About a Gigabit home/small bus router

setup: 7-9 machines on home lan, with some business conducted as well
as regular home use.

For a very long time I've used a NETGEAR FVS-318 router/firewall

But finally had to switch to something with gigabit lan ports. After
googling around I was scared off by bad reviews on the Netgear models
offering Gigabit lan ports, and finally ended up picking a cicso
FVS4000.

For 2 main reasons I'm not very happy with it. (several lessor ones
too)

For one thing the darn thing was ruled at the `end of life' by cisco
some time ago.... but retailers still sell it with no mention of that
fact.

,----
| Aside: Does anyone know how to ascertain that sort of information, or
| at least when a certain product was first introduced?
|
| Is there anything normally in a spec that gives that kind of info
| Is there some quick way to get that sort of information?
`----

But more importantly, I'm not able to get detailed logs, like I was with
the netgear. I like to see what is coming at me, even if it is being
blocked. The netgear would say what IP at what source port => to
local IP at what dest port, and usually some (really brief) annotation of
why.

The kind of thing I get from the Cisco says something like(wrapped for
mail):

No.004 Mar 13 14:32:20 - \
[Firewall Log-PORT SCAN] TCP Packet - \
60.173.11.56 --> 98.215.231.30


Pretty thin. No port info at all.
------- --------- ---=--- --------- --------

But even worse is the fact that I see no way to tell the dhcp server
to always serve the same address to certain hosts or MACs.

Something that is often easier than setting a static IP (On some OS
platforms).

------- --------- ---=--- --------- --------

OK, cutting to the chase finally. Can any of you suggest routers that
are capable of the items discussed above:
1) Most important: Gigabit lan ports.
2) fairly detailed logs (mailable or sent to log server)
3) Ability to tell dhcp server to always serve the same
address to specific hosts or MAC addresses

And in case anyone thinks of answers involving DMZ Hosts inside the
lan... I don't want to mess with that... to much upkeep and work.
I'm wanting 1 piece of hardware that does the basic job, but also can
do the 3 main things listed above.

Then of course some decent level of reliability would be nice...

On Wed, 16 Mar 2011 19:00:48 -0500, Harry Putnam <(E-Mail Removed)>
wrote:

>setup: 7-9 machines on home lan, with some business conducted as well
>as regular home use.
>
>For a very long time I've used a NETGEAR FVS-318 router/firewall
>
>But finally had to switch to something with gigabit lan ports. After
>googling around I was scared off by bad reviews on the Netgear models
>offering Gigabit lan ports, and finally ended up picking a cicso
>FVS4000.
>
>For 2 main reasons I'm not very happy with it. (several lessor ones
>too)
>
>For one thing the darn thing was ruled at the `end of life' by cisco
>some time ago.... but retailers still sell it with no mention of that
>fact.
>
>,----
>| Aside: Does anyone know how to ascertain that sort of information, or
>| at least when a certain product was first introduced?
>|
>| Is there anything normally in a spec that gives that kind of info
>| Is there some quick way to get that sort of information?
>`----
>
>But more importantly, I'm not able to get detailed logs, like I was with
>the netgear. I like to see what is coming at me, even if it is being
>blocked. The netgear would say what IP at what source port => to
>local IP at what dest port, and usually some (really brief) annotation of
>why.
>
>The kind of thing I get from the Cisco says something like(wrapped for
>mail):
>
> No.004 Mar 13 14:32:20 - \
> [Firewall Log-PORT SCAN] TCP Packet - \
> 60.173.11.56 --> 98.215.231.30
>
>
>Pretty thin. No port info at all.
>------- --------- ---=--- --------- --------
>
>But even worse is the fact that I see no way to tell the dhcp server
>to always serve the same address to certain hosts or MACs.
>
>Something that is often easier than setting a static IP (On some OS
>platforms).
>
>------- --------- ---=--- --------- --------
>
>OK, cutting to the chase finally. Can any of you suggest routers that
>are capable of the items discussed above:
> 1) Most important: Gigabit lan ports.
> 2) fairly detailed logs (mailable or sent to log server)
> 3) Ability to tell dhcp server to always serve the same
> address to specific hosts or MAC addresses
>
>And in case anyone thinks of answers involving DMZ Hosts inside the
>lan... I don't want to mess with that... to much upkeep and work.
>I'm wanting 1 piece of hardware that does the basic job, but also can
>do the 3 main things listed above.
>
>Then of course some decent level of reliability would be nice...

If you were otherwise happy with your old router, except for the lack
of Gigabit LAN ports, I would have simply added a Gigabit switch in
front of that router. That would have been less expensive, easier to
implement, and less disruptive to the rest of your network. All of the
internal LAN traffic would have been at Gigabit speed (if the two
endpoints were capable), and the Internet link would have remained as
it was before, complete with all of the features that you're missing
now.

Char Jackson <(E-Mail Removed)> writes:


[...]


[...]

>>I'm wanting 1 piece of hardware that does the basic job, but also can
>>do the 3 main things listed above.
>>
>>Then of course some decent level of reliability would be nice...
>
> If you were otherwise happy with your old router, except for the lack
> of Gigabit LAN ports, I would have simply added a Gigabit switch in
> front of that router. That would have been less expensive, easier to
> implement, and less disruptive to the rest of your network. All of the
> internal LAN traffic would have been at Gigabit speed (if the two
> endpoints were capable), and the Internet link would have remained as
> it was before, complete with all of the features that you're missing
> now.

I'm probably missing something or just not visualizing correctly how
it would work with a gigabit switch in front of the router.
I'm not intentionally trying to be a knucklehead but just not
understanding how this might work.

Maybe just confused over the usage of the term `in front'.

1) wouldn't the switch then need to talk to my Internet service, since
the switch is `in front' of the router. (See diagram below)

2) wouldn't the logging have to take place on the switch in that case?
(See diagram below)

None of that makes any sense with this scheme, so I'm pretty sure you
mean something different than the diagram below:

I'm thinking you mean:


INTERNET
|
modem
|
-------switch-------
|
router
|
lan

Or something like that, if the switch is `in front'

------- --------- ---=--- --------- --------

So knowing you are not likely to be talking nonsense I'm guessing you
mean something more like this:

INTERNET
|
modem
|
router
|
-------switch-------
| | | | | |
Lan Machines

But then isn't the switch `behind' rather than `in front'?

------- --------- ---=--- --------- --------

Please, if you have time and inclination describe what you mean a
little more... maybe assume you are talking to a really slow learner.

Also, any recommendation for such a switch, or for just a router with
the gigabit lan ports that allow the things I described. (I don't
mean just a router that says it will do these things, but something
from your personal knowledge)

The items I want to be sure are covered:

(Detailed logging showing hostort of source and dest and comment to
indicated why dropped.

Including ability to `tag' logs.

Built in DHCP server

Ability to setup dhcp service that serves the same IP to a mapped
MAC address

Ability to settup DMZ (in case I get a hankering to do that)

So, a recommendation of both a switch, to do what you described and
keep using my old router. And a router with gigabit lan ports that
can do the things described above, would be very valuable on this end.

Once again, I'm asking about things you actually have personal
experience with or know other users who have such experience/

Any comments you may have concerning how to tell when a router or
switch or whatever was first rolled out. That is, when it was first
released for sale and dated versions if that is applicable.

Char Jackson <(E-Mail Removed)> writes:

> If you were otherwise happy with your old router, except for the lack
> of Gigabit LAN ports, I would have simply added a Gigabit switch in
> front of that router. That would have been less expensive, easier to
> implement, and less disruptive to the rest of your network. All of the
> internal LAN traffic would have been at Gigabit speed (if the two
> endpoints were capable), and the Internet link would have remained as
> it was before, complete with all of the features that you're missing
> now.

Sorry about these big ponderous responses:

Something I forgot to ask:

Does such a switch have an IP? Would lan computers still be `default
routed'd' to the old router or does that all change to the switch?

Again with my dorky diagrams:

What I actually had with my old NETGEAR router/firewall (in brief):

INTERNET
|
modem
|
NETGEAR router / firewall (non-gigabit capable)
| | |
| two none gigabit capable lan machines
|
Two gigibit switches
linked together
| | | |
| | | |
several gigabit capable lan machines

NOTE: All machines are default route'd to the NETGEARs' IP

------- --------- ---=--- --------- --------

I think the gigabit switches might be what you are talking about.

The actual hardware is:
3com Office connect gigabit switch

1: 8 port
1: 5 port

With that, it appeared by (non-scientific) measurements of data
coming thru that even on the gigabit capable machines I only achieved
what one might expect of 100mb adapters.

I assumed it was because the default route caused data to flow thru
the router regardless if it was between two of the gigabit capable
machines.

Am I wrong to think that is how data would flow, or would the gigabit
capable machines be talking directly to each other, even though there
default route was the IP of the NETGEAR?

------- --------- ---=--- --------- --------

I can say that when I installed a gigabit capable router in place of
the netgear, my tranfer rates jumped up significantly, which seemed to
confirm my guess that data was flowing thru the router because of it
being the default route. Maybe something else explains it.

I have no really good reason to claim that any of this is actually how
it worked and could stand some guidance on how data would flow in
brief diagram I posted here. And some clarity on what it means to
have a default route assigned to a host.

Does it mean that data follows that route only? That is, that in the
diagram above, any conversation between two of the gigabit capable
machines would flow thru the non-gigabit capable router.

If that is not the case then I'm really unclear about what a default
route really does. (probably very unclear about all the rest of it too)

On Fri, 18 Mar 2011 22:53:35 -0500, Harry Putnam <(E-Mail Removed)>
wrote:

>Char Jackson <(E-Mail Removed)> writes:
>
>> If you were otherwise happy with your old router, except for the lack
>> of Gigabit LAN ports, I would have simply added a Gigabit switch in
>> front of that router. That would have been less expensive, easier to
>> implement, and less disruptive to the rest of your network. All of the
>> internal LAN traffic would have been at Gigabit speed (if the two
>> endpoints were capable), and the Internet link would have remained as
>> it was before, complete with all of the features that you're missing
>> now.
>
>I'm probably missing something or just not visualizing correctly how
>it would work with a gigabit switch in front of the router.
>

>Maybe just confused over the usage of the term `in front'.
>
>1) wouldn't the switch then need to talk to my Internet service, since
> the switch is `in front' of the router. (See diagram below)
>
>2) wouldn't the logging have to take place on the switch in that case?
>(See diagram below)
>
>None of that makes any sense with this scheme, so I'm pretty sure you
>mean something different than the diagram below:
>
>I'm thinking you mean:
>
>
> INTERNET
> |
> modem
> |
> -------switch-------
> |
> router
> |
> lan
>
>Or something like that, if the switch is `in front'
>
>------- --------- ---=--- --------- --------
>
>So knowing you are not likely to be talking nonsense I'm guessing you
>mean something more like this:
>
> INTERNET
> |
> modem
> |
> router
> |
> -------switch-------
> | | | | | |
> Lan Machines
>
>But then isn't the switch `behind' rather than `in front'?

Sorry about that, I guess "in front" and "behind" are all about the
perspective. I meant the way you show it in your second diagram above.
From the perspective of sitting at your PC and looking toward your
router, the switch would be between the PCs and the router.

Your old router would continue to be the unit that talks to your ISP
and would also continue to be the unit that does all of the cool
logging and IP address reservations, etc. The switch is transparent.
It neither has, nor cares about, IP addresses.

>------- --------- ---=--- --------- --------
>
>Please, if you have time and inclination describe what you mean a
>little more... maybe assume you are talking to a really slow learner.
>
>Also, any recommendation for such a switch, or for just a router with
>the gigabit lan ports that allow the things I described. (I don't
>mean just a router that says it will do these things, but something
>from your personal knowledge)

I use a D-Link DGS-2208 8-port Gigabit switch to aggregate my
Gigabit-capable PCs, and I have multiple 100Mbps switches scattered
around that are connected to my slower devices. I 'waste' a LAN port
on the slow switches which I use to uplink them to the Gig switch
since I had some open ports there.


>The items I want to be sure are covered:
>
> (Detailed logging showing hostort of source and dest and comment to
> indicated why dropped.
>
> Including ability to `tag' logs.
>
> Built in DHCP server
>
> Ability to setup dhcp service that serves the same IP to a mapped
> MAC address
>
> Ability to settup DMZ (in case I get a hankering to do that)
>
>So, a recommendation of both a switch, to do what you described and
>keep using my old router. And a router with gigabit lan ports that
>can do the things described above, would be very valuable on this end.
>
>Once again, I'm asking about things you actually have personal
>experience with or know other users who have such experience/
>
>Any comments you may have concerning how to tell when a router or
>switch or whatever was first rolled out. That is, when it was first
>released for sale and dated versions if that is applicable.

For routers, I'm running multiple Linksys WRR54GL's with dd-wrt
firmware, but they don't have Gig ports so they don't meet your needs.
You could poke around at <http://www.smallnetbuilder.com/> where they
have tons of info on routers, their capabilities, and features.

The easy way out, though, is to place a Gigabit switch between your
old router and your various PCs. Connect one of the Gig ports to a LAN
port on your router, then connect your PCs to the other Gig ports.

On Fri, 18 Mar 2011 23:24:43 -0500, Harry Putnam <(E-Mail Removed)>
wrote:

>Char Jackson <(E-Mail Removed)> writes:
>
>> If you were otherwise happy with your old router, except for the lack
>> of Gigabit LAN ports, I would have simply added a Gigabit switch in
>> front of that router. That would have been less expensive, easier to
>> implement, and less disruptive to the rest of your network. All of the
>> internal LAN traffic would have been at Gigabit speed (if the two
>> endpoints were capable), and the Internet link would have remained as
>> it was before, complete with all of the features that you're missing
>> now.
>
>Sorry about these big ponderous responses:
>
>Something I forgot to ask:
>
>Does such a switch have an IP? Would lan computers still be `default
>routed'd' to the old router or does that all change to the switch?

The kind of switch I'm talking about is "unmanaged". It has no IP
address, no web interface, and it doesn't care about routing. Nothing
changes regarding routing. The switch operates at OSI Layer 2 while
routing is at Layer 3.


>Again with my dorky diagrams:
>
>What I actually had with my old NETGEAR router/firewall (in brief):
>
> INTERNET
> |
> modem
> |
> NETGEAR router / firewall (non-gigabit capable)
> | | |
> | two none gigabit capable lan machines
> |
> Two gigibit switches
> linked together
> | | | |
> | | | |
> several gigabit capable lan machines
>
>NOTE: All machines are default route'd to the NETGEARs' IP
>
>------- --------- ---=--- --------- --------
>
>I think the gigabit switches might be what you are talking about.
>
>The actual hardware is:
>3com Office connect gigabit switch
>
>1: 8 port
>1: 5 port
>
>With that, it appeared by (non-scientific) measurements of data
>coming thru that even on the gigabit capable machines I only achieved
>what one might expect of 100mb adapters.

Besides the switch itself being Gigabit-capable, both of the PCs that
are talking to each other also have to be Gigabit-capable and both
have to be currently set to Gig speed, typically via auto-negotiation.
If they are Windows machines, you can start Task Manager and select
the Networking tab to see what speed they're connected at.

>I assumed it was because the default route caused data to flow thru
>the router regardless if it was between two of the gigabit capable
>machines.
>
>Am I wrong to think that is how data would flow, or would the gigabit
>capable machines be talking directly to each other, even though there
>default route was the IP of the NETGEAR?

The kind of switches I'm talking about don't know anything about
routing or default routes. If two directly-connected PCs are
communicating with each other, it will be a 'direct' connection
handled within the switch. The traffic isn't forwarded farther
upstream to a router unless the two PCs are on different logical
networks. If they're on the same subnet they talk to each other
through the switch.


>I have no really good reason to claim that any of this is actually how
>it worked and could stand some guidance on how data would flow in
>brief diagram I posted here. And some clarity on what it means to
>have a default route assigned to a host.

When your PC has traffic that it needs to send, it compares the
destination IP to its own IP, using the Netmask so that it knows which
part of the IP address refers to the network and which part is
reserved for hosts. If the result of the comparison shows that the
target is on another network, it will be sent in care of the default
gateway. The default gateway is the first hop of the default route.

Gee, that's so simplified that it's barely correct, but you can read
up on it yourself as you get time.

>Does it mean that data follows that route only? That is, that in the
>diagram above, any conversation between two of the gigabit capable
>machines would flow thru the non-gigabit capable router.

No, local traffic doesn't follow the default route or go through the
default gateway. It doesn't need to since the destination is local.

This is typically where the conversation would turn to MAC addresses
(versus IP addresses) and ARP, but you can probably dig that up on
your own.

>If that is not the case then I'm really unclear about what a default
>route really does. (probably very unclear about all the rest of it too)

The default route is the route chosen when there isn't any other route
that is more specific or more applicable. When you send traffic, the
routing table is checked to see if a route has been specified for that
destination. If not, the default route is chosen. You can view your
Windows PC's routing table by typing "route print" at a Command
Prompt.

Char Jackson <(E-Mail Removed)> writes:

> Gee, that's so simplified that it's barely correct, but you can read
> up on it yourself as you get time.

Hehe... yes that about clears it up.
Many thanks for working thru my ponderous questions and answering all
of it.

It helped a lot.

On Sat, 19 Mar 2011 20:42:07 -0500, Harry Putnam <(E-Mail Removed)>
wrote:

>Char Jackson <(E-Mail Removed)> writes:
>
>> Gee, that's so simplified that it's barely correct, but you can read
>> up on it yourself as you get time.
>
>Hehe... yes that about clears it up.
>Many thanks for working thru my ponderous questions and answering all
>of it.
>
>It helped a lot.

Cool. Good luck!