Anyone have experience with ProCurve 420 APs?

Question

Anyone have experience with ProCurve 420 APs?

aflyctus (Programmer)

(OP)

22 Jan 10 01:36

Hello,

I originally was planning on outfitting my church with 802.11n access points, but it looks like the good ones are out of my price range. So, I'm now leaning towards buying older reliable b/g APs.

Does anyone here have experience with the ProCurve 420 APs? In particular, do they have good signal range/quality and do you consider them reliable? They appear to have the features that I want (VLAN support, multiple SSIDs), and I can get them for pretty cheap.

If not the ProCurve 420, can you recommend something else? I don't have my heart set on ProCurve, but I've only heard good things about their products.

One more question:
I'm tentatively planning on connecting my APs to a ProCurve 2810-24g. Now, I was informed that this switch does not support ACLs. Will I be able to configure the APs, switch, and router in such a way (i.e., without using ACLs) that one wireless network / VLAN only has access to the Internet and the other wireless network / VLAN has access to the Internet and to other network resources?

Thanks!
aflyctus

unclerico (IS/IT--Management) · Answer 1 · 2010-01-22 11:20:12

i've never used the HP 420's before so i cannot comment on them. chances are they're pretty good

you'll need to add ACL's to your L3 device (i believe you said it was going to be a FreeBSD box) to restrict the traffic flow.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aflyctus (Programmer) · Answer 2 · 2010-01-22 12:06:41

Can you explain why I need ACLs on the L3 device? Are you referring to a firewall? All of the VLANs being trunked to the router should be able to access the Internet.

Thanks
aflyctus

unclerico (IS/IT--Management) · Answer 3 · 2010-01-22 13:48:10

the ACL's are going to restrict communication amongst the internal LAN segments while permitting access to the Internet at the same time.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aflyctus (Programmer) · Answer 4 · 2010-01-22 15:49:28

I'm still lost. As long as the L2 switch supports VLANs, shouldn't this be sufficient for restricting traffic between VLANs?

I'm by no means experienced at networking, so don't be afraid to dumb this down for me.

Thanks,
aflyctus

unclerico (IS/IT--Management) · Answer 5 · 2010-01-27 08:59:50

well, in order for that traffic to exit the local lan segment there needs to be a router put in place to facilitate where to go. this router will also have routes in its routing table for the other lan segments. lets say someone connects up to your guest wireless (we'll say VLAN10 192.168.10/24) and they know you have an internal lan segment (we'll say VLAN11 192.168.11/24). if this wireless client wants to ping a host on your internal lan where will the traffic go?? to its default gateway which is your router. this router does a lookup to see where it should forward the packets and sees that the destination is on a directly connected segment. the router will arp for the hosts mac (if it isn't already in the arp cache) and will forward the packets to the destination. you need acl's in place to tell the router that under no circumstance is it ok to send traffic from VLAN10 to VLAN11, but it is ok for VLAN10 traffic to get to the Internet. make sense?

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aflyctus (Programmer) · Answer 6 · 2010-02-01 18:24:07

Yes, this makes sense. Is your scenario assuming that the router would tag the routed packets with the internal VLAN ID?

Also, do you have any experience with the HP 7102dl router? I'm considering purchasing this instead of trying to hack together a Linux box.

Thanks,
aflyctus

unclerico (IS/IT--Management) · Answer 7 · 2010-02-01 20:40:16

well, if the router is your only L3 device then your downlevel switch will be connected to the router via a tagged port. when the router receives the packets they will be tagged with the appropriate VLAN ID (unless the traffic is in the native VLAN). when the packets need to get forwarded from one segment to the other the tag will be removed and new layer 2 information is added to the packets.

as for the 7102dl, no, i've never used one before. you might want to take a look at some of the 800 series Cisco routers. if you get one of the W models it comes with wireless built-in. the SDM is actually a very good GUI (mind you, i'm no GUI fan so that says a lot).

I guess I should ask, what kind of Internet connectivity does the Church have?? Cable, DSL, FiOS??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aflyctus (Programmer) · Answer 8 · 2010-02-02 09:35:05

RE: Anyone have experience with ProCurve 420 APs?

aflyctus (Programmer)

(OP)

2 Feb 10 09:35

We have cable through Time Warner.

Come Join Us!

Posting Guidelines

Jobs

Anyone have experience with ProCurve 420 APs?