This past week I had received a call from a client who has asked me to help them with rebuilding their network in his home & home office.
He stated that he wanted a device which he can use as a one stop shop to be able to administer his network.
I suggested to him PFsense and how be integrating this firewall into his network would be the best option for him without having purchase an cisco router.
I explained that configuring PFsense be the main router to administering his entire network. The client then explained that he was experiencing speed degradation on his network as well for a while. I asked if there were anything on his network that would cause it to have interference or any collisions or ip conflicts. He said no so I had to actually look at the network myself to figure out what was wrong.
Image below was how the network was setup when I arrived on site will called the picture example 1
Looking at the example1 image
After entering my clients home I saw a few areas on his network that would need to be done
Looking at the network I saw there was indeed a IP conflict on the network also the wireless extender he was using was an Netgear n300 which only give up to 300 mbs bandwidth.
Depending on the distance between the Netgear n300 extender and the verizon router that can be the cause for the speed degradation on the the clients network.
After running a speed test on the office network, I saw first hand that the extender was the cause for the slow speeds in the office network, the metrics given after running the speed test on a verizon fios 1gb network was 60 down and 55up which was terrible for an office, however when the speed test was ran while connected directly to the fios router speed were 302 up and 330 down. Not to mention that the client was also experiencing latency on the network as well which was probably caused due to the many collisions and the IP conflict ins which I found was caused by the 2 routers that were on the network which was the verizon router & the netgear routers, both having the same ip address of 192.168.1.1. Which was why my client was having problems with accessing the netgear router over its ip address.
Now before starting anything on this network I asked the client how they want the network configured? He stated that he wanted to have the a one stop shop where he could monitor his network without having to use multiple software to do it which that was why I suggest pfsense in the first place. Also he said that he wants to keep both the home and office networks to be separate from each other since he has his domain controller for office and his fail over server 2012 machine in his office network. I told him I was going to have to completely strip the entire network down and rebuild it again. He said he was fine with it. So I took the time to sit down and wrote a diagram of how the network should be setup
Here is the diagram I wrote up for the original plan of action on how to build this new network
Looking at the original design,
First I setup the PFsense router to have 4 networks configured on 4 interfaces to allow the PFsense router to gain access to the internet by going into the verizon router then from the verizon router to the verizon ONT then out to the internet over its WAN port then be the primary gateway to the internet for all other device except for the verizon fios router.
Now the 4 network were
- WAN (Ip give by verizon)
- LAN(Home) 22.214.171.124 /24
- Office 126.96.36.199 /24
- Wireless 188.8.131.52 /24
Now the WAN network of course would allow the PFsense router to gain access to the internet. The LAN would connect all devices that would be connected via cable for the home. The office network would handle all devices connected in the office. And, lastly the wireless network could handle all wireless devices on the network.
Next I suggest that we complete removed the wireless extender off the network, since the cause of the internet speed issue was because of the extender. Replace the extender for a router and configured it as an pass-through device. So if the client wishes to have access to the office network on a wireless device he can without have to go through home wireless. Then get a non-managed switch to connect to the router in the office then connect his Home Server, PS4, and his primary domain controller to the switch So while connect on the office network all device would be given an in the Office network range of 184.108.40.206 – 220.127.116.11 using PFsense’s interface 18.104.22.168 as there gateway. The router main role would be the help a wireless device to be able to access the office wireless it wont be handling DCHP that would be PFsene’s job for better management of the office network.
Then I suggested that to purchase a second router and switch to handle both the wireless and the Home network. Installation of these the switch and router would be simple. Plug the switch into the port 2 for the LAN on the PFsense router then plug his Smart tvs, media server, entertain system, and other home devices to that switch to receive there ips over the 101.0.1.x IP range.
Using PFsense port 2 IP of 22.214.171.124 as their gateway. also the same for the router by plugging the second switch in port 6, configure the router as a pass-through. Then connect all wireless devices to the router so they can receive an IP over the wireless interface of 101.0.0.x.
Lastly connect only leave the verizon cable connected to the verizon router turn off wireless capability on the router ensure that PFsense is the only device connected to the verizon router, connect the cable from the ONT for verizon FIOS into the verizon router now you have internet and all devices are managed by PFsense.
All though this was the plan the client could not afford at the time to get a second router and switch. So I had to do a bit modification to the plan
Now the Home Network was configured exactly as planned. However on the office network all I could do since the client could not get the second router or switch for the office. I configured the Netgear extender and the netgear router that was already there to work as pass-through devices. and connected the Netgear extender to the Linksys router which was handling the wireless connection for the home. So both the office and the wireless networks were using the same interface on port 6 and receiving ip addresses in the range of 126.96.36.199 – 188.8.131.52.
But to scale to the office network having its own switch and router in the future I configured the office network on port 3 with its ip range 184.108.40.206 – 220.127.116.11. So all the client would have to do is run a cable from the PFsense box to the router in the Office then plug the router to the switch then connect every device in the office on the switch and his office network would be complete.