Network infrastructure for a small office

We talked earlier this week about servers, and undoubtedly some more questions will come up, but let’s go ahead and talk about small-office network infrastructure.
Cable and DSL modems are affordable enough that any small office within the service area of either ought to get one. For the cost of three dialup accounts, you can have Internet service that’s fast enough to be worth having.

I’ve talked a lot about sharing a broadband connection with Freesco, and while I like Freesco, in an office environment I recommend you get an appliance such as those offered by Linksys, US Robotics, D-Link, Netgear, Siemens, and a host of other companies. There are several simple reasons for this: The devices take up less space, they run cooler, there’s no need to wait for them to boot up in case of power failure or someone accidentally unplugging it, and being solid state, theoretically they’re more reliable than a recycled Pentium-75. Plus, they’re very fast and easy to set up (we’re talking five minutes in most cases) and very cheap–under $50. When I just checked, CompUSA’s house brand router/switch was running $39. It’s hard to find a 5-port switch for much less than that. Since you’ll probably use those switch ports for something anyway, the $10-$20 extra you pay to get broadband connection sharing and a DHCP server is more than worth your time.

My boss swears that when he replaced his Linksys combo router/100-megabit switch with a much pricier Cisco combo router/10-megabit switch, the Cisco was faster, not only upstream, but also on the local network. I don’t doubt it, but you can’t buy Cisco gear at the local office supply store for $49.

For my money, I’d prefer to get a 24-port 3Com or Intel switch and plug it into a broadband sharing device but you’ll pay a lot more for commercial-grade 3Com or Intel gear. The cheap smallish switches you’ll see in the ads in the Sunday papers will work OK, but their reliability won’t be as high. Keep a spare on hand if you get the cheap stuff.

What about wireless? Wireless can save you lots of time and money by not having to run CAT5 all over the place–assuming your building isn’t already wired–and your laptop users will love having a network connection anywhere they go. But security is an issue. At the very least, change your SSID from the factory default, turn on WEP (check your manual if it isn’t obvious how to do it), and hard-code your access point(s) to only accept the MAC addresses of the cards your company owns (again, check your manual). Even that isn’t enough necessarily to keep a determined wardriver out of your network. Cisco does the best job of providing decent security, but, again, you can’t buy Cisco gear at your local Staples. Also, to make it easier on yourself, make sure your first access point and your first couple of cards are the same brand. With some work, the variety pack will usually work together. Like-branded stuff always will. When you’re doing your initial setup, you want the first few steps to go as smoothly as possible.

I’d go so far as to turn off DHCP on the wireless segment. Most wardrivers probably have the ability to figure out your network topology, gateway, and know some DNSs. But why make life easier for them? Some won’t know how to do that, and that’ll keep them out. The sophisticated wardriver may decide it’s too much trouble and go find a friendlier network.

Why worry about wireless security? A wardriver may or may not be interested in your LAN. But that’s one concern. And while I don’t care if someone mooches some bandwidth off my LAN to go read USA Today, and I’d only be slightly annoyed if he used it to go download the newest version of Debian, I do care if someone uses my wireless network to send spam to 250,000 of his closest friends, or if he uses my wireless network to visit a bunch of child porn or warez sites.

Enough about that. Let’s talk about how to wire everything. First off, if you use a switched 100-megabit network, you can just wire everything together and not give much thought to anything. But if you’re using hubs or wireless to connect your desktops, be sure to put your servers on 100-megabit switch ports. The servers can then talk to each other at full speed if and when that’s necessary. And a switch port allows them to talk at full speed to a number of slower desktop PCs at once. The speed difference can be noticable.

5 thoughts on “Network infrastructure for a small office

  • January 18, 2003 at 7:50 pm
    Permalink

    I am a Freesco user and I have been thinking about getting something to replace it with. I looked at those appliances you talked about but decided against them. They have their positive sides, like small footprint and easy on current consumption but they are also too simple for my taste. You get 4 or 5 port 100/10 Mbit ports on those (if you are buying the cheap stuff) which is not a whole lot. I am running Freesco today along with an 8 port switch (using 5 already). The solution gives me great flexibility as well. I can add and remove services, I can add a NIC and put a server into DMZ if I want to and the list goes on. I am running it on a 90 MHz Dell Optiplex which is pretty small and whisper quiet. With no harddrive and a very quiet 145W power supply, I can barely hear it. I got no fan on the cpu itself.

    No, my next choice will either be to upgrade to Freesco 0.3.0 or to make my own router.

    A hint to your readers if they are considering turning an older computer into a router: If you got a 120MHz or 133 MHz machine at home that has got a cpu fan that makes noise, then simply reduce the frequency that the CPU is running on. These older processors are not frequency locked in any way and they will run fine at lower frequencies. You can then remove the fan (not the heatsink though) since they will draw less current and generate much less heat.

    Also another point. These router “appliances” are sometimes a pain for those who understand nothing about networking and they might even frustrate those who do. A friend who had set up a RTCW server needed to forward a port through to his RTCW server. I looked at the fat manual that came along and I couldn’t find anything at first on port forwarding. I ended up spending 10 minutes or so scanning various parts of the manual to try and find the needle in the haystack. The reason why I couldn’t find anything on port forwarding because the idiots that wrote the manual (probably working with a marketing department on drugs) had decided to call port forwarding something entirely different. They came up with their own name for this for some stupid reason. They probably wanted to look like they had invented the idea or something.

    Just my .02 cents….

    /Dave T.

  • January 18, 2003 at 10:55 pm
    Permalink

    At my work we have hundreds of servers and a sophisticated SAN…hardly a small office type of setup. At home, though, I have two Linux boxes and a Windows box, with one Linux box acting as a web/email/Samba server. Somewhat comparable to a likely small office setup.

    I have a Toshiba cable modem and a cheap Linksys router and a Linksys switch, which are a couple of years old. I’ve put them all on one surge protector, and troubleshooting consists of flipping the switch off and on to power cycle the devices when I have a problem.

    With the Linksys router administration is done via a web interface, and the default is to allow administration only through a connection on the LAN side of the router, so that someone on the Internet can’t guess the password and hack in to change your router configuration.

    Setting up port forwarding is as simple as picking the “Advanced” tab, then the “Forwarding” tab. This tab allows me to select 10 ranges of ports to send to a particular host in the 192.168.1.x private ip range. It’s pretty simple and I’d think adequate for most small businesses. Probably such devices are even cheaper and more capable now than a couple of years ago.

    Ah well, time for me to get back to the el cheapo copy of “Programming Perl” that I got from Half Price Books today.

  • January 19, 2003 at 8:57 am
    Permalink

    I put my church on a Linksys box and cable modem. It’s more problematic than the Cisco routers we have at work but, again, look at the cost, and by “problematic” I mean they had to power-cycle the Linksys once in the past year, and I’m still not sure whether the problem was with the Linksys, their cable modem, or their cable modem service.

    At home I use a Linksys box and I run my Web site behind it. I’d use Freesco, but I’m supposed to support our deployed users, so I use what I support, to keep me fresh. A Freesco box is much more versatile, I’ll definitely grant that. What swayed me in the direction of buying vs. building is cost. When the Linksys devices cost $199, I’d grab an old 486 or Pentium and run Freesco. Now that they cost $49 and the house-brand ones cost $39, I have a hard time justifying the half-hour or so it takes me to put together the hardware and configure the software.

  • January 19, 2003 at 9:50 am
    Permalink

    I found one thing that helped make my DSL system stable (I run a SOHOware Broadguard router) was to put the DSL modem and router on a little UPS. Just enough to keep it going. That alone ended the phone calls from my wife and/or plugging in myself and finding it didn’t work…

  • January 19, 2003 at 12:12 pm
    Permalink

    Something similar here, with a D-Link dialup router feeding the network through a Linksys hub and a Belkin access point. The server currently is a P-100 NT4ws that serves up the intranet and handles file storage for the family’s boxes and boxen. Low tech, but workable…

    Current plans (constantly evolving as I move my gear out of what will soon be Brad’s room) include giving Freesco a shot on several of the Fujitsu 1200s I have laying around. I figure a flashdisk-based dedicated router on one and file serving on one or two others should hold us for a few years.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux