looking for router reccomendations, gigabit & PoE

From: Rod-Lists 
------------------------------------------------------
Looking for a good router that is gigabit ready and has PoE.

=============================================================== From: Dave Brockman ------------------------------------------------------ PoE is more of a switch function than a router, although you can buy PoE switch modules for some routers. You could also look at a Layer 3 switch that provides PoE ports. So.... on the new market, I suggest a Cisco 1941 w/ a EHWIC-4ESG-P module, which will also require a PSU upgrade from the base model. If you want used... I guess it depends on how many ports you need, but a 6500 is readily available with plenty of cheap spare parts on Ebay, etc. Real design requirements get real answers, btw. Regards, dtb

=============================================================== From: Matt Keys ------------------------------------------------------ pfSense and http://www.newegg.com/Product/Product.aspx?Item=N82E16833181156

=============================================================== From: lists@cluebat.net ------------------------------------------------------ What are your bandwidth requirements? Do you actually need a router capable of routing at 1gig? What's your placement? Border router that connects to the internet? Internal router? etc -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Rod-Lists Sent: Friday, August 09, 2013 6:14 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: [Chugalug] looking for router reccomendations, gigabit & PoE Looking for a good router that is gigabit ready and has PoE.

=============================================================== From: lists@cluebat.net ------------------------------------------------------ Yeah, it'd really depend on what your trying to power, and how many devices. If you're trying to power IP phones, I wouldn't tie the connectivity and PoE functions to the router, let a switch handle the PoE functions. If you're trying to power a wireless access point, I suppose that makes a little more sense, but I'd still rather run those through a switch. Router ports tend to be expensive, so I think wasting them for base connectivity is a bad decision. Then there's always the question of budget. -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Dave Brockman Sent: Friday, August 09, 2013 7:51 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] looking for router reccomendations, gigabit & PoE PoE is more of a switch function than a router, although you can buy PoE switch modules for some routers. You could also look at a Layer 3 switch that provides PoE ports. So.... on the new market, I suggest a Cisco 1941 w/ a EHWIC-4ESG-P module, which will also require a PSU upgrade from the base model. If you want used... I guess it depends on how many ports you need, but a 6500 is readily available with plenty of cheap spare parts on Ebay, etc. Real design requirements get real answers, btw. Regards, dtb

=============================================================== From: Rod-Lists ------------------------------------------------------ Actually just need PoE for one device, an outside access point. I guess an injector would do. I've got 50 Mb/s coming in with my current router eating about 20. ----- Original Message -----

=============================================================== From: Bret McHone ------------------------------------------------------ An asa5505 has two poe ports if I recall correctly.

=============================================================== From: Aaron Welch ------------------------------------------------------ You are correct. -AW n injector would do.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 100MB ports, have to move up to a 5510 + SecPlus license to get two GE out of it. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSBuYnAAoJEMP+wtEOVbcd5oIIAISxBSbSCCEfv5EOKGZ8uP9w mCGXcV87O5vd7fxKyi6IIn3Cw+PHPp/6jYXAlBVGwocg7qQWFzeUF4Guv2CnN+EM Pj6iwXIUEI9AIwwkLI8MiFQuvW5dtqO2ZcA56pJh/3wg67lP+Kw1hLQ8ixxZx1f7 dFA5jZjgIqUDudrloVxAf04mO/IEAq5AOVkW7l/m991jnEDh/xk76btNsZqu20Ie ao4r4jzEwPYt02z6FGpirvAQr1Dsi1bSOgaF/QhBaHiPQ8qdXk1GuI+ZYpSCJQe1 Fste/fiyfbTi0R9H69HdZGKn5KvNkZQIARNJ20PFQWLkhFzJUldnCH5Kkspfu0w= =Wk/u -----END PGP SIGNATURE-----

=============================================================== From: Bret McHone ------------------------------------------------------ Gotcha. Thanks for the clarification. But the 5510 doesn't have PoE does it? Sadly I've not looked at ours close enough to tell since we use our switches for PoE. -B

=============================================================== From: lists@cluebat.net ------------------------------------------------------ Not sure a 5510 would be worth it either, since it's listed max throughput is 300 megs. -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Dave Brockman Sent: Saturday, August 10, 2013 9:17 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] looking for router reccomendations, gigabit & PoE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 100MB ports, have to move up to a 5510 + SecPlus license to get two GE out of it. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSBuYnAAoJEMP+wtEOVbcd5oIIAISxBSbSCCEfv5EOKGZ8uP9w mCGXcV87O5vd7fxKyi6IIn3Cw+PHPp/6jYXAlBVGwocg7qQWFzeUF4Guv2CnN+EM Pj6iwXIUEI9AIwwkLI8MiFQuvW5dtqO2ZcA56pJh/3wg67lP+Kw1hLQ8ixxZx1f7 dFA5jZjgIqUDudrloVxAf04mO/IEAq5AOVkW7l/m991jnEDh/xk76btNsZqu20Ie ao4r4jzEwPYt02z6FGpirvAQr1Dsi1bSOgaF/QhBaHiPQ8qdXk1GuI+ZYpSCJQe1 Fste/fiyfbTi0R9H69HdZGKn5KvNkZQIARNJ20PFQWLkhFzJUldnCH5Kkspfu0w= =Wk/u -----END PGP SIGNATURE-----

=============================================================== From: Aaron welch ------------------------------------------------------ Still not sure why someone would need a gig firewall that is not a business. If you do need it, then build a pfsense box and an older Cisco 29xx or 35xx POE switch. -AW

=============================================================== From: Mike Harrison ------------------------------------------------------ Because this is the "Gig City", and you can get a Gig, you need a firewall that can support it. We need more people in town with Gig connections so we can do Gig Immersive Realtime Lucid Synchronous Bidirectional Orgasmic Teledildonic Sessions aka: GIRLSBOYS - Especially if we can control Ed's disco lights at the same time. On topic: A person I respect was ranting about Untangle https://www.untangle.com the other day, I need to give it a try. Almost On topic: Gnunet.org would be the killer thing to do with a lot of Gig bi-direction home/business connections.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gig worth of throughput wasn't in the design requirements :) But with firewalls and routers, if you want a Gig worth of throughput, you better be using it for what you're gonna pay for those ports... Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSCrptAAoJEMP+wtEOVbcdMlIIAIIQiZRWIrRVjy49Jo0DkxSe pokLUDJjrSyrTqIJ+okoexh4hYvoMWEHFdvyUPAjiaI6mLJDoHbaTW6Q2emkSyJJ Gks0nAzHykfI8824rwCUBOWiwor8VH3TVbV/C+nr8J5W6UmbNlGDqxE+0SyZK6/+ J/UnGv6lhxhzLt9kfPvTmiIWkk6jdqF+QIx9WwT5pTtRQIX4m8/gZlmVeBTsAwL1 X90vEwXmVYnfXrJbSxgU3Vd0dE4aAzY9NUPDb1w0vxYrzlDSapa+3nrszPx6A1gx +/zlE14YdS6XI1hw0iXnLZeMn/o8m7R1sl/ZpqHisYFWEW8zF5EcygrgV62ddL0= =Ziy+ -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's almost like the IPv6 chicken and egg drama. That Gig connection won't do you any good unless your neighbor also has a Gig, and you guys are actively passing traffic. I have to look pretty hard to find sources that can feed me > 20Mb/s. Xferring ISOs across a VPN to a client at 50Mb/s speeds is pretty farking awesome though. We have several deployed. I don't care for them (or anything else really) in bridged mode, it's a bit of a PITA to have to sniff what's going in *and* what's going out to try and figure out which "sniffer/helper" application does something it doesn't like. In Routed firewall mode, they are neat, but everything is done in software, so you need a beefy box to handle any real traffic (> 2 users). Who wants to help me back up my Technet Archives now that MS is no longer going to do me that solid? Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSCrz0AAoJEMP+wtEOVbcdua0H/0gN74DLWRx3rzDZWYXNcumF r2oYgoKQ87A1LX/82EUuoCAnY4Ez/vdcMKziA9STQ2tvOzmVTA9KneG2RNXidfWq KicoxzdU4Qx02P1TryBGGJ0xMaoDLP+h0vy/WRSdFAh6XrSabw5QmJU6hWILGRh7 mDNyEq3we0km76YI2vDgIf8y+IGrqrSFmzAmAkZeGZnBkv44FqgZTQ/tk8GkQawS J2a+vItuJY8ggc/o3N1FJtRQxhA6CqFYd3Li1fokcdj24e5+lj0DnLCwGxX28QQA 0K8naG1aJthddsBi84GnQ9AdhDLFqUI94iY7oBqHnJFSv2EuN8jTQSwGZAFsFWk= =JoM7 -----END PGP SIGNATURE-----

=============================================================== From: lists@cluebat.net ------------------------------------------------------ Well I agree, that's why one of my first questions was whether or not he actually needed a gig of throughput, as there are plenty of routers out their with gig ports, but if you want a router that will actually forward at line rate with gig ports, then it starts to get pricey. From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Aaron welch Sent: Tuesday, August 13, 2013 6:11 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] looking for router reccomendations, gigabit & PoE Still not sure why someone would need a gig firewall that is not a business. If you do need it, then build a pfsense box and an older Cisco 29xx or 35xx POE switch. -AW Not sure a 5510 would be worth it either, since it's listed max throughput is 300 megs. -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Dave Brockman Sent: Saturday, August 10, 2013 9:17 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] looking for router reccomendations, gigabit & PoE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 100MB ports, have to move up to a 5510 + SecPlus license to get two GE out of it. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSBuYnAAoJEMP+wtEOVbcd5oIIAISxBSbSCCEfv5EOKGZ8uP9w mCGXcV87O5vd7fxKyi6IIn3Cw+PHPp/6jYXAlBVGwocg7qQWFzeUF4Guv2CnN+EM Pj6iwXIUEI9AIwwkLI8MiFQuvW5dtqO2ZcA56pJh/3wg67lP+Kw1hLQ8ixxZx1f7 dFA5jZjgIqUDudrloVxAf04mO/IEAq5AOVkW7l/m991jnEDh/xk76btNsZqu20Ie ao4r4jzEwPYt02z6FGpirvAQr1Dsi1bSOgaF/QhBaHiPQ8qdXk1GuI+ZYpSCJQe1 Fste/fiyfbTi0R9H69HdZGKn5KvNkZQIARNJ20PFQWLkhFzJUldnCH5Kkspfu0w= =Wk/u -----END PGP SIGNATURE-----

=============================================================== From: lists@cluebat.net ------------------------------------------------------ I've dealt with Untangle. We had a 'PCI Compliance vendor' that was really in the business of selling Untangle boxes. = However, I stopped taking Untangle seriously when security flaws started being disclosed, and one day, we found that one of our customers who bought the PCI Compliance Untangle box had managed to get it rooted. = While I'm fairly sure that the Untangle folks have probably addressed the security concerns, I have trust issues, and would be very hard pressed to actually put one in production unless under direct orders to do so. I've gotten to the point where, when it comes to software firewalls, the only thing I'll really trust is an OpenBSD box with customized pf firewalls, simply because OpenBSD has the track record of not being terribly remote exploitable. = That being said, I have no problem with pfSense, and would consider it for production deployment if a proper hardware firewall wasn't in the budget. -----Original Message----- From: chugalug-bounces@chugalug.org [mailto:chugalug-bounces@chugalug.org] On Behalf Of Mike Harrison Sent: Tuesday, August 13, 2013 6:54 PM To: Chattanooga Unix Gnu Android Linux Users Group Subject: Re: [Chugalug] looking for router reccomendations, gigabit & PoE co 29xx or 35xx POE switch. Because this is the "Gig City", and you can get a Gig, you need a firewall that can support it. We need more people in town with Gig connections so we can do Gig Immersive Realtime Lucid Synchronous Bidirectional Orgasmic Teledildonic Sessions aka: GIRLSBOYS - Especially if we can control Ed's disco lights at the same time. On topic: A person I respect was ranting about Untangle https://www.untangle.com the other day, I need to give it a try. Almost On topic: Gnunet.org would be the killer thing to do with a lot of Gig bi-direction home/business connections.

=============================================================== From: Mike Harrison ------------------------------------------------------ Between you and Dave.. I'm not feeling the urge to play with Untangle so much... I have to admit, pfSense 2.x has been awesome, and OpenVPN support on it is a rock.

=============================================================== From: David White ------------------------------------------------------ Back to the question at hand a bit, I'm also a huge fan of pfSense. It seems to me that its throughput metrics are a little lacking, though. I wonder if there are any good open source platforms out there to do a build-your-own switch (not router) with good throughput/sustained gbps speeds...

=============================================================== From: David White ------------------------------------------------------ Of course you can get pfsense to those speeds, but it always feel like you have to get beast of equipment.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's a little hard to publish performance statistics when you make a software platform that is made to run across a large range of hardware. For general purposes, a P4 CPU, 2Gb RAM, PCI-X or PCI-E NICs will get you 1Gb routed w/ NAT even. Start loading packages, increase your specs. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSC+agAAoJEMP+wtEOVbcdTdAH+gJG4rEDM5rSO2mMOrPPDvQs v67tFywbLB/zrqiyj8P4v0vDf/CXXR8/XtNQJmMIadzvfBSDa/3sGZNBRMjtBlaQ cgpSP8BUxB2nVovftEGnmEceaMlfeH1/FoUHucsa3oIgAFAGthrK4yUzpit3LZut TX5FSfP6zo9AifEBrIhSZohDshMSUIU5VRsqeJsFtOXIEtAwVmKMMul/1WByq5Ya t8G/fX7rWr+U/9n/pFgHmYd03mGdPaATa7tf7xXdicZSjOgn7Wevubl+a/haFFti Yq/GxdhZcYw9BKJiKbKtN2JRUd+vxR2xNw+rWBzr37ikVc8DBGNRxY7eBv3P4eE= =UP5o -----END PGP SIGNATURE-----