Here's the deal. Our office has a single server running Windows 2000 Server SP3 which functions as a file server, exchange server, and internet/email proxy for all of the other systems in the office. We have been using a simple NAT setup with a demand-dial interface through a local 56K ISP. It has gotten too slow for our taste and we are having a cable internet (3Mbit/256Kbit) connection installed. The old setup:

http://home.earthlink.net/~kjboughton/images/network1.jpg

I need someone's help in how to setup the new connection. We want to use a Linksys router with a hardware firewall built in for security. We want to be able to have all Client PC's and the server access the internet and POP email account on the internet through this single cable connection.

Can anyone draw up a quick sketch of what we need to do to setup the cable modem, router, hubs, and connection? A quick explaination of what I am going to need to do would also be helpful. I am pretty familiar with Win2K NAT, will I continue to use this or will the router do all of the translations now? Thanks!

-kris

I do these for a living.

I do suggest stepping up a bit from a Linksys router for a business class network though...my recommendation is Symantec's Firewall/VPN appliance;
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=63&PID=11369024&EID=0

or at least something somewhat more robust than a home solution, a Netgear, or Nexland.

Now...same setup...simply take your existing hub/switch...and uplink it to the router. How big is your network? Is DHCP currently running on the 2K Server? If so...good...if not, I suggest kicking it on. And disable the DHCP service on the router itself...since two DHCP servers cannot happily live together on the same network.

Now...assuming the router is running a default 192.168.1.XXX scheme...you'll have to either adjust your networks' IP scheme to match the LAN side of the router, or if you cannot...adjust your routers LAN side to match your network. Either way...should be easy. Routers are the gateway for your network...and usually end in a .1

I always leave the router at .1, and have the servers in the teens...meaning .11, .12, .13, etc. Print servers I assign in the .20's, etc. Then I have the DHCP server hand out clients from .100 - .200 range...for all the workstations.

DHCP will hand out the router at the gateway to all clients, can hand out the server as WINS if you're running WINS, and if you're running DNS locally...I suggest having DNS forward to your broadband ISP's DNS servers. If you're not running DNS locally...simply have DHCP hand out the 2x DNS servers that your ISP uses. You can find this out by calling them, or looking on your routers status tab when it's connected.

That should sum it up...feel free to ask anything....

Actually after looking at your diagram a bit more..I see you have 2x existing Linksys hubs. As most broadband routers have built in 4 port 10/100 switches...I suggest doing this.

Have the router....WAN side plugged into the broadband modem.
Server plugged into Port #1
Linksys hub #1 uplink port to Router port #2
Linksys hub #2 uplink port to Router port #3

This will tremendously improve network performance...segmenting your network.

Thanks for the quick reply! I appreciate it.

Yes, the Win2K server is running DHCP right now. The DHCP server is at address 192.168.1.0 with the server at 192.168.1.1, I guess I will need to change some of this to get the router at 192.168.1.1 and moving the server to 192.168.1.11.

The server is not running a local DNS, I just forward all DNS requests to the ISP DNS servers like you suggested.

Where should I look to find the Symantec™ Firewall/VPN Appliance? Is this the 4-port router that I need? What is the average street price? Is there a best place to buy this online?

Here is a quick drawing of what I believe was your proposed new setup, let me know if this is correct:

http://home.earthlink.net/~kjboughton/images/network2.jpg

-Kris

Your drawing is on the money. How many clients PC's? I only ask because if not too many, the Linksys router should be fine. I'd say fine if you dont wish to run any webservers....for basic use, they are fine. But if you have a large network...you may strain the Linksys router....and wish you had something more robust. If your drawing is accurate, 12 clients...then it'll be pretty much OK if everyone isn't hitting the 'net at once.

Should be able to find it online...I buy them through our wholesaler..Ingram Micro.

Type the model number into something like pricewatch.com, the model 100 should be what you need. Priced under 200 now. It's made by Nexland...quite potent, with a very powerful built in switch.

Again, if you don't plan on pushing your network hard...the Linksys should be fine for you. I use them a lot...just for small and very basic networks.

If you need to change the IP address of the server, just check on if any applications you have running off of it (databases, etc) need to be updated.

YeOldeStonecat -

I bought the Symantec Firewall VPN 100 from a warehouse in FL so that I could have it here Monday. Cost was about $330 which was the best price I could find just about anywhere (including Pricewatch). I decided to go with your suggestion and get the Symantec router and not the Linksys router. Is this made by Nexland or not? Seems like it is made by Symantec. Network performance is important to the company, we are an architectural firm and a lot of the server load comes from Exchange Server hits and file serving only (LARGE AutoCAD files, etc.). I appreciate your help on all of this. I am assuming that the Linksys Hubs that I have won't be a big problem...would we gain anything is going to better switches or would the price/performance increase ratio for this change be minimal?


Edit: Almost forget, we have 12 computers (workstations) and 1 print server that handles both printers and the plotter.

-Kris

If it's serving large CAD files I would ditch the hubs and get some good switches. That way you can run the client machines full duplex and double your bandwidth.

One of my best clients is an architecture firm...they do high high HIGH end home new/remodeling....Fishers Island, NY, with brand offices in Greenwich CT, and California (designing some exotic resort on it's own island off the coast). Amazing what they do...mostly remodeling to give homes an antique look.....they'll scour the country for old barns and farmhouses....take them down to use to rebuild another place. Open beams, everything looking very old and worn. Incredible work....smallest of jobs still having a 7 digit price-tag.

Nexland makes it for Symantec...symantec adds some features for offices...I find it rock stable and fast. Run our office on it now, and beginning to use it for most newer clients with higher needs.

As for network performance....using the router to uplink each hub to...we just segmented your network 4x ways.

Internet
Server
Hub1
Hub2

So you should see a substantial increase in performance. You can run switches all around next....you'll see some increase in performance....a little more. Segmenting your network just gave it the best increase you can see right now.

Next step..bang for the buck...I like Netgears switches.....here's a 16 porter. Server, print servers, and all workstations plugged into this....with an uplink to the router.

http://www.netgear.com/products/prod_details.asp?prodID=24&view=

Next step past that for performance....get a giga-NIC in your server, and get a switch with a giga-uplink...for full gig power into the backbone of your switch. Even though all clients are 10/100 only....many more can reach full speed since the server can feed data into the switch must faster.

Before going that far, I'd make sure your server is up to those speeds....do you have fast SCSI drives on RAID 5?

Server is a dual Pentium4 Xeon 2.0GHz, 512Kb, 603-pin Prestonia system with 2GB of RAMBUS. Running a RAID 1 (mirroring) using six (6) Seagate Cheetah 73LP Hard Drives (68-pin Wide Ultra160 SCSI-2 LVD, 73.4GB, 4MB cache, 10K RPM). We have two (2) of the drives mounted permanently in the case with the two (2) others in Kingston Storecase DE100 SCSI 68-pin Wide Ultra160 Removable Drive Enclosures with Isolator Boards. Every day the hot swap drives are removed and replaced with the alternate pair. This way a copy of ALL data is taken from the office for safe keeping. Even if the whole computer was stoled (impossible with the security system and the locked server room) or the building burned down the remaining drives could be used as primaries in a newly built system to restore the company to normal. Don't worry, server is FAST! Network is slow... :(

So far network speed has been a little down, the addition of the router, cable internet, upgrading Exchange Server 5.5 to Exchange 2000 Server, the giga-NIC and the switches should help tremendously. If we do go with switches in place of the hubs would there be any benefit to getting two 8-port switches in place of a 16-port switch? Would this help in retaining the network segmentation? Upgrading at a later date is not a problem, although unlikely, and there is another port available on the router too.

A couple more question then, need some recomendations on a good giga-NIC and good office solution for a couple of 8-port giga-uplink switches. Thanks for your help, this is really great info. I hate reading reviews of products on the internet to later have the real experts in the field tell me I spent money on the wrond stuff, this really help me cut to the chase!

-Kris

Latest version, let me know if there is anything else I need to think about:

http://home.earthlink.net/~kjboughton/images/network3.jpg

-Kris

Your latest network setup diagram....I recommend the server being plugged into the giga-switch directly....not into the router. Plugging the server into the router...you really don't gain anything. What you want is your server to plug into a giga-switch. I don't know what your budget is...but giga-switch's are beginning to get affordable...but a single port giga-switch with the rest being 10/100 ports would be a good budget upgrade...not NEARLY as expensive as a switch with all ports being giga. That way you only incur the cost of a giga-NIC for the server...and a new switch. Nice Cat5e or CAT6 cable to uplink.

Your network diagram would be:
Broadband Modem
Router
10/100/1000 switch of say 16 ports... with the server plugging into the single giga-port...the router, print server(s), and all workstations plugging into the rest of the 10/100 ports.

Some nice hardware on the server...I absolutely LOVE Cheetah drives....very nice. Have you seen their X-15 drives? 15,000 rpms of drives with enough spinning going on to create their own gravitational pull. Heh, seriously though....lovely sound powering up a RAID array full of those.

How much RAM on the server? Any anti-virus on the server also, with real time file protection? And what NIC is on the server now?

I'd take the network upgrade in steps. First, go with the original plan....segement the network as described in 1.0b.

As to what brand NIC...I'm pretty much all 3COM....for servers...you have to go with a server class NIC. No plain old desktop NIC will do, look at something like the 3COM 990xp NIC...starting with the 10/100...the 980.

http://www.3com.com/products/en_US/prodlist.jsp?tab=cat&pathtype=purchase&cat=19&selcat=Network+Interface+Cards+%26+Adapters&family=110

Great performance for around a hundred bucks.

Note they even have a copper-giga NIC, the 996BT for 168 bucks.

Also, any other protocols running on the network? Or just TCP/IP?

Your Jet Direct printers....is each workstation using Jet Direct software to print to them directly? This adds a LOT of traffic...as Jet Direct is very chatty, and each workstation having Jet Direct starts to really clog up your network. I prefer to load Jet Direct only on the server....capture the printers that way...then share the printers using NT Servers sharing...so the workstations only print to the server. Also the server's print spooler captures all the print jobs, so huge jobs, and concurrent jobs...are no problem.

Haha, just about every question you asked is in my pervious post, check it out. The server has 2GB of RAMBUS RAM.

Right now all of the network cabling is CAT 5 but obviously CAT 6 for the gigabit uplink will be a must.

AntiVirus protection on the server is realtime, Symantec Norton AntiVirus Corporate Edition handles the server and all attached workstations on the network.

The server ONLY runs TCP/IP, I had no reason to make things more complicated as no software or hardware required anything else, well actually, the print server uses IPX I believe, but thats it. Good thought about the printers, I might do that, plotting and printing has never been a problem before though. I will check that out last.

Right now the server is running with a regular desktop NIC (what you said to avoid), a Linksys LNE100TX v4 NIC. I think it has trouble keeping up with the demand on it. Seriously though, you need to check out my diagrams closer. The 3Com NIC that you suggest (the 3C996B-T) is EXACTLY what I chose, it is shown on the drawing below as being my component of choice for the server. :) I found the 996B-T for $139 on CDW.

Once again, here is the next update. As always comments are welcome!


http://home.earthlink.net/~kjboughton/images/network5.jpg


-Kris

Originally posted by dialmybutt
Haha, just about every question you asked is in my pervious post, check it out. The server has 2GB of RAMBUS RAM.

Right now all of the network cabling is CAT 5 but obviously CAT 6 for the gigabit uplink will be a must.

AntiVirus protection on the server is realtime, Symantec Norton AntiVirus Corporate Edition handles the server and all attached workstations on the network.

The server ONLY runs TCP/IP, I had no reason to make things more complicated as no software or hardware required anything else, well actually, the print server uses IPX I believe, but thats it. Good thought about the printers, I might do that, plotting and printing has never been a problem before though. I will check that out last.

Right now the server is running with a regular desktop NIC (what you said to avoid), a Linksys LNE100TX v4 NIC. I think it has trouble keeping up with the demand on it. Seriously though, you need to check out my diagrams closer. The 3Com NIC that you suggest (the 3C996B-T) is EXACTLY what I chose, it is shown on the drawing below as being my component of choice for the server. :) I found the 996B-T for $139 on CDW.

Once again, here is the next update. As always comments are welcome!
-Kris

Forgive some of my missed items....I'm still unpacking moving back into my newly rennovated home. Get a bit brisk sometimes in my replies, a lot on my mind.

Missed the 2 gigs of RAM..yes, but I don't see what else I asked that I missed.

CAT6....yup, should be able to find that easily. CAT5e also supports giga...but 6 is hardly any more $...so why not. Tighter twists in CAT6.

Corporate Edition...great package...that's the only one I've liked over the past couple of years. Use it at our office, as well as just about every client that I have.....it and it's Exchange package are great.

Print server with IPX...I'd turn IPX off....very chatty and "clogs the pipes" of the network. All print servers should support TCP/IP...I'd use only that. Turn off all broadcasts for IPX and CrApple talk.

The Linksys NIC...yeah, I'd replace that.

BTW....fiancee used to live in Bremerton....her kid was born in kitsap memorial.

Guessing you know it?

Funny just should mention Silverdale, I am not actually there yet, about 25 more days and we move into our new place up there. I'm in CT now and just got a little excited and where I will be going. Kitsap penensula though, Bremerton, Silverdal, Poulsbo, Bangor, all nice places if you ask me. Cable might not be available where I am going though...I may have to kill someone. :(

One more question, just about ever workstation has a Linksys NIC, they were cheap at the time and we got a great deal. Is there any reason to go with 3Com when it comes to the clients? Is there really a difference or will we just be paying for the big name? No doubt, the 3Com Gigabit Server NIC will be going in the server but that's a different story all together...

-Kris

CT...that's my pad....(Stonington, right next to Mystic).

Re: replacing all the workstation NICs....I like Linksys products for entry level networks, but ones with heavy use, I move up a few notch's. Like their routers and switches for basic use....but have to admit I have a bad taste in my mouth with their NICs. Glitchy drivers and compatibility issues. But you have them already installed and working....want my opinion? The difference is probably not much....but take two computers of the same specs (so as to keep things fair)....and pop in a nice 3Com 905....see if the difference is worth it.

Mystic? I am just down the road from you, I am in Groton right now!

Heh, my office is in Groton....right on Rt 1 (Long Hill Road), in Lighthouse Square.

Gotta boogie for tonight....good flick on. Will be back tomorrow.

Looks like this will be the final. Just need to order the switch and giga-NIC now. The version 1.0 should be up and running tomorrow. Only thing left will be to upgrade the hardware after that. Thanks for all your help.


http://home.earthlink.net/~kjboughton/images/network6.jpg


-Kris :D

Good luck on the move across the country!