Jump to content
scorpion

Networking help needed.

Recommended Posts

I am looking at a night club that is doing some renovations, I was asked to do a little networking help, and some CCTV maintenance, and upgrades.

 

1. Add a wireless access point for the DJ booth. Through this access point there should be no access to the bars POS stations.

 

2. Add a wireless access point for the office. Same as above.

 

3. Add a backup dial up to the ATT DSL for the POS stations. ( I did not even know they had dialup as a backup anymore)!

 

DSL starts in a stand alone office/building. A modem is connected to a router, and a single cat 5 is ran in to the second Main (Club) building to another office. This cat 5 is connected to another switch where the main pos is in the office, and 3 bar pos are attached, and there are no ports left open for expansion.

 

I need to run another cat 5 from the main office to the bar office to provide internet, and wireless internet, and have it isolated from the pos side.

 

What entry level ideas, and designs would you all recommend?

 

I like the idea of having one device that provides a 4 port switch, Wireless G (802.11G), PC Card slot for a Mobile Broadband Data Card (cellular backup for the DSL), and some kind of feature that monitors your cellular usage and can alert you when you reach a predefined threshold to keep expenses in check, or somekind of dial up connection such as with the P-662H-D Series from ZyXEL.

 

I doubt the owner would spend over $1000.00 for an everything in a box router.

 

How would I set up a "double back bone" system where the POS stations are isolated. OK. I know a true hacker could probable get in to any system, but I just want to keep some pissed off DJ from accessing the POS, and creating some kind of havoc. If the POS goes down then the bar cannot make money, and to the owner money is of the essence.

 

What are the pros, and the cons of the following? Who has worked with this equipment?

 

 

http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1160093298732

 

http://www.buy.com/prod/linksys-rv042-router-4-x-10-100base-tx-1-x-10-100base-tx-1-x-10/q/loc/101/10373797.html

 

http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040812093058&CategoryGroupNo=EDAB97AD-4B8D-48E0-A5E8-859212B362CB

 

http://www.proxicast.com/products/lc2features.htm

 

http://www.kyocera-wireless.com/kr1-router/

 

http://www.rfwel.com/shop/product.php?productid=1034&cat=105&page=1

 

 

 

Thanks for your input!

Edited by Guest

Share this post


Link to post
Share on other sites

dual SSID`s on the WIFI AP

 

1/public > for the net [no security] for the dsl

2/private with WPA security

 

this saves buying 2 APs -not all can do it check first [cisco can]

 

and on the switch run at least 2 VLANS to separate the networks.

 

 

 

z

Share this post


Link to post
Share on other sites

Now I get to ask the questions!!!

 

What is a VLAN??

 

Here is what I found on a search.....

 

http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/catalyst1900_2820/version8.00.03/scg/02vlans.html#wp8371

 

A VLAN is a switched network that is logically segmented by functions, project teams, or applications without regard to the physical location of users. For example, several end stations might be grouped as a department, such as engineering or accounting. When the end stations are physically located close to one another, you can group them into a LAN segment. If any of the end stations are in different buildings (not the same physical LAN segment), you can then group them into a VLAN.

 

You can assign each switch port to a VLAN. Ports in a VLAN share broadcast traffic. Ports that do not belong to that VLAN do not share the broadcast traffic. Ports from multiple Catalyst 2820 and Catalyst 1900 switches can be members of the same VLAN. shows an example of VLANs that span multiple switches and multiple floors or a building.

 

 

As I have never done this can a Linksys router do this, and have a cellular back up, or what entry level product can perform this???

 

Thanks!

Share this post


Link to post
Share on other sites

ah no VLANS are for switches [not routers tho the data goes through them]

you did say there was a switch in there...?

 

At least you can buy an AP with dual SSID's - most of the new APs do it

[wrt54gs wrp400] etc they have 4 port switches too and some with DSL modems built in.

 

I don't know much about `POS` comms sorry but most `real` routers can use their serial port if the main link goes down etc.

 

But you will need a network guru to do it not something easy

 

z

Share this post


Link to post
Share on other sites

- EVDO cellular connection; I pay 60 a month, unlimited, alltel. only catch on them is they reset them every 12 hours which requires you to reboot the card.in my case I have a EVDO router and use a timer to reboot.

 

- I use the FS108P Netgear switch with the Netgear WG102 Access Point. Both are POE which makes setup a snap. They also do multiple SSID's and are easy to seup.

 

- VLAN? What are you trying to do with a VLAN? Seperate the Public from the Business? The above wireless will allow you to seperate as you need.

Share this post


Link to post
Share on other sites

Thanks for the Linksys info!

http://en.wikipedia.org/wiki/WRT54G

 

http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1175238289895&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=898

 

 

Thanks for the Netgear info!

http://www.netgear.com/Products/Switches/DesktopSwitches/FS108P.aspx

http://www.netgear.com/Products/APsWirelessControllers/AccessPoints/WG102.aspx

 

SSID:

http://en.wikipedia.org/wiki/SSID

 

 

There will be no public access provide. This is an adult cabaret.

 

They do want the DJs to be able to access the internet wirelessly, and WEP is fine for that. They do not want the DJs to be able to "see" the POS system. They are a little paranoid when it comes to the POS stations.

The POS are on static IPs, and the addresses are router addresses, (for example: 192.168.1.4, 192.168.1.5, ect)

 

The WAP (wireless access point) for the office may, or may not be seperated from the POS (point of sale, or "cash register"). I am not sure as of yet. I can alway set it up, and make changes later if needed.

 

only catch on them is they reset them every 12 hours which requires you to reboot the card.in my case I have a EVDO router and use a timer to reboot.

 

Thanks for the heads up! I will have to check with the provider about this!

 

What is it that you are using for a timer for the reset? I did not know if you were talking about a timer that plugs in to the wall, and then the router is plugged in to the timer, and this is how it get turned off, and turned back on, and resetting the router in the process. What timer are you using?

 

 

I do not want to bring in a network guru. I just want to provide the componets myself,and maintain it myself. I will be setting up a Dedicated Micros 16 channel DVR to the internet.

 

This will be set up in the separate building which is the front office. This is where the ISP modem is located. I need to set up some computers here also. What do I use here? I think they have a simple Linksys router in there now, and then a cat 5 goes in to the main building to the secondary office. What will I put here so that I can plug in 4 POS, and two WAPs.

Edited by Guest

Share this post


Link to post
Share on other sites

Let me see if I have this right.

 

In the small stand alone building which is the front office I need to start with the ISP modem, and then I need to hook up to router (or should I say switch?) that gives me VLAN where the ports cannot "see" each other. From router #1 (or is that switch #1?), I need to have two cat 5s that go in to the main building that terminates in the nightclub office.

 

Now I have two paths. One that is for the POS system, and anything hooked up to it can see the POS. A second one that connects to the internet, and cannot access the POS system. I then attach a WAP for the DJs to have wireless connectivity.

 

VST_MAN

What device are you using for cellular connection? i do not want to use a cellphone for internet connectivity.

 

I am more interetsted in the first router (or should I say switch) having this capability built in.

 

I am also interested in something that can roll over, and roll back automatically from the ISP to the cellular EVDO connection.

 

Question:

If I have one access point with dual SSID then how do I keep the DJs from accessing the pos if I did not run two cat 5s to the club office?

 

 

On an entry level system can I access the routers, and switches remotely?

Share this post


Link to post
Share on other sites

- I am using a Linksys WRT54G3G & a Alltel PC5750. Timer is a digital cheapO that the Linksys plugs into. this router also has "roll-back" functionality. ie. DSL is primary and cell is secondary

 

- The netgear wireless is smart and can handle the different SSID's that will restrict access as programmed. you basically setup access rights via each SSID. Goto Netgears WEB page and read a bit on this as reading it there is easier to explain here. I am installing another one this week with 4 Access Points and 2 switches, 2 different DSL, all with different access permissions, and also multiple "neighbor's" running wireless also. Netgear's Access Points are pretty smart in managing and restricting.

 

I also looked at this EVDO package since it has newer improved technology built in....just released month back; http://3gstore.com/index.php?main_page=product_info&cPath=35&products_id=765

 

make sure you build your EVDO cellular package backwards.....start with the providers in your area and then compare technologies & pricing. I found out that the technologies behind EVDO is different in every area, which equates to speed...........or lack of it.

Share this post


Link to post
Share on other sites

Thanks for the tips!

 

The Linksys WRT54G3G catches my eye as I like the fact that it has the fail back. Very Interesting!!

 

 

I like your choice!

 

http://www.cradlepoint.com/mbr1000/mbr1000.php

 

It appears that Sierra Wireless has acquired Cradlepoint!

http://www.evdoinfo.com/content/view/2315/64/

 

CradlePoint EVDO Forum

http://www.evdoforums.com/forum-26.html

 

Cradle point will provide OEM to other EVDO companies.

I read somewhere that Kyocera is one of those companies.

 

HERE IS WHAT I HAVE LEARNED TODAY!

 

SSID

http://en.wikipedia.org/wiki/SSID

 

VLAN

http://en.wikipedia.org/wiki/Vlan

 

IEEE 802.11

http://en.wikipedia.org/wiki/802.11

 

DNS

http://en.wikipedia.org/wiki/Domain_Name_System

 

FAIL OVER

http://en.wikipedia.org/wiki/Fail_over

 

EVDO

http://en.wikipedia.org/wiki/Evdo

 

EVDO INFO:

http://www.evdoinfo.com/

 

EVDO FORUM:

http://www.evdoforums.com/

 

Cradlepoint Forum:

http://www.evdoforums.com/forum-26.html

 

Kyocera Forum:

http://www.evdoforums.com/forum-17.html

 

Linksys Forum:

http://www.evdoforums.com/forum-21.html

Share this post


Link to post
Share on other sites

In the stand alone building I will have the ISP modem then I have the Linksys WRT54G3G. This gives me the fail over, and the fail back with the ISP, and the cellular internet connection where I may use Sprint.

 

From here I have a cat 5 to the next building, and here I plug in to a FS108P Netgear switch, and then use the Netgear WG102 Access Point with dual SSID.

 

 

Am I ready to go?

 

Anyone else have an opinion?

Share this post


Link to post
Share on other sites

Thanks Collin! (via PM)

 

Intel Little Valley

 

I like it!

 

http://www.intel.com/products/motherboard/D201GLY/index.htm

 

I am going to place wireshark on a computer, and see if I can capture the traffic from the DJs. I would not want them hacking in to a bank server, and then have the FBI knocking on the nightclubs doors!!

 

All I need is a power supply, XP Pro, and then set it up with remote desk top connection.

 

Now I have to figure out is how to get the WAP connected to the Little Valley.

Share this post


Link to post
Share on other sites
I am looking at a night club that is doing some renovations, I was asked to do a little networking help, and some CCTV maintenance, and upgrades.

 

1. Add a wireless access point for the DJ booth. Through this access point there should be no access to the bars POS stations.

 

2. Add a wireless access point for the office. Same as above.

 

3. Add a backup dial up to the ATT DSL for the POS stations. ( I did not even know they had dialup as a backup anymore)!

 

i think for number 1 you can just use a router as access point. the cat5e from the switch will be connected to the WAN port of the router. by using this connection i think the DJ won't be able to penetrate the POS since they will be on a different network.

 

for #2. you can use access point or a router. if you are going to use a router . set the wireless security first on the router. then disable the dhcp function. you connect the network cable from the host router to the LAN port of the router. then the computer using the wireless will be on the same network.

 

for #3 i'm not familiar with it

Share this post


Link to post
Share on other sites

Rather than a dial up connection I will be using a cellular card that will be the internet back up when the ATT Modem goes down.

 

http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&pagename=Linksys%2FCommon%2FVisitorWrapper&cid=1160093298732

 

 

I just want to see my options other than two routers plugged in to a "head end" router to keep two sides from seeing each other.

 

The POS has credit card transactions, and we would not want to have this go down.

Share this post


Link to post
Share on other sites

Hello, first time poster.

 

Maybe I missed something along the way...but even though you are using two separate SSIDs on the wireless network, if that AP is connecting to the same subnet as the POS system, a person with malicious intent could sniff that traffic and dig in with little to no problem. This is definitely where you would want a layer 3 switch with VLAN capability.

Share this post


Link to post
Share on other sites

I could always put the DJ WAP on a cable based internet, and I can use the Telephone internet for the POS stations, but then again does this protect me from the evil one with a sniffer? No, it does not, so now I am back to entry level priced ideas.

 

 

What product did you have in mind that provides "layer 3 switch" with VLAN capability?

 

Give me the product sequence from the main office with two CATs to the Club Office, and provide a parts list if you would be so kind.

 

 

What has me confused is having one router with two SSIDs. Is this not on the same LAN giving one access to the other, and vice versa once they are logged in, or are the ports separated from each other?

 

Thanks in advance. Also thank you for the "devils advocate".

Share this post


Link to post
Share on other sites

yes it is still one connection, but, you can seperate access/users via seperate SSID's. ie. Netgear - 0 POS connection with WEP & SSID turned off, Netgear - 1 Public access open SSID's ON with client security seperation ON.

 

Also, you can setup multiple WG102's (different channels) with the same SSID's which will allow roaming.

 

Yes, you can spend more and get better protection, but, I'm not too crazy about the "the sky is falling" attitude. ie. "the sniffer" Not saying it can't happen, just saying that for every level of protection there is a equal or better level of attack. Risk management is based more on experience and not so much on threats.

 

the above "seperation allows the POS to operate in a cloaked mode while allowing internet access to the public who can't see the SSID nor enter connected/adjoining PC's.

 

I like this approach as it is cheap and works........so far!

Share this post


Link to post
Share on other sites

Sure, for every level of protection there is another level of attack. But those higher levels of security require higher levels of aptitude and experience to break. The higher up the chain you go, the less people are going to be able to know how to do it.

 

For instance, I could use a program called Kismet to sniff an SSID which is not broadcasted. I could then find the IP and MAC address of clients on that network. I could then use the aircrack-ng package to disassociate that client, spoof their MAC, and have my way with the network. Aircrack could also help me crack a WEP key in very little time.

 

I agree, this might be over the top for some people. But there are people out there with nothing better to do than break in to something or at least try just to see if they can do it.

 

As far as how I would design the network (Keep in mind that the router is not an access point, these words are interchanged incorrectly most of the time when talking about wireless APs):

 

Cable Modem->Wan port of router->Lan port of router to Port 24 of VLAN Switch.

 

Two VLANs, 1 and 2.

 

These could be port-based VLANs. Say you've got a 24 port VLAN switch (just an example). I would set up the ports like this: port 1 and port 24 would be VLAN 1, port 2 and port 24 would be VLAN 2. The router would connect to port 24 of the switch (uplink). This layout would allow both ports to connect to the internet, but 1 and 2 would not be able to talk to each other.

 

Port 1 would go to your POS system. Port 2 would go to the office AP, set up with a WPA2-PSK encryption key (still crackable but not as easy as WEP, I would feel safe with it in this setting).

 

Keep in mind that if the AP is not set up for client isolation, any wireless client will be able to connect to anyone else on the wireless network. This may be what you want for a small office setting where you have a Windows network setup with multiple shares. If the office clients do not have a common Workgroup (or domain) it would be advisable to set up client isolation.

 

I think that covers how your network is to be laid out. I may have missed something along the way.

 

You can get a smaller switch with VLAN capability than the example 24 port model. I usually use the last port as the uplink just to keep things simple, but you can set it up however you feel comfortable. Netgear and Trendnet make some cheapish VLAN switches. As far as APs go, the company I used to work for tended to use the Versatek VX-AP250. This is a professional grade AP with many security options.

 

Hope this helps.

 

Chris

Share this post


Link to post
Share on other sites

Dang Chris ,/ Chill.

 

Should you post the programs?

 

Split the modem's LAN with a Gigaswitch , yes , control the public (customers ) user amount and speed bitrate. Use Cat5e min . I would use Cat6es only for Commercial stuff only.

 

VT

Share this post


Link to post
Share on other sites

Just knowing what the programs are doesn't give you the knowledge and experience to know how to use them.

 

The programs I mentioned are mainly for linux anyway. Just about any linux nerd (like me) would know about them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×