Jump to content

Recommended Posts

Posted

Im opening a small studio, with several computers and Im looking for some advice on the best way to set up an office network. To start with we will have around 6 or 7 computers that will all need an internet connection and then we could expand up to 16 computers.

My current thinking is that I get a tot/tt&t connection to a certain part of the office through the phone line. I then install something as large as a 16 port router to cover ourselves for the future. From there I would have the electrician run points (phone cable) to each of the power sockets that were putting in for each of the desks. This is the route were currently going down but both myself and the electrican have limited knowledge.

Will phone cable be ok, or do I need him to run data cables liked used for the cables from the router to the machines that come with a basic router. Ive got a 4 point wireless router at home and have 4 computers and 2 laptops running from it.

Is wireless and option, so I could just get a wireless router and then get the chips for all of the machines to recieve the signal?

Can the machines be linked in anyway?

Any advice much appricated.

Jed

Posted (edited)

If you're going to expand up to 16 computers, you'll be looking at 20 - 24 ports. Since switches usually come with 8 / 16 / 24 ports, you can get a 16 port now and uplink an 8 port in the future. You will need 16 ports now rather than 8 as you need at least 1 port for your internet gateway, and more for printers, servers, random connections and trouble shooting.

Best to run ethernet cable (Cat 5a) instead of going wireless as the wireless will involve ongoing maintenance and expense, making the TCO much more than simply running ethernet as labor is so cheap here. Wireless leaves you more open to any security vulnerabilities that may crop up with the encryption being used, which is part of the maintenance as you would need to update/patch the access point and each node on your network. Best bet is to run two ethernet cables to each station, and use pairs on the second cable for phone access. Ethernet cabling has 4 pairs, so you have extra if a pair should get damaged. You could run a single ethenet line if you're going with VOIP phones as they tend to have a second ethernet port to bridge a computer to the network.

Edited by surface
Posted

To get everything connected you have to run cat5 cable (same one as used between your router and a pc). Those cables will connect all your PC's to the 16 port switch.

Also attached to this hub needs to be a router. This router will make sure all PC's on the network will get the proper IP address assigned, along with the dns servers and gateway to enable all PC's to access the internet.

A bit like in the following picture:

growing_network.jpg

Posted

Thanks for the advice, Ive just brought the CAT5 for the electrician to run instead of the phone cable. Were not having any phone lines at the computers so no need for the second cable, the staff can use there mobiles.

Thanks for the illustration, that has helped us out a lot. So for the modem, could I use the one that will come with the package when I sign up to TT&T or will that not be good enough. If it is good enough does it matter how many ports it has or if it is wireless? So ill also have to buy a 16 port switch or something bigger, anyone got an idea on prices. Ill only need the one printer set up but it would be nice to have access from all machines so Ill also get the print server.

Thanks

Jed

Posted

Switches are cheap nowadays. Guess a 16 port will be around 2000 Baht.

On the modem, depends what they give you, normally it should be a router. 1 LAN port will be enough, if it also is wireless you can use that as well. Easy for a visitor with a laptop. Just make sure to protect the wifi.

If you have lots of sensitive stuff on the PC'S I wouldn't activate the wifi though. Anything can be cracked!

A print server is not really needed, you can put the printer on one of the PC's and activate printer sharing on it. Only thing is that that PC has to be powered up all the time if somebody wants to print.

Quite a few of the higher end printers have a LAN port built in, so you can hook it up directly to the switch without the need of a print server!

Using a print server is not always easy and often has compatibility issues, i.e. works good with Epson printers but not with HP ones...

Posted (edited)

Agree about the print server. You can pick up a laser MFP (print/fax/copy/scan) from Brother and other makers for around 8k, from HP for about 15k. They all include or have an model available with a built in print server.

As far as the router/modem, I found the Zyxel that True gives to customers be lacking in stability. If you get something similar from TT&T, you can set the modem to bridge mode and connect a Linksys WRT54GL router to it (The L stands for Linux). This would be fine for a SOHO environment. You can then replace the stock Linksys firmware with the tomato firmware (free open source firmware which you can download) which is very stable, more configurable, has more options, and is better at handling the higher number of connections you will have from 7-16 computers than either the standard Linksys firmware or the modem you'll receive from TT&T. A WRT54GL is around 2,500 baht I believe. The network connections in this case would be Phone Line -> TT&T Modem | TT&T LAN port -> Linksys WAN port | Linksys LAN port -> switch.

Edited by surface
Posted

You probably don't need a 16-port router, just get a consumer 4-port and stick a switch behind it, cheaper. I recently bought the WRT54GL and put the tomato firmware on it. So far its been bulletproof, love it. Price is about 2,000 baht or less now.

Re. wireless, it's ok if i) use WPA encryption AND ii) use a long random key. WEP encryption is totally broken so don't use it. Attacks on WPA are basically about trying to brute force passwords, which won't work if you have an obnoxious key (and so long as your staff don't hand it out to people, which they might).

Posted (edited)

For the printing, depending on your situation, consider a high end printer that comes with LAN connection built-in as standard (color laser etc.) for final work running as a stand alone device, then add an ink-jet with external tanks set up as a shared printer on one or two of the workstation PCs (probably USB connection). The PC will need to be on for others in the office to print to it. So two such printers will limit down time when one fails. Also allows you to use 'nice' company paper vs cheap an cheerful paper for personal or rough work.

Do you need Scanners as well?

The problem comes with many users and easy access to external programs (via the internet connection or USB drives) that infection is probable. Look at your anti virus and firewall polices. Look at having user access level cut down to restrict installation of programs on your staff PCs.

If it's a problem look at setting up blocking access to sanuk.com hi5.com and other popular distraction web sites, it's not hard and easily done by the novice network administrator.

Look at the ways that allow you to restore a computer's software to how it was before, 'something happened!'

This will be your greatest consumer of time. ( Look at having a complete software image (backups) on a protected section of each PC's HDD - to allow for restoring data. )

If your information is mission critical to your business - look at off site backups. Do you need to back up mid-day (lunch time) and/or end of day. If your business is based on a customer database - could an employee take this and set up alone to steal your customers?

The network stuff is fairly straight forward, however I would suggest that you control physical access to your router and use a complex password on it's admin account - many people don't bother.

Using a wired LAN network (100meg) is the best system for your application. Unless you are sharing within your company video editting etc. you will not 'need' 1000meg LAN, people will try and sell up.

Read up on 'straight through' and 'cross over' cables for LAN use, straight through for linking a PC to a 'router' or 'switch' and X-over for linking a router to a router. You could connect a WiFi router to you LAN to offer a wireless link as well. BUT as said above you need to be aware of security as people DO hack open or ill protected networks, guess what I used to do!

If you are going to run a tight ship, read up on IP addressing, you don't need to go too deep to understand the basics and then set up a VLAN for your office 192.168.1.(1 -> 254)

Keep your router at 192.168.1.1

Set your DNS servers to 208.67.222.222 and 208.67.220.220 (Open DNS - set within the router's admin setup.)

Have your router manage a DHCP IP range of 192.168.1.2 to 192.168.1.50 (Allows for 49 workstation / PCs on your LAN.)

Set the printer as a static IP at 192.168.1.100

Set up the wireless router to be 192.168.1.151 (allows you to physically turn off the wireless section of your LAN when you know there are no authorised users in the office)

Set up the wireless router to offer a DHCP IP range of 192.168.1.152 - 192.168.1.175

(that way you can tell in log files etc if a PC is on your wired section or wireless)

The wireless router's default route should point back to your ADSL router 192.168.1.1

Each IP range with a sub net mask of 255.255.255.0

Draw the above on a diagram and paste on the wall near your master admin PC, when looking at faults or tracking down an infected computer/ source of problem it makes life easier to understand and control. Also if you bring someone in to fix a problem - by looking at the logical plan of the physical network (your wiring) or the IP address plan - they will more quickly understand your network.

Keeping a static LAN plan allows you to add or upgrade each part without having to rebuild the entire network each time.

There are benifits in cutting up your office network across two switches (hubs) in allowing half the staff to continue working during a failure of one of the devices - but this is your choice as to how resiliant you need the enviroment.

LAN Hub: device that allows LAN devices to be connected to the LAN - the hub is just hardware and offers no intelligent routing of data from PC-1 to PC-2 or the ADSL router: What is sent to one port is sent to all. This is fine for a few PCs not doing much work - but as you add more devices the LAN will become less efficent and users will experiance a slow network.

LAN Switch: device that allows LAN devices to be connected to the LAN - the switch hub is hardware and software that routes data from PC-1 that is intended to go to the ADSL router to go only to the ADSL router. This is the basis of the biggest networks in use - as you add more devices the LAN the benifits of a switch become greater and users will experiance a slow network only when there is a fault or they 'see' a common bottle neck - normally the slowest link in the system which will probaly be the ADSL router's connection to the outside world.

HTH

Edited by Cuban
Posted

I'm personally an advocate for putting all fixed PC's (and LAN equipment) on fixed IP addresses.

Much easier to troubleshoot.

Just keep the DHCP service running with a small IP range for visiting devices...

On my network an absolute must as I use VLAN's due to different equipment being on the same physical network, but for example needing to be shileded from internet access.

Posted

I like fixed IP addresses as well. DHCP service is flaky on many devices and it's just another thing that can go wrong. So why bother ? (I do use it for less important things like guest/wireless internet access, but not on our wired network).

I've also insisted on giving our work PCs meaningful host names (the name of the staff member using it). So when we look at the network status in our IPCop firewall it is immediately obvious who is online, who isn't and if there are any unwelcome visitors attached to the system (eg. wireless visitors that have stupidly been given our "secret" wireless key by uncooperative staff). Makes key security problems stick out like dogs balls and helps us give a hiding to whatever idiot is being uncooperative.

We used to have hostnames like aboscyp32346wkd. When I asked our computer guy to fix it, he helpfully renamed everything to PC1, PC2, PC3...

Posted

Can't IPCop be configured to lookup host names from your DNS server? I find it's more of a headache to change host names when staff come and go. Something like acmewks%asset_tag% or acmenb%asset_tag% can stick with the workstation for its life, plus you know which computer it is just by looking at the asset tag or serial number. Every time you swap a computer for repair or replacement you don't need to mess with the host name. You also run into the issue of logs pointing to host names that don't exist anymore if you change them based on the person whose desk it happens to be at for the moment.

Ughhh, too much pointless work for me. On a small network (<10 workstations) it shouldn't be too much work though.

  • 2 weeks later...
Posted

Thanks for all the great advice guys, alot of it went over my head but i understand the basics of it.

Im finally getting my electrician to run the Cat5 cables. Ive had problems for the last two weeks getting him to run them because he was convinced I only needed 2 pin phone cable. No matter how many times I told him just to run the cable that it provided along with all of the electric cables your running he just wouldnt listen. In the end he got his own computer guy in who told him to do exactly as I had told him. The only difference is that he tihnks the cables should be direct and I was hoping ot have them run to wall sockets that id plug into rather than direct cables that will be coiled up on the walls whilst not in use.

Ive got a guy in to do the other parts that the electrician wont be doing, hes going to buy the router and port switch etc. Im going to a wireless router so the staff can use laptops up in there apartments in the evening. We have four rooms on the 3rd and 4th floors for some of the staff that are coming here from Bangkok, were in Korat. Im having it all set up on the second floor which is a half floor so that the wireless will be ok on the top floor. Theyve advised us that a wireless Linksy router in the most reliable as have some of you guys. Ill be going for a 24 port switch because we already have 20 points although only half will be used for now. When we expand we will also be adding a few more but thats not for a while yet. I guess it makes sense to get all of the points live.

Weve gone for a tt&t Cafe package 4mb. Its only around 3k per month so I think that should be ok to start. If we have problems I will upgrade to one of the business packages. Were also going to have a cheap tot package set up as backup. Im guessing both the tt&t modem and the tot model will both plug into the switch.

I still havent decided about the printer. We will be going for an all in one printer, scanner etc and around 8k is my budget so ill go for a built in one as mentioned or I might just connect a cheaper one to one of the machines as previously mentioned. We wont be using this that often.

As I was typing this out ive just had an email from the engineer, does this quote look about right, looks good to me. This doesnt include any of the cableing or cat5.

Thanks for all your help guys, ill be keeping this thread active with any other problems I come across. Its great to have so many knowledgable people on here.

Thanks

Jared

post-31175-1242893649_thumb.jpg

Posted

I went to my local computer shop to check out some prices and worked out i could save a bit if I brought the equiptment myself so I brought a T-Link 24 port switch for 1990Baht and a Linksy WRT54GL wireless router.

I still need to get a modem, any suggestions?

Is this Linksy wireless router compatable with Windows or have I made a mistake and its only for Linux use?

Thanks

Jared

Posted

Your router will work beautifully with Windows (but put tomato firmware on it). There aren't many plain vanilla ADSL modems on the market anymore, so suggest you just buy a basic Zyxel P-660R-T1 v2 compact 'router' instead. It is small, cheap (~1,100 baht) single port ADSL2+ router, which you can put in bridging mode to use it as a modem for your far superior Linksys router.

Posted

Do I need to get two of these?

One for the TT&T connection and one for the TOT connection. Im guessing both of these will then connect to the wireless router or will the wireless connection which will be TT&T connect from the modem to the wireless router and then to the 24 switch, im guessing the tot modem will also connect to the switch and bypass the wireless router?

Another question, im going to need some file sharing between all my machines. I normally use a ftp connection with other companies, they give me there details etc, ive never set one up myself. Is that the way to go or should I be looking at a VPN?

Posted
Your router will work beautifully with Windows (but put tomato firmware on it). There aren't many plain vanilla ADSL modems on the market anymore, so suggest you just buy a basic Zyxel P-660R-T1 v2 compact 'router' instead. It is small, cheap (~1,100 baht) single port ADSL2+ router, which you can put in bridging mode to use it as a modem for your far superior Linksys router.

I disagree with your advice to install alternative firmware. Most devices function perfectly well with the installed firmware and if they don't an upgrade is usually available from the manufacturer. Installing third-party firmware is something best left to advanced users and people who like to tinker with the consequent problems this can sometimes involve.

Posted

Prices are fair IMHO - the lack of wiring cost might be a surprise ?

I think I paid about 20-30 Baht a metre for CAT5e cable some years ago, the wireman for a day was 1,000 Baht.

I echo the thought about 3rd party firmware, unless you are supporting your system to a high degree you want average Thai 'engineers' to be able to turn up to site to troubleshoot.

Don't forget getting a system's diagram on paper before the installers leave.

Back in the world I would expect to see comissioning tests on cables run in - suggest that you test these in turn if the installers have no test kit (I doubt they will have.) need to see that you can connect at 100 meg and pass a large file (a movie file etc) in reasonable time. That will probably uncover any bad faults in the absence of critical tests.

The issue about DHCP depends on the hassle factor, the last network I managed with static IPs was about 150 users in a high security finanical network protection stopped changes of IP address and limited strangers on the network spoofing.

With wireless you will need to allow DHCP to run on that section unless you really want to tie the network down with the admin required to instruct people how to set up networking. I guess some will use their laptop wirelessly at night and via the LAN at their desk, maybe a docking station.

Even for smaller office groups I've set up DHCP is the way to go.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...