rvs

I haven't used the netgear before. But a little more information first. How are you getting your network connection? Is it a business DSL / Cable Modem, a Fractional T1 or full T1? Basically how is the office connected to the net?

Second, what is the Internet connection used for? when the network goes down, does it just cause problems with people doing non-work things (email, checking the weather, etc) or does it actually prevent customers from reaching you?

First thing I'd do would be get some kind of logging and metrics showing traffic and the possibly of lost revenue because the network is down. Point out that almost everything on the market today has a web page associated with it, used as a cheaper form of advertising than buying a commercial on tv.

Maybe not best practice, nor the best way to do it, but here is something I did in the past that might work for you.

I once supported a remote office in Ohio. Small College town, but the plant was too far from town to get any kind of real service. The best we were able to do was an over priced and slow ADSL connection. It had to support the computer network, VPNing in to our network with a client connection, the VOIP system, and their non-work related traffic that didn't go over the VPN. The network was the DSL endpoint, with a built in firewall and then our PIX firewall.

The person that set it up, could get client connections (pix to our ASA) with VPN, but not a site (Pix) to site (ASA). Problem turned out to be the port forwarding on the DSL device (I found it after he left).

Anyway about 2 years after it was set up, our business partner (company B) made a deal with a third company (company X) to be on site at that locaiton.

I ended up splitting the DSL connection off the modem, 1 line going to our Pix, the other line going to a BEFSR41. I had to set up some NATing in both the DSL device and the Linksys to make everything work. But it worked pretty well. I used the DSL as a firewall, and the firewall option on the router. Defense in layers.

So that was basically a long way of saying, check how the connection terminates to you (if dsl or cable, it might have a firewall built in, take advantage of that as a first layer). Then make other configuration changes to the Linksys behind it. I've found that when I had a linksys router (Comcast at home, no firewall on the comcast cable modem) it would freeze up at times due to being overwhelmed with traffic (usually port scans to my external static ip address).

Don't trust the switch in the linksys, put a work group switch behind it (I did that for company X) that way the internal network can at least stay up.

Getting the wireless or the VPN option wouldn't be worth it, if you're not going to use it. And having it will cause management to want to start pushing to use those features. Just a waste of money basically. I do like the idea of having a syslog server for centralized logging though.

If you don't mind using Used out dated equipment, you can get a decent cisco router and cisco 24 port switch used off Ebay for less than what either device you're looking getting would sell for. That's how I built my last CCNA lab, 3 cisco 2900 switches, and 3 cisco 2500 routers. Can't do VLANs, but might work for what you need.

@What90 the BEFSR41 is a linksys router, without wifi

I've had the WRT54G (wifi model), and saw some of the same problems with the external connection getting flooby when doing lots of traffic (downloading Linux DVD over torrent for example) or when getting port scanned by a bot net. Didn't have as much problem after I flashed the firmware to DD-WRT.

Something else to look into @rvs, see if there is a dd-wrt like image to install on it, or flash it with the latest linksys frimware available for that model. (flashing with the linksys firmwre helped for a while with my first wireless, but eventually upgraded it because the new model had more memory in it).

It's on the slowest Business DSL Connection. Anyways enough with the internet slowness... He is not convince that we have to upgrade to any T1 connection. Internet is being use for email, sending/receiving nurses notes, vpn connection to govt sites.

site is off-site; email is off-site basically all sys ad jobs is handled by domain sellers something I forgot the term of. "Usually when you bought a domain here in US you get to have and an email with your domain on it right?". Without them realizing that we could do it for them using open source. We just do back-up like low end help desk  jobs in the office.

Metrics as it seems I get to run cacti and monitor the the ins and outs of the LAN/WAN I showed it to him. Hoping that he would be impress with us. Inventory we automated it as well so basically everything is configurable as long as you have the time to read and practice it.


For VPNing   2 remote branches... that I was thinking of implementing a RAS/VPN dial up. Old school just for the heck of getting internet connection and just for updating systems on other end. Well rather than  paying 50$ per month give it to us or give us training damn!  sorry for the language.


First router was BEFSR41. The problem with this one is that it does not have any logging capabilities. Since we are not in any active directory/domain I just do not know if it has something to do with hosts not seeing each other using the work group settings of windowz. Upgrading it to WRT54Gs with DDWRT was a big leap. seeing the spikes on LAN/WAN. and integrating it with Cacti was cool. Seeing entire hosts on the nw except the macs.


Then my colleague got the interest in updating the FVS318 Netgear Firewall router. He wants to make it run for logging purposes and it has an email capabilities to send over if there are any alarming things going on. Well what we found out was overwhelming I do not know for sure (attempts; attacks; scan) It always say that it was dropped but I really got jumpy when port 3389 was being scan and being logged by wee hours.... most scans or attempts came from CH and RS. All of the routers.... where open with that port ,ever since management allowed finance audits to check-in. Not my bad ,its there decision even though, I really tried my best to inform them.


I  want to ask for you guys since you guys brought up the switch. Prioritizing with specific port number would go with Managed switch right? I did consulted it to one my buddies  and he said to me that It would increase the whole network performance. My IT head bought a netgear 24 port 10/100/1000mbps managed switch. and other dept has 1Gb managed switch. Still when accessing to local server with that app it is still slow. I did escalate it with the software vendor and I am pointing it out that we already bench mark it from windows xp and windows vista with 100mbps switch with 100 Ethernet card over 1Gb switch / Ethernet card still sluggish on accessing it. A manage switch that would be less expensive and non cisco would be a good deal.





 

Unless you are going to carve some VLANs I don't believe a managed switch would help speed up your network. It (sounds) like you are already running GB NICs and switches if I read your post correctly. The only advantage you are going to have from an unmanaged to a managed switch is the ability to VLAN. If you are looking to do that you may be able to pickup an HP Procurve for a lower cost than some of the other vendors out there.
When I've been tossed into Network App hell before it's usually been fixed by upgrading NICs to GB and implementing an unmanaged GB switch (most of our customers were CHEAP). Beyond that it has usually been on the software's end. If the program runs on hostnames rather than IP addresses you could try testing a custom HOSTS file mapped to the correct IPs per application server.

There is more to a managed switch than setting up vlans. A proper managed switch will allow for logging, port spanning (port monitoring), port trunking (cisco calls it an etherchannel), spanning loop prevention, and speed configuration Auto/10/100/1000. (That's just off the top of my head).

As for the procurv, I wouldn't touch that if you paid me. I have several in my network right now, and as soon as I can afford to rip them out, I'm going to. They have been nothing but problems since we installed them in our network.

I second what Chris said.  There is definitely more to managed switches than VLANs.  There is nothing more frustrating than a malfunctioning port or a network card.   These problem can be difficult to spot.   A managed switch can identify a port with excessive errors and collisions.   This certainly beats crawling around with a sniffer.  I never deploy unmanaged switches unless I absolutely have to.   

Also, not all gigabit switches are the same.   

Hey i have to read all your comments and thank you so much for that. I know its not to much of a security and all. I really appreciate your concern. Just one quick glance on what's happening. Server side only run the Advantage database its using a UDP connectionless so its more of reliability over performance. App could run server side and client side  I've been reading the packets for quite sometime and I believe we really have to over haul how the network should be implemented, there are a lot of things going on etc... Well I asked the software vendor and they said one of the agencies upgraded there db and performance was impressive. It is really hard what comes in to play ... what I mean is management. I'll review your advice on what happens... thanks guys.

really help me on this one.