Networking → new cogeco static IP account.. need help setting up rest o

Sorry for the cross post as I put this question first under the cogeco forum..

Hello all,
Can anyone assist in helping me set up a LAN network diagram that would include a home security video server, a separate wireless network, a network for 4 workstations and printer, and another separate network for 6 workstations with WiFi connectivity? I don't want the networks to see each other but I want them all to be able to use the internet connection.
I have not done any subnet masking yet so willing to learn!
Right now I has a gateway IP and a reg IP with a subnet mask of 255.255.255.252(?) From cogeco.. I have a 3com 24 port switch but only the router that came with the install. I know I need to pick up some more gear but not sure what the plan would be to set up what I need.. Thanks in advance!

you need a vlan switch and a router. it probably isn't worth getting into the rest if you are not able to get either of those items.

have you worked with vlans, before?

i recommend pfsense for the router.

Thanks.. I have a Baseline Switch 2426-PWR Plus (3CBLSF26PWR) available for use and can set up pfsense on a spare laptop for the router solution. So right now I have Modem -> Cisco 3825 Cogeco router -> switch and pfsense as router. where do I go from here?

sorry.. put the wrong info there. The router is a Cisco 867

do you need the cisco 3825 router?

pfsense won't be of much use on your laptop if it only has 1 NIC to work with.

have you worked with vlans before?

Not true. If he has a VLAN switch he can just create another VLAN and use it as the WAN.

/M

yeah, true, but i don't think that would be the ideal setup. that wouldn't be the way i would roll out pfsense for someone who hasn't used it before.

personally, i like the more traditional setup. 1 NIC for WAN, 1 NIC for LAN and 1 NIC for all your VLANS. if i only had 2 NICs i would dedicate 1 to WAN and the other to LAN/VLANs.

it all depends what you are more comfortable with.

So, all we have right now is one static IP from the cogeco set up. We do have that switch to use if needed or we will buy whatever equipment is required or build the box for pfsense if required.
So, the end result needs to be a connect the a QNAP vs6116 pro so we can set up cameras. Have the ability to have a workstation monitor the cameras as well as remote login and wifi connectivity. And 2 separate LAN for workstations with internet connection (one with wifi, one without). That is the end result but we are still planning it out and have been picking up what we need.
Thanks again for any help.

you need to answer some questions first.

do you need the cisco 3825 router (is this ISP required equipment or can you use your own router)? you don't want two routers on your network unless there is a specific reason for it.

have you worked with vlans before?

When you say a Cisco 867, do you mean this model ?

Just to be sure, is this the EXACT layout and CORRECT listing of the gear?

Modem -> Cisco 867 router -> Baseline Switch 2426-PWR Plus (3CBLSF26PWR)
 

As others have said, you'll definately need to understand how VLANs work, and have
some device capable of creating, seperating and isolating the following zones / VLANs.

- home security DVR
- wifi zone #1
- 4 workstations + printer
- 6 workstations + wifi zone #2

_IF_ it is that Cisco 867 I linked to

a) is this a device you yourself own and have config access to, or is it simply
supplied and configured only by Cogeco?

b) do you have someone who is experienced with Cisco IOS?

Off the top of my head, _IF_ the Cisco 867's yours and has the right revision of
code, and the switch in question supports VLANs, you could do this pretty easily
without additional hardware / software.

My 00000010bits

Regards

The cisco router is as pictured. It was brought in by Cogeco with their modem. I can't seem to access it though so I don't know if it just configured to allow my static IP (integrated services?). When I connect straight to either it or the through the switch, I cannot access anything at the default gateway (given from Cogeco). I will double check the version/model. I am thinking I need another router if that cogeco one is or figure out that switch and VLAN's setup..

Let me try phrasing my question about the 867 another way : does it have a "property of Cogeco"
label or something similar stuck on it?

Regards

No such stickers..
exact model is 867VAE-K9
Switch is 3CBLSG24PWR Baseline 3924 PWR Plus

Info from Cogeco
Gateway: 192.XXX.XX.73
Static: 192.xxx.xx.74
subnet 255.255.255.252

I have the router to the switch and the switch to a termination jack. Connected to there with my laptop configured to the static IP info, I am able to connect to the internet.
I can ping gateway with my laptop configured with static ip, but can't enter the web based router setup. Not sure if I need to use console port or how to connect to set it up..
Do I need to use a terminal program for router configuration? and switch configuration?

Question, while your computer's plugged into this existing setup, is it getting a 10.x.x.x, 172.16.x.x, or 192.168.x.x IP address?
Or is it getting one from the 192.x.x.73/74 block you mentioned?

I'll tell you RIGHT NOW that the configuration / operation of the 867 is NOTHING like your bogstandard DLINK/LINKSYS/BELKIN/et al
gear. You're going to need telnet or SSH access to it, or a 9pin console cable physically plugged into the port labelled "CONSOLE."
You'll also need a terminal program capable of doing 9600baud-8-N-1 -- Windows Hyperterminal is easily able to do this.

If this is indeed a Cogeco-owned device -- as I strongly suspect it is -- they'll also likely have a password configured on it, and
if you don't have that, then you can't change the configuration, much less get into the device remotely.

If you can figure out the IP address of the 867, and if you can figure out how to console / telnet / SSH to it, AND it doesn't
have a password, I think I can easily walk you through the rest of this.

EDIT : here's step by step instructions for connecting / accessing a Cisco device via the physical CONSOLE port... if you're feeling daring to give it a try.

Regards

I am connecting via a ip address in the 192. block. I gave the laptop the second IP and pointed it to the gateway and no issues connecting or getting on. It is the router that has me befuddled as it is the first one I have come across.. yes.. all off the shelf home routers in the past.
I will post back to share my sucess.. or bitter failure..
thank you for the link! Google let me down.

Good luck with things and let us know how it goes with the 867.

If it doesn't work, you're going to need to find some other equipment to do what you want to do.
Some other questions you're going to need to answer as well :

- what's your internet speeds from Cogeco?
- what's your budget for this project?
- what's your technical expertise and/or expectations of support -- Google-fu? Late night seance? Paidfor phone / onsite?
- any need for gigabit ethernet?
- (plans for) growth / expansion in the next year? in the next 3 years?
- any other (specific) requirements from the equipment?

As to your switch, it looks like you're in a good place with it, based on this datasheet as it does do 802.1q VLANing.

Regards

Erm... yeah... that Cisco 867VAE-K9 IS locked down, and is property of Cogeco, and all interfaces (console and otherwise) require password to access.

It is not configured as a router, (it infact does not run any routing protocols, DHCP, etc... on its LAN interfaces), but is rather a tunnel endpoint to provide reliable & transparent static services over a DHCP based DOCSIS network.

Thanks for that info Marcer.
So, looking to spec out and pick up a router. So far my map looks like this.. I will need to figure out how to subnet or VLAN the zones and do I neet an AP for every zone that I want to have wifi access to? I think I do but not certain.

you need to answer HELLFIRE's questions.

Looking over what you've listed the critical piece of knowledge outstanding is the AP you're planning on using. If that AP supports multiple SSIDs with Dot1q you're off to the races...

For an initial setup, you can connect the 867 to one FE port, assign it to it's own VLAN, connect the rest of the FE switch ports to their PCs with their respective VLANs, Dot1q the first GigE port to your AP, with discrete SSIDs for each VLAN, and use the final GigE port to configure a router-on-a-stick for pfsense, which will handle all inter-VLAN routing to/from the 867... Eventually, I would recommend a dedicated router over the pfsense setup, but that's me.

*For full disclosures sake, I DO work for Cogeco. That said, you're likely local, so if you want to chat about the setup, make an account and shoot me a PM*

That's a DESIGN question you're going to have to answer for yourself, OP.

I can say in terms of a multiple AP design, that's only relevant if you have a lot of floorspace
to cover OR if you want seperate APs / SSIDs for each "zone" -- ie. AP / SSID A users cannot connect
to AP / SSID B users and vice versa.

@ Marcer
Crazy question, and for my own personal edification... if the user were to request it, what's the
likelihood of Cogeco changing the configuration of the 867 from plain DSL modem to a fully-managed router
with segregated VLANs, as is basically needed at this point?

Regards

Likelyhood... IMHO ranks up there with the likelyhood of a member of the Sus genus successfully sustaining heavier-than-air aerodynamic lift in a controlled manner.

There's a litany of reasons but I'll settle on the simple, it would be a nightmare to support custom configurations.

P.S. We're a cable company.. the DSL modem on this unit is unused.

Question answered... so unless OP wants to yell at or wave cash (or both) at their Cogeco account manager
to reconfigure the 867, the only viable option is to purchase a router capable of VLAN operation.

Before you go asking which piece of kit to pick out, you're going to need to answer that list of questions
I asked earlier.

Regards

Response for Hellfire..
- what's your internet speeds from Cogeco? Great.. 60Mbps + down, 10 - Mandeep25Mbps+ up
- what's your budget for this project? no cap
- what's your technical expertise and/or expectations of support -- Google-fu? Late night seance? Paidfor phone / onsite? - Support is all in house -
- any need for gigabit ethernet? - yes 1GB ethernet will work fine.. 10GB not needed
- (plans for) growth / expansion in the next year? in the next 3 years? - none.. this is it
- any other (specific) requirements from the equipment? - nope.. one of the zones has a NAS for a file server.. but that zone has its own lan already .. it just needs a spot to jump into the shared internet

We picked up 2 AP for as we changed the map for only 2. One for the cameras and one for a zone.
They are EnGenius EAP350 AP that support multi-SSID (4 SSID) +VLAN tag

We also have borrowed a DIR 655 to use as a router to test until we can spec out one that would be a better fit for us.

Then you may want to ask internally what gear people have had experience with, and what they prefer.
What is suggested around here may have never been seen by the people that have to support it.

In that vein, pfsense has already been mentioned, and there's other *nix distros of firewalls out there,
if you want a DIY style of project.

Edgerouter Lite is a fairly small and feature-rich device available for $100USD -- again it's more DIY
but not impossible to set up.

Could look at loading DDWRT, Tomato, etc. onto a consumer-level router, as they support 802.1q VLANs.

You could pick up enterprise-level gear from the likes of Netgear, Sonicwall, Zyxel, Juniper, and Cisco
that would do what you want. Again... keep in mind it depends on how comfortable the people supporting
are with working with the gear. It WILL be a learning curve if they've never seen it before, but if
they know it fairly intimately, then it should be doable.Not sure if I really believe that statement, personally... when someone says "no cap" on the budget, I take
that as "they just haven't seen the final bill (yet)."

My 00000010bits

Regards

Thanks Hellfire..
love your sig by the way!