate units of the apartments complex for
    > security and bandwidth management. VLANS? My CAT switch can do
    > port-based VLANS, but requires VTP functionality in the router.

    You do the separation in the switch(es) using asymmetric port-based VLANs.
    I believe most new switches can be configured to work this way. This is also
    a standard feature in HomePNA switches.

    To see how this works see the Cabletron ELS10-27MDU manual:
    http://www.enterasys.com/support/manuals/hardware/3276.pdf

    ***

    > I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
    > some 3rd party firmware on it, but I have reservations with Linksys
    > equipment after my experiences with my current router.

    Something like OpenWRT?
    http://openwrt.org/

    The user inferface for OpenWRT is still lacking. My personal preference is
    m0n0wall (+ PC). The user interface is excellent
    http://www.m0n0.ch/wall/

    What is missing from your list is a traffic shaper to stop p2p-traffic from
    slowing down or blocking interactive traffic. Both WRT54G + OpenWRT and
    m0n0wall can do the job.


    --
    Petri Krohn
    petri. krohn <a@t> iki. FI(nland)
    _____________________________________________________________
    Fiber-optic Community Networking: http://www.HelsinkiOpen.net
  4. Archived from groups: comp.dcom.lans.ethernet,uk.telecom.broadband (More info?)

    On Sun, 5 Sep 2004 in uk.telecom.broadband, "Petri Krohn" wrote:

    >> * 10 MBPS. That's all I really need for distributing broadband.
    >> Faster is okay, but this is all I really need.

    >Where do you get a 10Mbps connection that you can distribute freely
    >at a reasonable price?

    I think the poster was intending to use 10 Mbps *within the building*
    as it would be sharing lower speed WAN connection(s) and 100 Mbps is
    therefore not essential. Thanks for the useful links in your post.
  5. Archived from groups: comp.dcom.lans.ethernet (More info?)

    On Thu, 19 Aug 2004 00:55:54 -0500, Thomas Hallock
    <altrouters.20.antialias@spamgourmet.com> wrote:

    >Howdy Y'all!
    >
    >I'm looking to get a new router for my apartment complex. At peak
    >operation, I'd be servicing no more than 48 network devices in 16
    >apartment units, mostly desktops and laptops used by the renters with
    >the exception of one web/email server visible to the outside. I'm trying
    >to find an effective solution for as little $$$ as possible, preferably
    >something under $200.
    >
    >In order of necessity, this is a list of features for my ideal router:
    >
    >* NAT
    >
    >* a good track record for remote operation such that I won't find myself
    >having to make an inconvenient trip to the complex to punch a stupid
    >when a packet gets jammed somewhere. This is what is happening with my
    >BEFW11s4 which is currently handling the routing for this place.
    >
    >* a good firewall. I don't know much about what makes a good firewall,
    >so I'm open to recommendations on what would be good here.
    >
    >* 10 MBPS. That's all I really need for distributing broadband. Faster
    >is okay, but this is all I really need.

    Good call. Useg 10-meg equipment goes pretty cheap on eBay.

    >* SNMP management and monitoring
    >
    >* web-based management (though ssh or telnet would suffice)
    >
    >* dual WAN connections in case one goes out.
    >
    >* compatible with the Cisco IOS features of my Catalyst 1924 switch
    >
    >* some way to logically separate units of the apartments complex for
    >security and bandwidth management. VLANS? My CAT switch can do
    >port-based VLANS, but requires VTP functionality in the router.

    To cover your own arse, you need to isolate the tenants from each
    other. If someone sniffs traffic and steals credit card info, you can
    be held liable for not taking reasonable precautions. The cable
    companies got dinged for this as orignally, it was not a properly
    isolated setup.

    You're talking about pvlans or protected ports in Cisco lingo.
    Essentially the "protected" ports cannot talked to each other,
    effectively preventing them from directly talking to each other. You
    also avoid having to manage 48 vlans and subnets.

    If you go this route, you just need to make sure your router doesn't
    allow routing packets back onto the internal network. Otherwise,
    someone can get clever and bounce packets off the router by using a
    misconfigured subnet mask. The potential for someone to try ARP cache
    poisening or flooding would still be a concern, but probably not a
    huge one. Watching the syslogs on the router would help you catch
    that.

    I think you meant vlans in the router. I would avoid using VTP if at
    all possible. Turn off CDP as well since that just advertises your
    switch/router capability.


    >* dynamic domain name service client, similar to the one found in most
    >netgear home routers

    Why worry about Dynamic DNS?

    >* integrated or modular support for an ADSL bridge.
    >
    >
    >
    >I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
    >some 3rd party firmware on it, but I have reservations with Linksys
    >equipment after my experiences with my current router.


    There are a bunch of 1924 switches on eBay at $9.99 at the moment.
    They should support protected ports.
  6. Archived from groups: comp.dcom.lans.ethernet (More info?)

    ------------------------

    >Howdy Y'all!
    >
    >I'm looking to get a new router for my apartment complex. At peak
    >operation, I'd be servicing no more than 48 network devices in 16
    >apartment units, mostly desktops and laptops used by the renters with
    >the exception of one web/email server visible to the outside. I'm trying
    >to find an effective solution for as little $$$ as possible, preferably
    >something under $200.
    >
    >In order of necessity, this is a list of features for my ideal router:
    >
    >* NAT
    >
    >* a good track record for remote operation such that I won't find myself
    >having to make an inconvenient trip to the complex to punch a stupid
    >when a packet gets jammed somewhere. This is what is happening with my
    >BEFW11s4 which is currently handling the routing for this place.
    >
    >* a good firewall. I don't know much about what makes a good firewall,
    >so I'm open to recommendations on what would be good here.
    >
    >* 10 MBPS. That's all I really need for distributing broadband. Faster
    >is okay, but this is all I really need.
    >* SNMP management and monitoring
    >
    >* web-based management (though ssh or telnet would suffice)
    >
    >* dual WAN connections in case one goes out.
    >
    >* compatible with the Cisco IOS features of my Catalyst 1924 switch
    >
    >* some way to logically separate units of the apartments complex for
    >security and bandwidth management. VLANS? My CAT switch can do
    >port-based VLANS, but requires VTP functionality in the router.
    >* dynamic domain name service client, similar to the one found in most
    >netgear home routers
    >* integrated or modular support for an ADSL bridge.
    >
    >
    >
    >I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
    >some 3rd party firmware on it, but I have reservations with Linksys
    >equipment after my experiences with my current router.

    ---------------End of Original Message-----------------

    A Nortel Contivity switch fits your requirements pretty well.
    They have IPSec compatible NAT so your clients can use their
    VPN software through it to connect to their own company networks.

    Fronting it with a BayStack 470 would also allow you to cable
    the apartment units in such a way so that they can communicate
    to the Internet but not with each other ("private VLAN"), for
    security/liability relief. No proprietary protocols are used
    to do this.

    /*
    Paul Tichy Houston 281-260-4849
    Southwest District Achitect, Switching Solutions
    Nortel Networks
    */
  7. Archived from groups: comp.dcom.lans.ethernet (More info?)

    Paul Tichy wrote:

    >
    > ------------------------
    >
    >>Howdy Y'all!
    >>
    >>I'm looking to get a new router for my apartment complex. At peak
    >>operation, I'd be servicing no more than 48 network devices in 16
    >>apartment units, mostly desktops and laptops used by the renters with
    >>the exception of one web/email server visible to the outside. I'm trying
    >>to find an effective solution for as little $$$ as possible, preferably
    >>something under $200.
    >>
    >>In order of necessity, this is a list of features for my ideal router:
    >>
    >>* NAT
    >>
    >>* a good track record for remote operation such that I won't find myself
    >>having to make an inconvenient trip to the complex to punch a stupid
    >>when a packet gets jammed somewhere. This is what is happening with my
    >>BEFW11s4 which is currently handling the routing for this place.
    >>
    >>* a good firewall. I don't know much about what makes a good firewall,
    >>so I'm open to recommendations on what would be good here.
    >>
    >>* 10 MBPS. That's all I really need for distributing broadband. Faster
    >>is okay, but this is all I really need.
    >>* SNMP management and monitoring
    >>
    >>* web-based management (though ssh or telnet would suffice)
    >>
    >>* dual WAN connections in case one goes out.
    >>
    >>* compatible with the Cisco IOS features of my Catalyst 1924 switch
    >>
    >>* some way to logically separate units of the apartments complex for
    >>security and bandwidth management. VLANS? My CAT switch can do
    >>port-based VLANS, but requires VTP functionality in the router.
    >>* dynamic domain name service client, similar to the one found in most
    >>netgear home routers
    >>* integrated or modular support for an ADSL bridge.
    >>
    >>
    >>
    >>I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
    >>some 3rd party firmware on it, but I have reservations with Linksys
    >>equipment after my experiences with my current router.
    >
    > ---------------End of Original Message-----------------
    >
    > A Nortel Contivity switch fits your requirements pretty well.
    > They have IPSec compatible NAT so your clients can use their
    > VPN software through it to connect to their own company networks.
    >
    > Fronting it with a BayStack 470 would also allow you to cable
    > the apartment units in such a way so that they can communicate
    > to the Internet but not with each other ("private VLAN"), for
    > security/liability relief. No proprietary protocols are used
    > to do this.

    The problem with this approach is that they might _want_ to communicate with
    each other.
    >
    > /*
    > Paul Tichy Houston 281-260-4849
    > Southwest District Achitect, Switching Solutions
    > Nortel Networks
    > */

    --
    --John
    Reply to jclarke at ae tee tee global dot net
    (was jclarke at eye bee em dot net)
  8. Archived from groups: comp.dcom.lans.ethernet (More info?)

    >> Fronting it with a BayStack 470 would also allow you to cable
    >> the apartment units in such a way so that they can communicate
    >> to the Internet but not with each other ("private VLAN"), for
    >> security/liability relief. No proprietary protocols are used
    >> to do this.
    >
    >The problem with this approach is that they might _want_ to communicate with
    >each other.

    Yeah, that's a possibility. I still wouldn't advise allowing them.
    I'd rather have a secure setup and avoid the possibility of a tenant
    pointing the finger at my setup as the reason they got hacked by their
    neighbor.

    If you're natting, then they can still talk, but it's through the
    front end router where you can still control unsafe ports.


    -Chris
  9. Archived from groups: comp.dcom.lans.ethernet (More info?)

    ------------------------
    From: "J. Clarke" <jclarke@nospam.invalid>
    Subject: Re: router for apartment complex
    Date: Sun, 05 Sep 2004 14:33:29 -0400
    To: "comp.dcom.lans.ethernet" >
    >>Howdy Y'all!
    >>
    >>I'm looking to get a new router for my apartment complex. At peak
    >>operation, I'd be servicing no more than 48 network devices in 16
    >>apartment units, mostly desktops and laptops used by the renters with
    >>the exception of one web/email server visible to the outside. I'm trying
    >>to find an effective solution for as little $$$ as possible, preferably
    >>something under $200.
    >>
    >>In order of necessity, this is a list of features for my ideal router:
    >>
    >>* NAT
    >>
    >>* a good track record for remote operation such that I won't find myself
    >>having to make an inconvenient trip to the complex to punch a stupid
    >>when a packet gets jammed somewhere. This is what is happening with my
    >>BEFW11s4 which is currently handling the routing for this place.
    >>
    >>* a good firewall. I don't know much about what makes a good firewall,
    >>so I'm open to recommendations on what would be good here.
    >>
    >>* 10 MBPS. That's all I really need for distributing broadband. Faster
    >>is okay, but this is all I really need.
    >>* SNMP management and monitoring
    >>
    >>* web-based management (though ssh or telnet would suffice)
    >>
    >>* dual WAN connections in case one goes out.
    >>
    >>* compatible with the Cisco IOS features of my Catalyst 1924 switch
    >>
    >>* some way to logically separate units of the apartments complex for
    >>security and bandwidth management. VLANS? My CAT switch can do
    >>port-based VLANS, but requires VTP functionality in the router.
    >>* dynamic domain name service client, similar to the one found in most
    >>netgear home routers
    >>* integrated or modular support for an ADSL bridge.
    >>
    >>
    >>
    >>I'm leaning towards getting a Linksys WRT54G ($56 at NewEgg) and putting
    >>some 3rd party firmware on it, but I have reservations with Linksys
    >>equipment after my experiences with my current router.
    >
    > ---------------End of Original Message-----------------
    >
    > A Nortel Contivity switch fits your requirements pretty well.
    > They have IPSec compatible NAT so your clients can use their
    > VPN software through it to connect to their own company networks.
    >
    > Fronting it with a BayStack 470 would also allow you to cable
    > the apartment units in such a way so that they can communicate
    > to the Internet but not with each other ("private VLAN"), for
    > security/liability relief. No proprietary protocols are used
    > to do this.

    The problem with this approach is that they might _want_ to communicate with
    each other.
    >
    > /*
    > Paul Tichy Houston 281-260-4849
    > Southwest District Achitect, Switching Solutions
    > Nortel Networks
    > */

    --
    --John
    Reply to jclarke at ae tee tee global dot net
    (was jclarke at eye bee em dot net)
    ---------------End of Original Message-----------------

    And naturally, the same product can be configured to do
    that, if desired. It isn't all or none.

    /*
    Paul Tichy Houston 281-260-4849
    Southwest District Achitect, Switching Solutions
    Nortel Networks
    */
  10. Archived from groups: comp.dcom.lans.ethernet,uk.telecom.broadband (More info?)

    "Petri Krohn" <etunimi.sukunimi@iki.fi.invalid> kirjoitti viestissä
    news:chdtp2$p6r$1@news.bbnetworks.net...

    > You can do the separation in the switches using asymmetric port-based
    > VLANs. This is also a standard feature in HomePNA switches.

    > To see how this works see the Cabletron ELS10-27MDU manual:
    > http://www.enterasys.com/support/manuals/hardware/3276.pdf

    Cisco calls this feature "Private VLANs" (PVLANs) or "protected ports".
    The feature is not supported on the Catalyst 1924 switch.

    See the "Private VLAN Catalyst Switch Support Matrix":
    http://www.cisco.com/warp/public/473/63.html

    It is also described in RFC 3069 -
    VLAN Aggregation for Efficient IP Address Allocation:
    http://www.faqs.org/rfcs/rfc3069.html


    --
    Petri Krohn
    petri. krohn <a@t> iki. FI(nland)
    _____________________________________________________________
    Fiber-optic Community Networking: http://www.HelsinkiOpen.net
Ask a new question

Read More

Routers Networking