DHCP or managed Router?

NVMY03GT · 07/23/2008, 08:49 PM

Alright. I'm taking over an office for a company and the office only has like 5 people in it total. The IT tech in there before me made their network ridiculous - part of the reason they don't want him around anymore.

Upon my evaluation. He setup the following - NetGear Router - 5 Port Linksys Nonmaged switch - Linksys Wireless Access Point, and all tied in the middle of it is a Windows 2003 Server for Small Business serving DHCP.

So my question and I proposed this to him as well but why the hell did he need to make the server DHCP? I mean for 100+ people yeah i could see it but for 5+ people. Just use a self managed router - do some port forwarding yes?

Thoughts?

Bitter · 07/23/2008, 08:58 PM

i bet that'd work. just goto best buy and grab a $80 router

then put it in a huge box with blinking lights and loud fans for show.

but before you ditch the server, ask them more about this. i mean maybe they wanted something really weird that required there being a server for them?

NVMY03GT · 07/23/2008, 09:06 PM

Quote:

Originally Posted by Bitter

i bet that'd work. just goto best buy and grab a $80 router

then put it in a huge box with blinking lights and loud fans for show.

but before you ditch the server, ask them more about this. i mean maybe they wanted something really weird that required there being a server for them?

Well there' no doubt they use it for File Storage - and I'm okay with that I mean obviously keeping files on a server is a LOT safer than doing it on individual workstations. But they were initially using the server for both exchange and file sharing.. NOW... Get this. For the users in the field (outside the office) to check there email they would have to RDP into the desktop back at work and fire up the web based email that way. WOW!!! Talk about some crap.

I told them screw that - lets keep the domain name and make it public web based. None of the RDP stupid crap. When your in a place where all you have is internet you can goto a URL and have it right up this connect to this to connect to that. Forget that crap.

I don't know. I mean it doesn't even have to be fancy. Im just thinking maybe a WRT54G wireless access point. I mean they have the cable connection going into this NetGear from the Net Gear it feeds the Server (Note 4 ports open on the Netgear) the server then feeds the Linksys non managed switch, then the Linksys feeds the access point.

Seriously. I could draw that out but thats and ugly MESS!

scoliosis · 07/23/2008, 09:07 PM

Quote:

Originally Posted by NVMY03GT

Upon my evaluation. He setup the following - NetGear Router - 5 Port Linksys Nonmaged switch - Linksys Wireless Access Point, and all tied in the middle of it is a Windows 2003 Server for Small Business serving DHCP.

I assume you really mean it when you say the server is serving DHCP and not that it itself is using DHCP.

Because that way he doesn't have to deal with maintaining a list of IPs for use and having to go to each machine to configure it's IP. What if the company takes off and add a bunch of people? You'll have to set each one up with an IP address and keep track of whether each is in use or not. What about laptops? I doubt anyone with laptops want to reconfigure their TCP/IP config everytime they connect to different networks. And given Window's sucky dynamic TCP/IP reconfiguration you'll probably end up having to reboot in order to change the IP.

Another reason is for potentially jailing a system. With DHCP, if you detect a machine infected by a virus, you could potentially automatically expire the DHCP lease and assign it one in a quarantined subnet. Not supported out of box in Windows, but it's something that you can add to.

NVMY03GT · 07/23/2008, 09:12 PM

Quote:

Originally Posted by scoliosis

Because that way he doesn't have to deal with maintaining a list of IPs for use and having to go to each machine to configure it's IP. What if the company takes off and add a bunch of people? You'll have to set each one up with an IP address and keep track of whether each is in use or not. What about laptops? I doubt anyone with laptops want to reconfigure their TCP/IP config everytime they connect to different networks. And given Window's sucky dynamic TCP/IP reconfiguration you'll probably end up having to reboot in order to change the IP.

Another reason is for potentially jailing a system. With DHCP, if you detect a machine infected by a virus, you could potentially automatically expire the DHCP lease and assign it one in a quarantined subnet. Not supported out of box in Windows, but it's something that you can add to.

Yeah but if you put a DHCP router in place that gives out 192.XX address's I mean you don't have to worry about IP's either - now don't get me wrong printers still need static IP's assigned but who cares about the clients. or if you really wanted to take it a step further static assign the desktops leave the laptops on dHCP.

Im not trying to rag on his setup I just don't see a need for this complex of a system. Granted Im not an exchange admin but seriously the network is insane. It's secure Ill give him that

scoliosis · 07/23/2008, 09:15 PM

Quote:

Originally Posted by NVMY03GT

I told them screw that - lets keep the domain name and make it public web based. None of the RDP stupid crap. When your in a place where all you have is internet you can goto a URL and have it right up this connect to this to connect to that. Forget that crap.

Make sure you put that service on a SSL encrypted site. Don't want email passwords to be sniffed

If the mail system is Exchange, you might want to put a dummy Apache server in front of it with a simple authentication page first before they can access the Exchange server. Make it put a cookie on the browser after they answer a 2 way challenge phrase. Then the Exchange server looks for that cookie before even showing the login page. Or you can use mod_proxy and proxy the site from Apache linking to Exchange which would save the Exchange server from being out in the wild being pounded every which way by script kiddies. This would help alleviate people using brute force to login to your Exchange system and avoid all those Windows exploits.

scoliosis · 07/23/2008, 09:19 PM

Quote:

Originally Posted by NVMY03GT

Yeah but if you put a DHCP router in place that gives out 192.XX address's I mean you don't have to worry about IP's either - now don't get me wrong printers still need static IP's assigned but who cares about the clients. or if you really wanted to take it a step further static assign the desktops leave the laptops on dHCP.

Im not trying to rag on his setup I just don't see a need for this complex of a system. Granted Im not an exchange admin but seriously the network is insane. It's secure Ill give him that

Yeah, but with Windows being the DHCP server, it can also be the DNS server. You could then configure your windows boxes to automatically update it's own DNS entry so when the fella VPN in, he/she can still RDP to their machine with hostnames rather than IPs. This is incredibly bad by the way

but you do have the flexibility of assigning semi static DHCP leases to machines with given hostnames with ease. The one thing good about Windows server is the DNS service ties in really well with the DHCP service.

Sh4d0wX7 · 07/23/2008, 10:03 PM

Personally, I'd just use a damn router with a switch. Like you said, a separate server for 5 users? WTF? That's ridiculous. Now I would have the server PC being used for a printer and for some files. As far as email goes, I'd register a domain and just go that route.

NVMY03GT · 07/24/2008, 05:40 AM

Quote:

Originally Posted by Sh4d0wX7

Personally, I'd just use a damn router with a switch. Like you said, a separate server for 5 users? WTF? That's ridiculous. Now I would have the server PC being used for a printer and for some files. As far as email goes, I'd register a domain and just go that route.

Agreed!

Furthermore - Yeah you can envoke the server to be a DNS server but again WHY!?! Use the ISP for the DNS why put the extra load on that server for 5 users.

I spoke to the gentleman that constructed the network and he said basically he didn't want to spend the extra money for equipment Im like dude what you've built here is like Ft knox. I do this shit all day long and even this is a headache for me. I think a router cost all of like $100.00. I don't even think I need that - if I could use the Net Gear already in place for the Workstations and then throw the Access point they have now in place as well and just let everything call in DHCP the problem is that that server is trying to own everything at the moment - I can't even get into that Netgear at the moment I tried taking the uplink to the server and going directly into my laptop and I get a 10.XX number from the Netgear which is fine but when I try to pull up the GUI it brings me up to some business workplace network configuration page

This guy was completely

Maybe Im looking at this wrong but the goal is to make things semi-self managed. I think he was looking for Job security so if something broke he was the first to call. My goal would be get things to self managed but make them pay you for your time up until then.

The lady that owns the company asked me if it would be smart to run their webpage from their server. I said personally I wouldn't. She looked at me like why? I saiid why worry about up time or whether or not someone can get to it or not. Give the files to someone else and host it up on there site. Don't worry about your office having a power failure.

As for the mail - Yes it does have an SSL connection the name of the site is Mailtrust. 10 Gig Mailboxes for like $30 a month for like 10 of them. I really don't think it gets cheaper than that. They already have a domain name registered it would just be a matter of pointing the MX records over to the mail server. Pretty good deal I think.

Phinhead54 · 07/24/2008, 07:33 AM

Quote:

Originally Posted by NVMY03GT

Agreed!

Furthermore - Yeah you can envoke the server to be a DNS server but again WHY!?! Use the ISP for the DNS why put the extra load on that server for 5 users.

No offence, but if you don't know the answer to this question, do some reading up on domain administration before you mess too much of the environment up. If it's a Small Business server and it's running Exchange then chances are, in fact I'm almost positive that they are running an Active Directory Domain. The backbone of Active Directory is DNS, the ISP's DNS server is not going to suffice for what AD needs (SRV records among other things). I guarantee you if you try to use the ISP's DNS server for everything you will make things stop working. You should have an internal DNS server for all the AD niceties and forward external requests through the internal server to the ISP's DNS servers.

In my opinion, leave the server the way it is. Let it serve DHCP, let the DHCP server dynamically update DNS, let it be the Exchange server and if there are 5 users it can be the file server too, that is what Small Business Edition is designed to do. Also, Windows DHCP is going to be much better and easier to configure and use then the DHCP server built into a router, especially if it's being used in a business setting.

I would not personally open up OWA to the Internet if you're serving it off the computer that hosts the Exchange database, that is a security risk. I'd get a firewall that you could configure VPN access too and do it that way rather then RDP, but at that point it's mechanics. You could also configure a second Exchange front end server that just acts as the proxy to the machine with the database, but that will cost more in hardware and licensing and I'm not totally sure you could do that setup with Small Business Server in the mix.

Read up on Small Business Server as well, it's a different kind of beast then a full blown version of Windows, there are things you cannot do with a SBS because of the way it's designed.

As for the connection architecture it should go:

Cable Modem --> Firewall --> Switch --> Clients, Servers, WAP's

Or if you want to get really technical you could get a Firewall (sort of like the old Cisco 501's that they don't make anymore) that has multiple ports on it and put the Wireless and the Wired networks on seperate VLAN's, but for a small company that doesn't seem necessary.

Keep in mind this assumes that they are running Active Directory (which it seems like they are from what you've said), just from reading some of your comments, you may want to dig into Active Directory Domain concepts a little bit more before doing too much messing around, I have about 9-10 years of experience with AD (which is about as much as anyone can have considering when it came out) and I see some areas of weakness in your understanding that could cause you issues down the road if you try to mess with too much of what you're talking about.

NVMY03GT · 07/24/2008, 08:55 AM

Quote:

Originally Posted by Phinhead54

No offence, but if you don't know the answer to this question, do some reading up on domain administration before you mess too much of the environment up. If it's a Small Business server and it's running Exchange then chances are, in fact I'm almost positive that they are running an Active Directory Domain. The backbone of Active Directory is DNS, the ISP's DNS server is not going to suffice for what AD needs (SRV records among other things). I guarantee you if you try to use the ISP's DNS server for everything you will make things stop working. You should have an internal DNS server for all the AD niceties and forward external requests through the internal server to the ISP's DNS servers.

In my opinion, leave the server the way it is. Let it serve DHCP, let the DHCP server dynamically update DNS, let it be the Exchange server and if there are 5 users it can be the file server too, that is what Small Business Edition is designed to do. Also, Windows DHCP is going to be much better and easier to configure and use then the DHCP server built into a router, especially if it's being used in a business setting.

I would not personally open up OWA to the Internet if you're serving it off the computer that hosts the Exchange database, that is a security risk. I'd get a firewall that you could configure VPN access too and do it that way rather then RDP, but at that point it's mechanics. You could also configure a second Exchange front end server that just acts as the proxy to the machine with the database, but that will cost more in hardware and licensing and I'm not totally sure you could do that setup with Small Business Server in the mix.

Read up on Small Business Server as well, it's a different kind of beast then a full blown version of Windows, there are things you cannot do with a SBS because of the way it's designed.

As for the connection architecture it should go:

Cable Modem --> Firewall --> Switch --> Clients, Servers, WAP's

Or if you want to get really technical you could get a Firewall (sort of like the old Cisco 501's that they don't make anymore) that has multiple ports on it and put the Wireless and the Wired networks on seperate VLAN's, but for a small company that doesn't seem necessary.

Keep in mind this assumes that they are running Active Directory (which it seems like they are from what you've said), just from reading some of your comments, you may want to dig into Active Directory Domain concepts a little bit more before doing too much messing around, I have about 9-10 years of experience with AD (which is about as much as anyone can have considering when it came out) and I see some areas of weakness in your understanding that could cause you issues down the road if you try to mess with too much of what you're talking about.

They do have AD running. But again why even have AD in place for a group of "5" whopping people. Again AD is useful for HUGE corporations. I could even see 10 people not using AD. Hell 100 People yeah I could see putting it in place.

i see exactly what your saying and Im not trying to "Fix whats not broken" but serious its a mess the way he has it setup. Im not an expert on Exchange nor am I an expert at Service but I do most of the work at my corporation.

I do have a question though.

Right now he has an AP set up so that its plugged into the workgroup switch. I had to blow it away to get people to be able to connect to it because apparently he locked it down and only set up certain users to get onto it. So now its grabbing an IP I can't even get to

Phinhead54 · 07/24/2008, 09:34 AM

Quote:

Originally Posted by NVMY03GT

They do have AD running. But again why even have AD in place for a group of "5" whopping people. Again AD is useful for HUGE corporations. I could even see 10 people not using AD. Hell 100 People yeah I could see putting it in place.

i see exactly what your saying and Im not trying to "Fix whats not broken" but serious its a mess the way he has it setup. Im not an expert on Exchange nor am I an expert at Service but I do most of the work at my corporation.

I do have a question though.

Right now he has an AP set up so that its plugged into the workgroup switch. I had to blow it away to get people to be able to connect to it because apparently he locked it down and only set up certain users to get onto it. So now its grabbing an IP I can't even get to

If they are going to keep using Exchange then they need AD. Small Business Server is actually a fairly cost effective solution for small businesses like that.

Just Google the instruction manual for the AP, it probably just reset itself to it's default 192.168.x.x address, or it will tell you how to do a factory reset to a known default IP.

NVMY03GT · 07/24/2008, 09:38 AM

Quote:

Originally Posted by Phinhead54

If they are going to keep using Exchange then they need AD. Small Business Server is actually a fairly cost effective solution for small businesses like that.

Just Google the instruction manual for the AP, it probably just reset itself to it's default 192.168.x.x address, or it will tell you how to do a factory reset to a known default IP.

I did exactly what it said but it won't let you get to anything still

NVMY03GT · 07/24/2008, 09:40 AM

Quote:

Originally Posted by Phinhead54

If they are going to keep using Exchange then they need AD. Small Business Server is actually a fairly cost effective solution for small businesses like that.

Just Google the instruction manual for the AP, it probably just reset itself to it's default 192.168.x.x address, or it will tell you how to do a factory reset to a known default IP.

Also as for Exchange the only reason I considered a WEB Based email is because right now they are funneling through a PUBLIC URL with UN and PW's and they don't care for it like that I suggested an SSL based Webmail and they were happy as a pig in shit abou tit!

LogicGate · 07/24/2008, 10:50 AM

DD-WRT FTW!

Phinhead54 · 07/24/2008, 10:51 AM

Quote:

Originally Posted by NVMY03GT

I did exactly what it said but it won't let you get to anything still

Did you configure the computer you're trying to access the AP on to the be on the same IP scheme as the AP's address?

Phinhead54 · 07/24/2008, 10:52 AM

Quote:

Originally Posted by NVMY03GT

Also as for Exchange the only reason I considered a WEB Based email is because right now they are funneling through a PUBLIC URL with UN and PW's and they don't care for it like that I suggested an SSL based Webmail and they were happy as a pig in shit abou tit!

Exchange can be SSL protected and there are other ways to make their current setup work without reinventing the wheel.

NVMY03GT · 07/24/2008, 12:54 PM

Quote:

Originally Posted by Phinhead54

Did you configure the computer you're trying to access the AP on to the be on the same IP scheme as the AP's address?

Linksys Website states how to reset back to defaults (done) Then it says to get into it connect Cat 5 cable FROM AP directly to laptop and access via 192.168.1.245. Tried that it never finds it.

dazed1 · 07/24/2008, 01:21 PM

Quote:

Originally Posted by NVMY03GT

Linksys Website states how to reset back to defaults (done) Then it says to get into it connect Cat 5 cable FROM AP directly to laptop and access via 192.168.1.245. Tried that it never finds it.

Did you set your laptops IP to 192.168.1.x with 192.168.1.245 as the gateway?

Phinhead54 · 07/24/2008, 01:55 PM

Quote:

Originally Posted by dazed1

Did you set your laptops IP to 192.168.1.x with 192.168.1.245 as the gateway?

Shouldn't need a gateway, it's accessing on the local subnet, but the laptop will have to be 192.168.1.[any number under 255 except 1, 245 or 255 itself]

NVMY03GT · 07/24/2008, 02:03 PM

Quote:

Originally Posted by Phinhead54

Shouldn't need a gateway, it's accessing on the local subnet, but the laptop will have to be 192.168.1.[any number under 255 except 1, 245 or 255 itself]

actually if the cable is plugged directly into it thats a direct interface does it not?

dazed1 · 07/24/2008, 02:06 PM

Quote:

Originally Posted by NVMY03GT

actually if the cable is plugged directly into it thats a direct interface does it not?

No. You're going to need to specify the IP.

NVMY03GT · 07/24/2008, 02:12 PM

Quote:

Originally Posted by dazed1

No. You're going to need to specify the IP.

To open the Gui not to static assign to the client correct?

dazed1 · 07/24/2008, 02:17 PM

Quote:

Originally Posted by NVMY03GT

To open the Gui not to static assign to the client correct?

laptop ip: 192.168.1.10
then open a webbrowser and go to 192.168.1.245 .

Username will probably be blank, with admin as the passwor.d

NVMY03GT · 07/24/2008, 02:34 PM

Quote:

Originally Posted by dazed1

laptop ip: 192.168.1.10
then open a webbrowser and go to 192.168.1.245 .

Username will probably be blank, with admin as the passwor.d

No need for Gateway or SM?

Phinhead54 · 07/24/2008, 02:35 PM

Quote:

Originally Posted by NVMY03GT

No need for Gateway or SM?

You always need a subnet mask, in this case 255.255.255.0, if it makes you feel better you can use 192.168.1.245 as your GW, but it's not necessary.

scoliosis · 07/24/2008, 03:33 PM

Once you reset it to default, wouldn't it just hand out IPs via DHCP anyways? Your laptop plugged into the router's switch should just get the right IPs and what not. Oh make sure you don't have the AP plugged into your network while this is going on, you don't want it handing out DHCP addresses to your network

Phinhead54 · 07/24/2008, 03:56 PM

Quote:

Originally Posted by scoliosis

Once you reset it to default, wouldn't it just hand out IPs via DHCP anyways? Your laptop plugged into the router's switch should just get the right IPs and what not. Oh make sure you don't have the AP plugged into your network while this is going on, you don't want it handing out DHCP addresses to your network

I'm not sure the DHCP server is turned on by default just for that reason

Sh4d0wX7 · 07/24/2008, 11:13 PM

By chance, have you even tried a hard reset of the router?

NVMY03GT · 07/25/2008, 07:07 AM

Quote:

Originally Posted by Sh4d0wX7

By chance, have you even tried a hard reset of the router?

If your referring to the AP then yes. I followed Linksys Instructions and did exactly what they said

Sh4d0wX7 · 07/25/2008, 11:36 AM

Quote:

Originally Posted by NVMY03GT

If your referring to the AP then yes. I followed Linksys Instructions and did exactly what they said

I meant the button on the side. The one you push with a pin to reset it.

NVMY03GT · 07/31/2008, 07:31 PM

Alright - Im going to leave the current setup in place - upon further review it would fall to pieces if I try to revamp anything - However upon Review today I am going to modify some things.

They want to move the server to the basement - I told him that shouldn't be a problem as long as its elevated off the ground so that water doesn't get near it - Its not wet down there but its still the basement

That being said I discovered something else down there. He has another Netgear mounted to the ceiling (non managed)

So the current setup is this:

Cable (Netgear Router) --> Server --> Linksys 5 Port Work Group Switch ---> Linksys Wireless Router, and also a Netgear 8 port HUB - Yes i said HUB.

So What I was going to do is consolidate a little bit. and go like this:

Cable (Netgear Router) --> Server --> Linksys 16 Port Switch ---> Clients, and Wireless Router.

THoughts? ITs onl $100 for the switch and if we are re running cables downstairs I just think it would be a lot easier to get things on the same page then jumping through switch, hub etc.

Thoughts?

scoliosis · 07/31/2008, 08:34 PM

Yeah the basics of that would work. I assume the Netgear router has firewall and SPI capabilities, if it doesn't get a new one that does. How are you securing the Wireless Router? Depending on it's capabilities, I would make it do WPA+Radius auth. Radius can be installed onto the Server (freebie with Windows). That way only authorized people can log on to your wireless network.

My anal rententive setup has the wireless network firewalled off to a different subnet, enabled WPA2 + Radius authentication using SSL cert exchange.

NVMY03GT · 07/31/2008, 09:10 PM

Quote:

Originally Posted by scoliosis

Yeah the basics of that would work. I assume the Netgear router has firewall and SPI capabilities, if it doesn't get a new one that does. How are you securing the Wireless Router? Depending on it's capabilities, I would make it do WPA+Radius auth. Radius can be installed onto the Server (freebie with Windows). That way only authorized people can log on to your wireless network.

My anal rententive setup has the wireless network firewalled off to a different subnet, enabled WPA2 + Radius authentication using SSL cert exchange.

I think your correct on the NetGear Router.

As for the Wireless - Initially Iw as going to just do WEP (128 Bit Naturally) with a hidden SSID). I could do WPA/Radius but again its an office of 5 people is it needed? Don't get me wrong I understand Security first but when shit breaks you better be in the line of fire fixing it. The goal is to make it so you can walk them through over the phone - yes its nice to get money for fixing stuff but at the same time when you live like 50 miles away making road trips isn't fun

scoliosis · 08/01/2008, 05:21 PM

Quote:

Originally Posted by NVMY03GT

I think your correct on the NetGear Router.

As for the Wireless - Initially Iw as going to just do WEP (128 Bit Naturally) with a hidden SSID). I could do WPA/Radius but again its an office of 5 people is it needed? Don't get me wrong I understand Security first but when shit breaks you better be in the line of fire fixing it. The goal is to make it so you can walk them through over the phone - yes its nice to get money for fixing stuff but at the same time when you live like 50 miles away making road trips isn't fun

At the minimum use WPA it's as easy to set up as WEP. In fact it's easier since with WPA you can use actual phrases for password rather than those stupid hex codes. Just for shits and gigles use something like "The l4st netw0rk dude w4s 4 dumb4ss"

. Don't use WEP, takes all of 10 minutes to crack it and hidden SSID don't do shit other than making it harder to find the AP for your legitimate users. The SSID is still in the packet in the air. It is really a myth as far as being a security tool.

Stan · 08/18/2008, 11:30 AM

No offense dude, but it sounds like the guy before you had things working ok. It's always tempting to revamp everything when you take over where someone else left off, but like Phin said, it sounds like you need to do some research first. Based on some of the things you said about IP addressing and basic LAN switching, I wouldn't touch anything yet if I were you.

07/23/2008, 08:49 PM	#1 (permalink)
NVMY03GT High Heels LuVeR Join Date: Jun 2002 Location: Union, KY Vehicle: 2003 Saturn Ion Posts: 6,764	DHCP or managed Router? Alright. I'm taking over an office for a company and the office only has like 5 people in it total. The IT tech in there before me made their network ridiculous - part of the reason they don't want him around anymore. Upon my evaluation. He setup the following - NetGear Router - 5 Port Linksys Nonmaged switch - Linksys Wireless Access Point, and all tied in the middle of it is a Windows 2003 Server for Small Business serving DHCP. So my question and I proposed this to him as well but why the hell did he need to make the server DHCP? I mean for 100+ people yeah i could see it but for 5+ people. Just use a self managed router - do some port forwarding yes? Thoughts?

07/23/2008, 08:58 PM	#2 (permalink)
Bitter am cat Join Date: May 2004 Location: South of Chicago Vehicle: 2007 Camaro Posts: 35,618	i bet that'd work. just goto best buy and grab a $80 router then put it in a huge box with blinking lights and loud fans for show. but before you ditch the server, ask them more about this. i mean maybe they wanted something really weird that required there being a server for them? __________________ 2000 Celica GTS 'slowest gts evar' 1993 Geo Prizm 7A-FE/A245E

07/23/2008, 10:03 PM	#8 (permalink)
Sh4d0wX7 Epic Member Join Date: Sep 2007 Location: Ruston, LA Vehicle: 2003 T19 Eclipse RS Posts: 2,232	Personally, I'd just use a damn router with a switch. Like you said, a separate server for 5 users? WTF? That's ridiculous. Now I would have the server PC being used for a printer and for some files. As far as email goes, I'd register a domain and just go that route. __________________ Member's Ride Thread: My Steel Blue Pearl

07/24/2008, 03:33 PM	#27 (permalink)
scoliosis &quot;I dunno&quot; guy Join Date: Jan 2002 Location: Seattle Vehicle: 2009 BMW 328i Coupe Posts: 1,268	Once you reset it to default, wouldn't it just hand out IPs via DHCP anyways? Your laptop plugged into the router's switch should just get the right IPs and what not. Oh make sure you don't have the AP plugged into your network while this is going on, you don't want it handing out DHCP addresses to your network __________________ My Blog

07/24/2008, 11:13 PM	#29 (permalink)
Sh4d0wX7 Epic Member Join Date: Sep 2007 Location: Ruston, LA Vehicle: 2003 T19 Eclipse RS Posts: 2,232	By chance, have you even tried a hard reset of the router? __________________ Member's Ride Thread: My Steel Blue Pearl

07/24/2008, 10:50 AM	#15 (permalink)
LogicGate Just Married 05-15 Join Date: Jan 2006 Location: Orlando, FL Vehicle: 2001 Eclipse GT Spyder Posts: 1,753	DD-WRT FTW!

07/31/2008, 07:31 PM	#32 (permalink)
NVMY03GT High Heels LuVeR Join Date: Jun 2002 Location: Union, KY Vehicle: 2003 Saturn Ion Posts: 6,764	Alright - Im going to leave the current setup in place - upon further review it would fall to pieces if I try to revamp anything - However upon Review today I am going to modify some things. They want to move the server to the basement - I told him that shouldn't be a problem as long as its elevated off the ground so that water doesn't get near it - Its not wet down there but its still the basement That being said I discovered something else down there. He has another Netgear mounted to the ceiling (non managed) So the current setup is this: Cable (Netgear Router) --> Server --> Linksys 5 Port Work Group Switch ---> Linksys Wireless Router, and also a Netgear 8 port HUB - Yes i said HUB. So What I was going to do is consolidate a little bit. and go like this: Cable (Netgear Router) --> Server --> Linksys 16 Port Switch ---> Clients, and Wireless Router. THoughts? ITs onl $100 for the switch and if we are re running cables downstairs I just think it would be a lot easier to get things on the same page then jumping through switch, hub etc. Thoughts?

07/31/2008, 08:34 PM	#33 (permalink)
scoliosis &quot;I dunno&quot; guy Join Date: Jan 2002 Location: Seattle Vehicle: 2009 BMW 328i Coupe Posts: 1,268	Yeah the basics of that would work. I assume the Netgear router has firewall and SPI capabilities, if it doesn't get a new one that does. How are you securing the Wireless Router? Depending on it's capabilities, I would make it do WPA+Radius auth. Radius can be installed onto the Server (freebie with Windows). That way only authorized people can log on to your wireless network. My anal rententive setup has the wireless network firewalled off to a different subnet, enabled WPA2 + Radius authentication using SSL cert exchange. __________________ My Blog Last edited by scoliosis; 07/31/2008 at 08:36 PM.

08/18/2008, 11:30 AM	#36 (permalink)
Stan It's TEE not TE, wtf Join Date: Aug 2001 Location: Syracuse, NY Vehicle: 08 Mitsu Lancer Posts: 3,881	No offense dude, but it sounds like the guy before you had things working ok. It's always tempting to revamp everything when you take over where someone else left off, but like Phin said, it sounds like you need to do some research first. Based on some of the things you said about IP addressing and basic LAN switching, I wouldn't touch anything yet if I were you.