1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help me with this network setup, PIC inside.

Discussion in 'Cisco/Linksys Wireless Routers' started by i0's, Dec 14, 2006.

  1. i0's

    i0's LI Guru Member

    I am helping someone with a home office network, would appreciate any help or advice you can give.

    -Linksys WRT54GL with Firmware Version: v4.71.1, Hyperwrt 2.1b1 + Thibor15c
    -Dell Powerconnect 2708 8-Port Gigabit Switch
    -All Cable will be Cat6 cables

    Please refer to the attached picture for the setup. Setup Picture
    Please let me know if the setup is right and will work. I already have a WRT54GL and going to buy a Powerconnect 2708. Connected Port1 of wrt to port1 of 2708, simply to access the internet. I will assign a static IP for the 2708 and turn off DHCP on 2708. The 4 computers connected on the 2708 will be backing up data on the NAS server almost everyday, also the NAS server will be accessed regularly for shared data.

    My concerns are:
    1. what static IP should i assign for 2708, linksys is
    2. Since WRT54GL is the one assigning IP addresses will my network slow down because WRT54GL is only capable of 100Mb? I really need the speed of the 2708 gigabit switch due to the constant data transfer between the 4 computer and NAS server on the 2708 switch.
    3. Does the RJ45 Modular (plug) matter if one the packaging it says only 10/100?
    4. How can I increase security to the network? btw, the wireless on the WRT54GL will be on for 4 laptops

    Thats all I can think about. Please do question me if you see flaws in the design.

    Thank you for your time.
  2. ifican

    ifican Network Guru Member

    The design in concept should work fine, the question is though is the ip you plan to put on the 2708 for management only or is it the interface IP? If its management you can IP it the same as the lan for the 54gl however if it is going to be an interface IP it will not work very easily.

    The 54gl will be the bottleneck in terms of throughput for machines not connected to the 2708 but 1000ful is not in reality as fast as you think compared to 100full. As far as the plug is concerned it will work fine, as well as cat5 will work fine as long as you are using all pairs (all 8 wires).

    Security on the otherhand is a personal thing, you can get crazy stupid or very basic just depends on how "secure" you want to get. Give us an idea of what you have in mind for security and I am sure someone will have an idea.
  3. i0's

    i0's LI Guru Member

    Thanks for replying. Btw, I am not a expert on networking, just know basic home networking, please bare with me and apologize in advance for my newbieness =).

    I am not quite sure what u mean by management and interface, isn't it you use a IP to access the interface to manage the device?

    I am not concerned regarding speeds with the computers not directly connected to the 2708 switch. So traffic from one of these 4 computers connected to the 2708 switch will not have to go through WRT54GL? since, WRT54GL is the one assigning IPs? I know it is foolish to expect gigabit speeds but from what I have heard you do feel the difference when transferring files compared to a 100Mb/s network.

    Security, hehehe bullet proof would be good but I know that is unrealistic. I know WRT54GL has a NAT firewall. Just want something simple but yet effective and making the network harder to access for a hacker, should I install a software firewall, which one?

  4. ifican

    ifican Network Guru Member

    No worries on being new, we all started somewhere.

    Ok better yet, dont worry about any ip for the 2708, the way your diagram is laid out it looked like you were going to IP the 2708 but there is no need to do so. As far as speeds are concerned, I only brought that up so you were aware. Yes you will see a difference especially with really big files, but the maximum sustainable throughput i have seen for any gigabit device has been right around 225mbps. Some reports show a little more some a little less just know for the sake of knowing that its only about 2.5 times faster then 100full not the 10 thats reported.

    For security, I am sure we can design a nice carbon fiber box that will absord a couple rounds from a high powered weapon and still let the wireless signal out :). Really though you will need to see what the best wireless encryption your laptops will sustain, not all are created equal and go with that. I use WPA at home but theres also WPA2 and WEP that are both good choices rather then nothing. You can also think about only limiting your dhcp scope to the amount of machine connected and even assigning ip's by mac so all the machine get the same ip all the time. There are several other ways to limit machine access if you so desire but that should give you a head start.
  5. i0's

    i0's LI Guru Member

    Thx again ifican and putting up with me, appreciate your patience.

    For the setup, I will leave it as its drawn, but for the software part, please correct me if I am wrong, I will have to turn off DHCP on 2708 switch and on WRT54GL assign say and done. So if I want to access the 2708 management interface, i just type and I am in?? btw WRT54GL is
    Or, if you think there is a better and more efficient way of setting this up , I am open to options.

    "carbon fiber box" OMG, that is exactly what I was thinking, j/k. I know what you mean by the wireless encryption, currenty its WEP caz some PDAs need to connect to the network and that is the only encryption is supports. If I take the PDAs out of the equation, which encryption should I go for? can you please rank them? I know none of them are bullet proof, just harder and longer to crack, I have seen those cracking video, evilllll.

    Again, thx.
  6. HennieM

    HennieM Network Guru Member

    It seems ifican has taken a short holiday, so I'll answer some...


    NONE (worst)
    WPA2 (best)

    but be aware that your encryption keys should be sufficiently long and not easily guessible.

    Static IP of the 2708 should be OUTSIDE the range of dynamically assigned IPs. If your WRT assigns IPs from and up, then is fine.

    Just so you know: Assigning a IP address to a device, and then that device communicating over the network with any other device, has little to do with each other. If 2 machines connected to the 2708 communicate with each other, they'll talk directly, save for the occasional IP address lookup or so that will go to the WRT.
  7. i0's

    i0's LI Guru Member

    Thanks HennieM for taking over.
    yes, WRT assigns IP from and up, so would be fine? I am not sure what you meant by "OUTSIDE".

    Thanks for the wireless encryption list and clearing out the data routing part.
  8. crawdaddy

    crawdaddy Network Guru Member

    no, for assigning static IPs, being outside the range that it assigns ips in is almost madatory. You CAN set an IP in hte 192.1681.100-150 or whatever the DHCP scope is, but if the router goes to hand out an IP and .123 is next, you're gonna have an IP conflict where 2 boxes have the same IP. you need to assign static ips say in the range.
  9. i0's

    i0's LI Guru Member

    Oh, I did not know about that. I thought routers were kinda smart devices, they would reassign since they know its already been assigned.

    One more thing, I will need to assign IP to the 2708 switch, 2 Printers and maybe the computers because of backup etc, do I need to assign the IP in the range or just 2708 switch needs to be assigned in the range?

  10. ifican

    ifican Network Guru Member

    Routers are very smart but they only do what we ask of them. Your statement about reassigning, I am not sure how the code for linksys is written so i cant say for sure. But in most cases with enterprise equipment, it will ping the ip first. If there is no reply then it will use that IP. For me I actually like to use static mac mapping so you dont have to keep changing your machine ip anytime you change networks.

    Going back to your dhcp static issue. It simpliest for keeping track of everything if you keep your dhcp base different from your static base if you choose to differentiate them. Thats why i assign them via mac then i only every have dhcp to worry about. ( But that can be explained more later if need be).

    If the 2708 is just a switch and its only going to switch data, then it does not need an ip it will simply do what its designed to do.

    And dont worry about all the questions, none of us get paid to do this, we do it because we like too. So if anything else comes to mind just ask.
  11. HennieM

    HennieM Network Guru Member

    If your router is set up to assign IPs via DHCP, i.e. dynamically allocated IP addresses, in the range thru, it means all of these IPs can NOT be used for static IP addresses. ALL your static IPs, printers, 2708, etc., must be in the range,, ....,,
    and can also be in the range,,.....,,
    NOT - this is the broadcast address (like "talk to all on speakerphone") of your network.

    Static IPs may NOT be,,....,,

    Most DHCP servers have some "smarts" built in to detect if a certain IP is in use, but the code used in routers is usually much scaled down from their original code (as routers have limited "disk" space, and memory), so this smarts is usually not implemented.

    Also, in general, even if a DHCP server has the "smarts" implemented, it's dangerous to assign static IPs in a dynamic range.
    E.g., say one of your printers is assigned You turn the printer off. When a device on a network is turned off, that device does not exist, it might for all purposes be on the moon - no other device on the network knows of it.
    Now, some computer asks for an IP address via DHCP. If the "smart" DHCP server on your net is to assign next, it will do so - the printer is off (or on Mars), so it's not alive to say "dont use, it's my address!". So, when you turn the printer on again, you have 2 devices with the same IP address, and neither of them would be able to talk properly.
  12. ifican

    ifican Network Guru Member

    Dont get my wrong, i agree completely but its also why i advocate dynamically assigned static ip's.
  13. HennieM

    HennieM Network Guru Member

    Agree, and use "Dynamic Statics" myself, but not all firmware supports it.
  14. i0's

    i0's LI Guru Member

    Yep and its people like you that make this forum a very special place, its people who know what they talking about and love what they do and love sharing it, BIG thanks goes all to all of you.

    I am not sure what that is? does Hyperwrt 2.1b1 + Thibor15c have it built in? I tried to look but I cannot see it, I could be wrong.

  15. i0's

    i0's LI Guru Member

    I just looked into the wireless security on the WRT54GL with Firmware Version: v4.71.1, Hyperwrt 2.1b1 + Thibor15c and I see:
    - WPA Personal TKIP or AES
    - WPA Enterprise TKIP or AES
    - WPA2 Personal TKIP+AES or AES
    - WPA2 Enterprise TKIP+AES or AES
    - RADIUS

    this is starting to get over my head :frown:
    I have no clue what to choose as I have no idea about them, I tried reading up but too much technical data which is confusing me.
    Please help me out.

    Also, some encryptions slows down the network, which one is it?

  16. HennieM

    HennieM Network Guru Member

    Best security/ease of setup combination IMO is

    WPA Personal, and AES encryption.

    The "WPA" part means you use Wifi Protected Access authentication, while the "Personal" part means you just type in an authentication string; i.e. you use a password or passkey - the same one for all nodes connecting to that Access Point/router.

    According to tomsnetworking.com, AES encryption has the lowest speed penalty. (I forget what AES stands for). I also found that in my setup.

    All encryption seems to impose a speed penalty, some just more than others, and it tend to differ a bit from one setup to another.

    All your wireless network cards/adapters must also be setup for WPA-PSK (WPA with a passkey) and AES, and all with exactly the same password.

    If you are slightly serious about security, do not use WEP or NONE. WEP is apparently easily crackable, and NONE is, well, open...
  17. bigclaw

    bigclaw Network Guru Member

    Remember to use a pass phrase that has more than 20 random characters for WPA/WPA2.

Share This Page