I’m trying to build a system to run pfsense for a church to run the DHCP and dns with maybe some caching. The pastor already bought a Ruckus R500 which from what I see should cover most of the area, but I know that the SOHO routers won’t cut it for that number of users.
One last thing is I am looking at getting a gigabit switch with 8 ports and POE. This place has two distinct levels with some weird stairs in between. I’m not so concerned about the in between, but for future expansion and coverage, I think this is better that POE injectors, Is this line of thinking off or is there a better solution?
Not familiar with that model, but it looks okay. With 30-50 people on wireless, you're going to want multiple AP's. My recommendation is to go Unifi. Any of these will suffice.
EDIT: To expand on wireless limits, In my experience, a single Unifi AP will top out at about 12 to 15 people on it. I have a single AP in my home, and this was more or less tested during a lan party when everyone had phones connected. This doesn't scale linearly. If you have 3 ap's, you don't get 36 to 45 people. It's heavily dependant on where they are.
If you can get blueprints (or a sketch, relatively to scale) of the building, I can recommend where and how many.
Looks good, as long as they don't have a rack. I like the Shuttle boxes. :D
EDIT: let me expand. 8GB is probably fine for 50 people. PfSense doesn't need tons of ram. I'm not super familiar with the quality of those NIC's, you may want to get an intel pro/1000 dual-port like this one. A good idea would be to run a squid caching server on it, so you can reduce the overall load out to the internet. You'll probably want a 250GB SSD for that. for caching, allocating about 170GB should be enough and in my experience, that's going to be bordering on where diminishing returns start to be seriously noticed.
dual core 2.8GHz should be good enough for the church.
questions to give you a better response:
What's their internet speed?
Are you going to be doing any advanced routing?
Are they hosting any services from the church (like a website or Exchange)
Always get a POE switch for your AP's. It's going to save you trouble later. Injectors are okay for your home, but for a business or client, a POE switch will help you diagnose problems more easily.
If you're going with the Ubiquiti AP's, I'd get one of their switches as well. This is an 8-port, POE with 2x SFP. It's a bit expensive at (US) $200, but it's a solid switch.
The other option for a switch would be something like this linksys, which is actually a bit less expensive at $159, but you're missing out on the nice integration with the Unifi controller that that the Ubiquiti switch has, as well as it's unmanaged, so no 802.3ad or VLAN. (it shouldn't drop vlan tags though, so you should be fine to that end)
There aren't a whole lot of options for 8 port POE and a 16 port switch will give you room to upgrade.
EDIT: for those interested, you can run the unifi controller on PfSense: github to the rescue!
Internet speed I'm guessing is around 80/40. No hosting as of yet. And what do you mean by advanced routing? I'm working on a blueprint right now so you can see (Not super to scale, but best guess.)
Internet speed is going to be noticed before and after services.
With that internet speed, you're best off setting up rate-limiting and configuring two different SSID's, one for staff and one guest. Throttle guest to 150kbps, throttle staff to 2.25mbps and you should be good.
Advanced routing like VLAN and whatnot. This is probably going to be a firm "no" if there's no hosting planned for the building.
Doesn't need to be super to scale, as long as the lobby doesn't wind up smaller than the janitors closet. (unless it is, in which case, the guy who planned it should be talked at)
Very interesting, I run my Unifi Controller on a Raspberry Pi B2 but I may have to try this, would make more sense to have it on one machine and it'll likely run better on my pfSense box.
I would go with 3 APs. two in the sanctuary, one in the lobby, maybe 1/3 of the distance from the wall closer to the entrance.
Did you say there are two levels? Is it like a first-floor, second floor sorta thing or more like a half-flight sort of thing? If there's a second floor, you'll have to put one AP on each floor.
What sort of material is it constructed from? Steel or concrete walls? If so, you're going to have problems with signals going through walls.
Well, it depends what you want to do. If it's just routing, I'd do something like an edgerouter or sonicwall. If you need to run a full OS, keep running it.
In that case, I'd check out a specialty router. The edgerouter has a few different hardware options. 3 port, 5 port and 8 port. I've linked the 8 port variant.
It's a pretty robust system. I use one at home and two offices.
For ease of use, and configuration - management of "guests", staff and so on... take a real close look at ubiquity unifi - the whole eco system - the accesspoints, managed switch, and the security gateway + a controller
You than can set up the whole net through the controller - even give out temporary access like for 1h, 6h, and so on
You can do the rate limiting, load balancing per client, per group, per accesspoint ... it is actually a very robust "enterprise" level system - which could make it realy easy for you to maintain that network at a satisfactory level.
That is true, the edge router has much more granular control over the routing in the GUI - on the CLI both are actually the same - the hardware even is the same. ^^
But if you do not need PGP routing, and all the backbone specific stuff - I mean you run a single internet connection with a many clients - I would go for the USG just for the ease of use - because the more serious stuff you have to do on the CLI at the EdgeRouter as well.
I have the EdgeRouter Lite at home and at a view clients who do not have massive wireless infrastructure - but now that I am about to replace my old HP switches, I am realy thinking hard about going USG + UnifiSwitches to compliment the three access-points I have (European house, concrete, brick + steel - so many access-points needed for somewhat decent coverage)
You once dig into the controller UI - set up the networks, the SSIDs and it does the rest for you.
As long as the internet connection itself is working you will be able to remotely access the controller =) and yes, when you are familiar with the system yourself you can blind-talk a noob through the process =)
Which isn't as given with the EdgeRouter Lite - btw you can create different levels of users - eg. your churches staff can add users for guests - but can not switch the routing around and stuff like that =)
You e.g. can enable/disable the guest wifi during the ceremony (what ever is more wanted ;) ) and after it enable it only for registered guests, so maybe the piggypacker on the street wont surf down your connection... all stuff that is possible with easy voucher codes you give to your community