I look after an office with a number of Real Estate people in it. Over the last year or so, we have had a number of network issues and they all seem to be similar in issue. The last issue that we had last week was that everyone lost their internet connection and about a half hour after that, the wired workstations regained their connection while the other half the office (wireless side) was still down.
When I got there, I tried to diagnose what the issues are but I couldn't get access to either of the routers. After I power cycled the main router (D-Link DI-615 with wireless turned off) I was able to get access it but of course couldn't find anything wrong with it.
The wireless router (also a DI-615) was still inaccessible. I had to reset the unit and reprogram it.
Both routers and unmanaged switch are on backup power supplies.
We don't know if someone is putting something on the network and thus causing havoc.
We have been trying resolve this issue but don't know what the cause of the problem is.
I thought about installing a managed switch and setting it for only one IP address per port. We think that someone is putting router with DHCP turned on but can't prove it.
I also considered setting all units up to access the main router and that the only way they were getting internet access was to confirm a MAC address with the router. Lots of work since I will have to get everyone's MAC address for their devices.
At this point, I know that I'm going to replace all of the current network hardware with Netgear business hardware.
My questions are: 1. can a managed L2 switch be set up to allow only one IP address to that port? 2. is it better to go with an access point instead of a wireless router on the same network? 3. is there a better way to resolve this.
My first inclination is to ask why are we supporting D-Link in a Netgear forum - doesn't D-link have one of their own?
The second thing is - without knowing the topology of your LAN there's not much we cab do to assist - in fact - you mention to sides one wired & one wireless and two routers which makes me wonder if there are two LANs.
To answer your questions - as June has already pointed out L2 switches don't control the ip addresses, but better L2 switches - manages or smart switches - can be used to restrict connections to one device per port, based on the MAC address, which I believe can allow you the control you wish
Questions 2 & 3 require more detail to answer properly, but, in general, a single network should have a single router, and adding wireless access to an existing wired LAN is best done by adding an access point.
you aren't supporting the D-Link switches. I'm pulling them and replacing them with Netgear business products. I wanted to explain the network setup, that's all.
So what you are saying is that the Netgear smart switches can be set up to allow only one IP or MAC address per port?
Also looking at the wireless access points - looks like this is the route that I should go. I would like to set that unit up so that only the approved wireless MAC addresses would be allowed on the network?
You need to look at the particular smartswitch - I don't guarantee that all can do it. The thing about the SmartSwitch line is that they are not fully managed switches, but all offer some degree of management capability, at a lower price than a fully managed switch.
My first smartswitch, an FS726T did not support this feature, however my second & third, the FS728TS & GS108T do - so you need to check the capabilities of the model you're interested in.
As fas as MAC filtering & wireless goes - most access points support this, however, it should not be considered as a serious security measure - it is just too easy to bypass by spoofing the MAC address, which can be literally picked "out of the air".
MAC spoofing can be done on a wired network just as easily as on a wireless network, but the big difference is that you can't pick the "allowed MAC" off the wire without connecting to the wire and that is a lot more difficult to do than eavesdropping on wireless.
Wired networks can also be configured on a "port by port" basis, so not only must you have an allowed MAC address, but you must also know and have access to the port that particular address is allowed to connect on.
If you want a really secure wireless system, look at 802.1x authentication with PEAP.
