New kid on the block seeking knowledge

Greetings All,
I am new here and would to ensure I am starting off on the right foot.

I am looking at the option of re-purposing a D-Link DIR 615 router for use in a small law firm. My thinking is that given the 4 LAN ports I should be able to create 3 or 4 zones to seperate the LAN (Desktops, Laptops and other connected devices) from the Security systems (Cameras & electronic door locks); another zone for some IoT equipment they have and possibly a zone (wi-fi) for visitors.

I figure that going with OpenWrt will allow me to use lower cost hardware, help the environment, deliver very good security and keep the firmware up to date. Am I baring up the right tree or have I overlooked something?

Yes, but only to a point.

You don't mention the exact revision of your device, but it matters here, as there are at least 9 totally different (previously-) supported variants (and even more which have never been supported - and never will be). But regardless of that, none of those meets minimum system requirements, none of them is supported anymore and neither should be used, not at home and certainly not in a professional environment. Even if they still were, these early ath79/ rt3052 devices wouldn't have the performance nor the RAM to cope with the requirements of ~half a dozen of users with several dozen of devices, apart from their pitiful wireless hardware.

These devices do belong into a landfill, respectively deserve environmentally conscious recycling; the oldest h/w revisions having over fifteen years on the clock and the 'newest' at least eleven years.

5 Likes

Thanks very much for the response and for the valuable insight provided.

It sounds like I would need to take a surf of eBay and look for a much younger device. Would you be kind enough to suggest which D-Link I should be looking for?

What equipment currently exists in this setup, and what is the budget for building the new network?

Usually a business use setup uses business class equipment.

But if you ask me you need to start from the other way, what performance demands do the business have and what operational guarantees have they specified?

Now you work like “how little operational performance can they get with as little money as possible”, well I don’t thing you will be long at the job at that business as the “IT department” if the things doesn’t work.

Thanks to all for their responses.
Zone 1 - The LAN has 5 desktops (wired) and 5 laptops (wireless) and a Xerox Versa Link laser printer (wired). Main internet use is send/receive email, look up of Court documents/records and 2 or 3 online Court sessions via Zoom each week. The plan is to add a server in the future to hos a Document management System. Currently they are using the modem router provided by their telco.

Zone 2 - We are installing 8 cameras and a DVR followed by electronic locks on 3 (2 external & 1 internal doors.

Zone 3 - They recently bought a smart fridge and micro wave and will be purchase a smart TV for the Conference Room

Zone 4 (Optional) - A wireless Guest network to facilitate visitors. Here I plan to use a port on the router to connect to a simple Wi-Fi Access Point so it can be left open if necessary.

Just for the record, I am not expecting to be their "IT Department" for longer than 2 years. I am also as confident about making this work as you are in this project.

The ISP speed is important, it drives how much CPU power you need in the router.

All the wired devices will need a switch, it needs to be VLAN capable (managed) and PoE for the cameras and locks and probably wifi APs. There's a lot more flexibility with a wired router and separate wifi AP than an all in one wifi router.

ISP speed has been at 10meg down since they got the service years ago. The do however have the option to increase (which I believe will be necessary due to the security equipment being put in.

Already with you on the PoE for the security equipment although I did not think of it for the AP as I was looking at using a device with its own power source.

Whatever you do, you should be thinking beyond 2 years for a business deployment, even if you're only an 'interim' IT person. At some point, you'll be passing this off to someone else, and I'm guessing this office will not be terribly keen on entirely revamping the network at that point.

I completely agree with @flygarn12 and @mk24 about the fact that you should be thnking about the reliability and operational uptime requirements, and that often means looking more at business/enterprise equipment and dedicated APs for the bulk of the system. There are plenty of relatively low cost (in business terms) business/enterprise systems that have an integrated system-level management system -- for example, Ubiquiti's Unifi line or TP-Link's Omada. These are typically much better options for business deployments.

The fact that the ISP is only 10Mbps means pretty much any hardware will have the CPU horsepower to do the job, but remember that in a business context, time is money (especially in a law firm where everything is billed by the hour). If you want, you could use OpenWrt for the main router or even the APs, but you should not be trying to get the cheapest devices possible for this operation if you want to have reliable operation.

Not to dissuade you from OpenWrt, and I'm by no means trying to sell you on this, but look at the Unifi setups -- the UDM SE as a basis, coupled with a PoE switch, cameras & APs, and even Access (door lock system) would be a pretty logical option -- it's perfect for small business applications and is fully integrated.

1 Like

Thanks for the response.

While I have heard some good things about Ubiquity I have not had a chance to work with anything from them. What would you say is the greatest feature that Open WRT adds to the Ubiquity hardware?

Ubiquiti's firmware testing is... "interesting". That being said. When you do get a stable firmware. Stick with it.

They do fully integrated solutions and it is nice kit.

However what i did is i bought a NanoPi R4S which with bit of tweaking can do 1gb fibre (if i ever get the option here) and just bought a ubiquiti AP to cover my house. The controller for the AP runs on my R4S in a docker container and its all self contained.

What openwrt brings is the ability to reconfigure a router to do any task required (depending on the hardware and software). You can add filtering to it and thus not have to spend money on a WatchGuard firewall/filter package. Most OEM routers from ISPs refuse to let you choose your own DNS provider. OpenWrt has plugins to enable encrypted DNS, caching, filtering, etc.

Think of it as a lego kit. Bolt on what you want. Leave off what you dont.

But ^this? Buying all of their kit gets you support and bit of peace of mind. Plus warranty support if the kit goes boom. And you have single supplier with kit that is designed to work together (or should be :slight_smile: )

eh... I wouldn't say that the support is all that great. Hardware is generally very good. Integration is well done. Firmware and software are hit and miss, but when it works well, it sings! They are able to sell their products at a lower price point by almost eliminating the official support channels and instead running a community forum for this purpose. Phone support is non-existent, and live chat is limited. Some of the people on the forum there are very good at networking and the UI specific knowledge... but there are very few UI employees who participate. The community is almost entirely volunteer (I know... I was a contributor there for several years).

1 Like

I really appreciate the valuable information being shared here and it encouraging me to do even more reading.

Based on my discussions with the client (they want to buy the hardware), they have a keen interest in going with either D-LINK DIR-882 DUAL-BAND WI-FI ROUTER GAMING 4K HD GIGABIT MU-MIMO or TP-Link AC1350 Gigabit WiFi Router (Archer C59) - Dual Band MU-MIMO Guest WiFi (they seem to be more interested in this). According to your Hardware Support list, both are up to open wrt 21.2.3 and I am wondering if they can support the current 22.03 and if they actually worthwhile options to consider?

Both of those devices are currently supported in the 22.03.0-RC series ("release candidate" -- not official/stable yet). Things could change, but it seems unlikely that support for those devices would be dropped.

That said, the client is proposing a consumer grade all-in-one wifi router. and it isn't clear if they've thought of the other aspects (i.e. switches (likely with PoE), cameras, physical security/door lock systems, additional access points, etc.). If you are serving as their IT person, you should be advising them to consider the whole system, as well as the longer term investment element of IT equipment in the business context.

Will the two consumer units work? sure, probably. And with 10Mbps internet, I don't think there is any hardware on the market that can't handle those speeds. Will that be a good investment? That depends (my gut says no, but it really depends on their needs, the physical space, budget, how the whole system comes together, and if they want a business grade integrated solution or basically just a home network setup).

2 Likes

Personally, I am advocating they upgrade that internet connection to at least 15mbps as it shouldn't cost that much more if any at all. I have also pointed out the PoE factor and it seems they are being told by the person dealing with the security equipment that there shouldn't be a problem with these as the connection to the router would only to provide the internet access.

According to them, the security equipment would effectively be a separate network and the PoE would be from the hardware used on that network. I am suspecting they are trying to avoid using PoE but I am not sure.

Someone isn't doing the 5 P's principle. (Proper Planning Prevents PissPoor Performance)

Define what is needed. Plan it out and action it.

Consumer gear can work but what is your support? Complex networks are not plug and play.

Bluntly i would say you should do the ubiquiti gateway, a ubiquiti POE switch (for the statistics and combined network, you could use any POE switch but might as well combine and gain the benefits)

Also use their cameras unless the system that is being bought has decent specs and is manageable. Making differing systems work together can be VERY frustrating. Trust me. I've had to do it. Its not fun.

You will need a rackmount 48 port at least i'd say. What you listed in first post gives 26 lan ports required.

Isolate them. Give them WAN access only and force them to use your filtering in case they get exploited.

Do NOT make it open. WPA2 at least and change the password regularly. Also isolate this.

Plan, Detail, Document. Even if you are only there temporarily it will make whoever takes over appreciate your planning.

Also final point? Yes it maybe more expensive but point out their time is money. If the kit goes down they do nothing. Overall the cost for this wont even pay for a entry lawyer costs. It is false economy to go cheap and end up with issues.

1 Like

Maybe the NVR has built-in PoE for the cameras? or maybe the people installing that system will be providing a PoE switch for this purpose??
Yes, the router would be how the cameras get internet access -- but that begs another question -- should they have internet access?

This often requires coordination with the router in order to setup a proper isolated network... unless the NVR does that?

Many (most?) cameras these days use PoE. Some may not, but it means that they must get power from another source. Typically this means more complicated installs, possibly more expensive.


Taking a step back... the security camera system and the overall IT infrastructure should be coordinated... if it isn't, it could be a major headache.

Keep in mind that you may be held responsible for the performance of the network, including how it integrates with the camera system and other things. It is even possible that you could be legally liable for the security of the setup (especially if there is a breach, but even just in general any downtime could be on you). Make sure you know what you're getting into by administering the network of a law firm -- including everything from expectations to your actual experience and knowledge around setting up a business grade, secure network. If 3rd parties are involved (for the cameras, for example), make sure you understand what might be your responsibility and what is theirs. And make sure that these things are well understood by the people at the firm.

1 Like

^this. so VERY this. its basic ass covering 101. Get it ALL in writing and make it VERY clear who does what and when.

1 Like

Always... but especially when the client is a law firm :sweat_smile:

2 Likes

Will absorb all of this valuable advice and re-think this situation - especially since t is a law firm (as suggested). Will come back following that process.

1 Like