dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6669
share rss forum feed

ImranUK

join:2005-02-08

[H/W] Home Setup - 50MB Cable Connection

Hello

I would appreciate some help with a purchase for a home network. I don't need anything fancy, I am looking at buying from eBay where possible.

I currently have an 877w which I use for a 20mb ADSL connection.

I am moving to a cable 50MB connection so speeds of 5-6mb/sec

The cable connection will be provided by a isp modem etc

Cisco recommended a 891w however it comes at a price!

Any recommendations? We all connect using wireless at home. Need a setup which can handle a cable 50mb connection easily.

Thanks,


kamikatze

join:2007-11-02
kudos:2
An 861 is able to push that but with no extra services enabled (firewall/IPS/crypto), just NAT and some ACL entries.

If you want more power look for a 1811/1812, they are super speedy for this job.

You'll also gonna need a 802.11n access point, a cheap D-Link/Linksys should do. No need to go Cisco for 11n home use.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
The 1801 - 1812 models, bar none. Avoid the 1841 and the lower end 28xx-series.
Only difference between th 180x and 181x models is an additional routed FA port.

If you're feeling daring, the ASA5505 should also be able to handle a 50Mbit pipe
and come in under the $500 price-mark, though I haven't had a chance to test one
to it's limits yet.

Regards

tibook
Premium
join:2010-02-15
Chesapeake, VA
What would be the main disadvantage of choosing something like the ASA for home use? I have a similar connection ~60/6.5, and want a fast router with NAT, QoS. Trying to find something that is affordable for home and won't choke on my connection seems to be slightly mysterious in Ciscoland.


kamikatze

join:2007-11-02
kudos:2

2 edits
reply to ImranUK
Throughput. ASA can do wirespeed with pretty much anything you throw at it. And for home use you would only need a firewall,
ASA is one from mother nature.
The tiny 5505 is AMD Geode 500 MHz chip, bunch of DDR, linux kernel, ASA code on top of linux.

Disadvantages i had run into:
* No telnet/ssh client on the box itself, which doesn't seem much of a big deal but IT IS, especially if it's the only box lying around a network.

* No DHCP reservations.

I run a 1811 at home. It can max out my 100Mbps pipe any day of the week.

ImranUK

join:2005-02-08
said by kamikatze:

An 861 is able to push that but with no extra services enabled (firewall/IPS/crypto), just NAT and some ACL entries.

If you want more power look for a 1811/1812, they are super speedy for this job.

You'll also gonna need a 802.11n access point, a cheap D-Link/Linksys should do. No need to go Cisco for 11n home use.
I guess I will only require a few NAT rules and ACL entries.

Looking at the 1811/1812, cheapest possible available is £580 ish.

Someone has recommended a 2651XM which they use with a 50mb cable connection, any comments?

Which access point in particular would you recommend? I would possibly need something with a high gain antenna etc

said by HELLFIRE:

The 1801 - 1812 models, bar none. Avoid the 1841 and the lower end 28xx-series.
Only difference between th 180x and 181x models is an additional routed FA port.

If you're feeling daring, the ASA5505 should also be able to handle a 50Mbit pipe
and come in under the $500 price-mark, though I haven't had a chance to test one
to it's limits yet.

Regards
Thanks Hellfire, looking at the ASA5505

kamikatze, how difficult would a 1811 be to configure?

Thanks everyone

tibook
Premium
join:2010-02-15
Chesapeake, VA
reply to kamikatze
NAT reservations isn't a big deal, I can just assign static IPs beyond the leasing scope.

I assume though, that the ASA can't do things like QoS, or bandwidth restrictions on a certain port, or can it?

For home, I'm not too concerned about the firewall, just NAT, some port routing, and low latency/fast throughput.


kamikatze

join:2007-11-02
kudos:2

2 edits
said by tibook:

I assume though, that the ASA can't do things like QoS, or bandwidth restrictions on a certain port, or can it?
It can.

»www.cisco.com/en/US/docs/securit···p1064207

The security appliance supports the following QoS features:

•Policing—To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow. See the "Policing Overview" section for more information.

•Priority queuing—For critical traffic that cannot tolerate latency, such as Voice over IP (VoIP), you can identify traffic for Low Latency Queuing (LLQ) so that it is always transmitted ahead of other traffic. See the "Priority Queueing Overview" section for more information.

•Traffic shaping—If you have a device that transmits packets at a high speed, such as a security appliance with Fast Ethernet, and it is connected to a low speed device such as a cable modem, then the cable modem is a bottleneck at which packets are frequently dropped. To manage networks with differing line speeds, you can configure the security appliance to transmit packets at a fixed slower rate. See the "Traffic Shaping Overview" section for more information.

For home, I'm not too concerned about the firewall, just NAT, some port routing, and low latency/fast throughput.
You should be fine with any of the newer boxes, 891/181x/180x/19xx/ASA5505.

The 1800 series is just as simple/difficult to configure as any other Cisco router, nothing uncommon.

Try looking for 1801/1802, they are cheaper but you lose a routed Fa port. (just 1 routed Fa for WAN and the built-in switch for LAN). You should be able to find them way under 500, i paid 188 GBP for mine, but i stalked ebay for a while:)
Good luck!

Oh and as far as the 2651XM goes, don't even think about it, it's ancient technology, it spits blood at ~15-20Mbps. I have one in my lab, very nice gear but not for 2010.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
Should also mention another contender for "packet-pushing eBay Cisco" is the
37xx series routers.

@tibook
Two disadvantages of the ASA I've found:

1) know what you need versus each licence level gets you. For home use, Base
should be enough, but if you want to get fanci(er) -- ie. more VLANs, bigger
DHCP pool, stateful failover -- look for an Unlimited / SecPlus licence.
2) ASA cmd set != IOS cmd set, so be prepared for a steep learning curve.
Cisco and the internet will be your close companions while you work your way
thru this.

Get routerperformance.pdf from Cisco and use it as a starting point of what
kind of performance you want. I've found the numbers for the older stuff
like the 16xx / 17xx / 26xx are generally pretty accurate, though the numbers
for the 18xx and lower-end 28xx series are alittle questionable given the
results people have gathered here from production environments.

@ImranUK
Are you looking for a Cisco AP specifically or any wireless router?

@kamikatze
You wouldn't happen to have any performance graphs of what this 1811 is doing
on your 100Mbit line would you? Just for posterity's sake

You also wouldn't happened to have put an ASA thru your (in)famous "will it
blend" test like the 1811 to see what it could do for raw and crypto thruput
recently?

Regards


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by HELLFIRE:

2) ASA cmd set != IOS cmd set, so be prepared for a steep learning curve.
Cisco and the internet will be your close companions while you work your way
thru this.
only sorta
i usually tell people who are migrating from routers to asa devices - take everything you learned for a router and do it exactly opposite for an asa. wildcards are subnets, subnets are wildcards, order of operations is different and everything is nat'ed (even when its under a nat0 exemption).

keep that in mind and you'll be fine

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

macallah

join:2003-01-22
Wichita Falls, TX
reply to ImranUK
Well I have upgraded cable speed to run into a similar situation now. My 861 cannot handle 50mbit/sec with the firewall on. It manages about 15Mbit/sec.

Anyone end up using the ASA 5505 at home? What is the 10 vs 50 license? Is that tunnels or is it 10 IPs through NAT? I only connect to work on one computer, but have about 15 internet aware devices (computers, tvs, set top boxes, etc) around the house.

bigsy

join:2001-07-18
ireland
kudos:1
said by macallah:

What is the 10 vs 50 license? Is that tunnels or is it 10 IPs through NAT?
For license information, look at table 3-1 at »www.cisco.com/en/US/docs/securit···nse.html

Assuming you're in routed mode, it's the number if concurrent users going out via the outside VLAN.

elnino

join:2006-08-27
Akron, OH
said by bigsy:

said by macallah:

What is the 10 vs 50 license? Is that tunnels or is it 10 IPs through NAT?
For license information, look at table 3-1 at »www.cisco.com/en/US/docs/securit···nse.html

Assuming you're in routed mode, it's the number if concurrent users going out via the outside VLAN.
Yes, that's correct. On the 14 devices that don't need internet access, you can remove the default gateway and then use the 10-user license

macallah

join:2003-01-22
Wichita Falls, TX

2 edits
reply to ImranUK
Looking around it looks like one could pick up an 1811 used or an ASA 5505 (50 user) for close to the same price (within about $100).

Is the 1811 noisy? Is the ASA 5505 hard to configure (only have worked with cisco routers)? Can they both do about the same thing (i.e. keep up with high speed internet with firewall)?

I see the posts above about 1811 keeping up with 100Mbit/sec is that with normal firewall/NAT/etc. Nothing fancy?

Essentially I do not mind spending 500-700 for something, but if the speed on the connection goes to 100mbit I want to be ready (i.e. possibly a couple years from now).

I have an 880 in one location, but it has slow internet for now, so I cannot judge it. Is the 1811 faster? I know the routerperformance.pdf chart shows the 1811 between the 880 and 890, how does this compare to real use in the field.

I know the cisco chart says something outlandish like a 3900 series for this speed with all the stuff enabled, but I am not running 50 people behind it. I just want the firewall with 2 users able to go full speed.

I would even consider paying around 1100 for the 1941 if it blows away the others (although maybe 2901 is less expensive)

jh2010

join:2009-09-03
Brooklyn, NY
reply to ImranUK
I would see how the 871 handles the traffic before worrying about upgrading.

I use an 871(have an 851 as backup but it doesn't do IPV6) and would love the 1Gb/s External port and 8 Internal ports(4 can be POE) of the 891 but can't afford it. I have a separate Netgear Router, configured as a bridge now that has 802.11a/b/g for Wifi. The 5Ghz is not crowded(I have 10 other 2.4Ghz WAPs in range of my Apartment) and would turn off 2.4HGhz except for my Blackberry and Iphone. 5Ghz also does not get wiped out by Microwave ovens and Cordless phones(not for me anyway) as much as 2.4Ghz.

Any of the later 802.11N WAPs should be able to handle 50Mb/s.

Why would you need a high gain antenna? If you are in a noisy area then it would only amplify the noise. Having a wider range also exposes your WAP to more interference and hacking possibilities.

my 2 cents worth.


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by jh2010:

I would see how the 871 handles the traffic before worrying about upgrading.
also take into consideration the types of traffic being considered.
nat-table translations through something like bittorrent use more cpu resources than a simple download from a cdn or so.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


smunro622
Premium
join:2006-02-15
Madison Heights, MI
Reviews:
·Comcast Business..
reply to ImranUK
working on a asa 5505 now, doing the 2 gig flash and 1 gig mem upgrade, i have comcast 50/10 currently. with the new 8.3 ios upgrade requires additional memory... see other posts here in the forum, and dyndns updater with the asa. yes there is a higher learning curve on the asa i would agree but there are things out there to help

macallah

join:2003-01-22
Wichita Falls, TX
reply to ImranUK
Well most testing with the 861. With the firewall minimized the throughput jumps from 15mbit to 28mbit.

Looking forward to seeing smunro622's results with the ASA 5505.


smunro622
Premium
join:2006-02-15
Madison Heights, MI
reply to ImranUK
i am trying the flash and memory upgrade first with a clean newly loaded config, dhcp form the isp. I will post them as it wont be until weds nite is the plan to get things running.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
@macallah
From my personal experience, I had a 5505/10-user Base and a downstream 3750
with a 1000+ DHCP pool, never had a complaint about people accessing the Internet
simultaneously. This was an actual client that took the phrase "Cheap, Fast,
Perfect AND Ready By Yesterday" to the extreme everytime.

Was going to say that idolclub has a basic load test of a 5505 here as a performance baseline as well »ASA 5500 Series 8.3(x) Memory Requirements

Regards

macallah

join:2003-01-22
Wichita Falls, TX
said by HELLFIRE:

@macallah
From my personal experience, I had a 5505/10-user Base and a downstream 3750
with a 1000+ DHCP pool, never had a complaint about people accessing the Internet
simultaneously. This was an actual client that took the phrase "Cheap, Fast,
Perfect AND Ready By Yesterday" to the extreme everytime.

Was going to say that idolclub has a basic load test of a 5505 here as a performance baseline as well »ASA 5500 Series 8.3(x) Memory Requirements

Regards
That is the solution I think I am going to go with. I am just wondering how long I have to wait until the stock of the 256MB 5505s goes away since Cisco says they now need 512MB.

My current plan is to hook the ASA up to the WAN, then the LAN connection going to my switch. I will run the firewall and NAT on the ASA.

I will hook my current 861 up to the switch on the LAN side (just leave the 861 WAN disconnected) and have it handle all the stuff I already have in it like DHCP addresses, NTP and DNS services. May as well put the 861 to work since it is already here.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
You could just as easily pick up a stick of desktop 512MB DDR1 rather
than playing a waiting / guessing game for a 512MB-equipped ASA, but
that's your choice macallah.

Regards

macallah

join:2003-01-22
Wichita Falls, TX
reply to ImranUK
Well as an update, there seems to be a huge backlog on the ASAs. Looking like summer before more in stock.

So, I slid on over to ebay and picked up a 3745 to play with (er I mean hold me over) for $225. It is as noisy as a freight train, but lucky I have a basement wiring closet to stash it in.

It does max out the connection now (30mbit/sec) compared to the 861, and does not break a sweat (the 861 was maxing CPU). It looks like it will be able to go to 100mbits without really an issue when/if they get DOSIS 3.0 working here.

nosx

join:2004-12-27
00000
kudos:5
I use ebay'd 3745s a couple places (cheap places). They are deffinetly fast little packet pushers.
Keep in mind that they can do alot of traffic if its just plain and simple packet pushing. If you try tunneling around with ipsec etc make sure to pick up the VPN AIM module or they will spike their CPUs and start screwing up. I really love them for the price.


smunro622
Premium
join:2006-02-15
Madison Heights, MI
Reviews:
·Comcast Business..
reply to ImranUK
well, i have the 512 mb flah in the asa, the dram i ordered was for a 5510. found another site for the dram which is for the 5505. I have a 5520, w/aip and 5510 with malware on order fro work and they are saying July. I do have the 1 gig flash in the asa, just waiting on the dram. this will be connected to a 3550 and wireless curiosity of a 1252 ap when completed. I am getting much more faster downloads then before with my apple airport. It seems the price of the asa's are going up weekly on the used market as more and more are back ordered

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
@macallah
Any possibility of you taking a peek at the fans the 3745 uses? I'm wondering what size they are and
how many wires they use for a quieting project if possible.

Regards

macallah

join:2003-01-22
Wichita Falls, TX
said by HELLFIRE:

@macallah
Any possibility of you taking a peek at the fans the 3745 uses? I'm wondering what size they are and
how many wires they use for a quieting project if possible.

Regards
Well I thought about that... Doing from memory:

Across the front there are 4 (approx) 92mm fans. They are all wired into a custom connector, 3 wires each.

You can take off the fan front plate, but the thing is still noisy because the 2 power supplies each have a small (50mm?) fan that also are crazy noisy.

I decided to just put it in the basement wiring closet and shut the door, rather than try to silence them.

In my case I am just waiting until ASA 5505s come back in stock and I will remove the 3745 from service (it was just a cheap stopgap).

Here is a nice blog entry with pictures and discussion of changing the fans out: »www.trygve.com/blog_2009_08.html (3745 fan discussion/pictures about 2/3 down the page).

He replaced the 4 front fans, but be aware the power supply fans still run like mini dust busters. You cannot hear them over the front plate ones, but once those front fans are silent, these come to light.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
Thanks for the link macallah, definately a help.

Getting a 3745 is a possibility given the price, and the
expandability has possibilities for future learning experiences,
but the thought of living next to a jet turbine 24x7 has the
appeal of a full-mouth root canal

Regards

bclbob

join:2000-06-23
Oak Park, IL
I have a 3745 and I can push 60Mbit from my comcast connection no problems, and somehow I now have a 1000+ line config. I don't know how that happened, it's a great piece of kit. However it is noisy!!

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to ImranUK
Not to diverge too much off topic, but just how bad is the 3745 CPU at crypto / VPN?
Obviously if you were doing an enterprise hub-and-spoke or multi-site to site setup
you'd want to get the crypto AIM or a newer platform, but say you wanted a home setup
on a 100Mbit pipe or less, with provisions for a single remote or site-to-site VPN
connection, could the 3745 do that unassisted?

Regards