Hi, I have been tasked with some network improvement in our office. Though I'm not a networking guy, I know some of the very basics and am usually very much interested in these things.
Our network previously had 2 separate internet connections and two wireless routers, all of the PCs connected wirelessly, about 15 PCs and a bunch of mobile devices, a wireless IP Camera and a wireless Printer.
The first thing I did 2-3 days ago was get a TPLink TL-R480T+ Load Balance Router for load balancing and a Cisco e1200 Wifi-Router and connected it in AP only mode. This load balancing and a single Access Point was the whole improvement idea.
Then the management asked me to block some social networking sites during office hours, which I did using Basic Domain Filtering on the router.
Now there are two more requirements, and I'm kinda afraid that the last purchase would be wasted. They want to limit access to the allowed devices only, for that I can do MAC filtering or use the PPPoE server on this router combined with MAC bindings the PPPoE accounts. But the MAC addresses are spoofable.
This other requirement is to make them be able to monitor traffic to report internet misuse. They want to be able to see sites visited for each user/PC. For this we can use some packet sniffer (Wireshark) on a PC which can monitor all wireless traffic, or use the router's Port Mirroring. But wireshark gives way too much info. They are asking for a solution which can make a management friendly log and using which some sort of reporting can be done.
On the internet, some are talking about firewalls like pfSense or Smoothwall, but that would also make our load balance router go useless, as pfSense can itself load balance.
Another issue raised now is, there is a separate office going to be functional in 1-2 months, this office is in a separate building, next to the first office's building. Distance between two building will be 100-150 feet. New hirings are being done. Eventually there will be equal devices there too. Every policy here will be applied there too. Our recent purchased router doesn't support VPN.
Now my questions are, in accordance with usual practices, what are the best ways to
1) Filter Prohibited Sites / Apps (torrents etc)
2) Control access - Is using PPPoE in private LANs a good idea. (Besides the fact that I dont even know if there would be any benefit?) How would we handle MAC cloning.
3) Traffic Monitoring - Do tell me every possible alternate you can think of, in every possible setup
4) Handle Second Office - Should we try to connect them physically somehow? (Cable/Wireless). Should it be handled via VPN? (Would VPN makes second network go slow?)
5) Should I think about DD-WRT/OpenWRT on the router? Are there any benefits?
P.S. This post has gone so long, I didn't think of this before. Ofcourse we should have some dedicated human resource for it or some consultancy, but I have to do it because I have to do it now.
Thanks, even if you only read (all of it).
Our network previously had 2 separate internet connections and two wireless routers, all of the PCs connected wirelessly, about 15 PCs and a bunch of mobile devices, a wireless IP Camera and a wireless Printer.
The first thing I did 2-3 days ago was get a TPLink TL-R480T+ Load Balance Router for load balancing and a Cisco e1200 Wifi-Router and connected it in AP only mode. This load balancing and a single Access Point was the whole improvement idea.
Then the management asked me to block some social networking sites during office hours, which I did using Basic Domain Filtering on the router.
Now there are two more requirements, and I'm kinda afraid that the last purchase would be wasted. They want to limit access to the allowed devices only, for that I can do MAC filtering or use the PPPoE server on this router combined with MAC bindings the PPPoE accounts. But the MAC addresses are spoofable.
This other requirement is to make them be able to monitor traffic to report internet misuse. They want to be able to see sites visited for each user/PC. For this we can use some packet sniffer (Wireshark) on a PC which can monitor all wireless traffic, or use the router's Port Mirroring. But wireshark gives way too much info. They are asking for a solution which can make a management friendly log and using which some sort of reporting can be done.
On the internet, some are talking about firewalls like pfSense or Smoothwall, but that would also make our load balance router go useless, as pfSense can itself load balance.
Another issue raised now is, there is a separate office going to be functional in 1-2 months, this office is in a separate building, next to the first office's building. Distance between two building will be 100-150 feet. New hirings are being done. Eventually there will be equal devices there too. Every policy here will be applied there too. Our recent purchased router doesn't support VPN.
Now my questions are, in accordance with usual practices, what are the best ways to
1) Filter Prohibited Sites / Apps (torrents etc)
2) Control access - Is using PPPoE in private LANs a good idea. (Besides the fact that I dont even know if there would be any benefit?) How would we handle MAC cloning.
3) Traffic Monitoring - Do tell me every possible alternate you can think of, in every possible setup
4) Handle Second Office - Should we try to connect them physically somehow? (Cable/Wireless). Should it be handled via VPN? (Would VPN makes second network go slow?)
5) Should I think about DD-WRT/OpenWRT on the router? Are there any benefits?
P.S. This post has gone so long, I didn't think of this before. Ofcourse we should have some dedicated human resource for it or some consultancy, but I have to do it because I have to do it now.
Thanks, even if you only read (all of it).