School Network in Nairobi

Preface
1. I'm currently in Nairobi, Kenya
2. I came to work in a library, but they found out I'm an IT guy, so I'm now implementing a network in their school. I'm excited, because this is way more interesting than adding books to a library.

Network Details
1. There will be a fiber optic cable installed tomorrow. I have not been informed what the speed will be (it is unlimited though).
2. There are 8 school computers (old Compaqs with Pentium 4's and Windows 8, of all things).
3. There must also be wifi

Plan

  • I have purchased an older Compaq (8GB DDR3, Core 2 Duo E8400).

  • A daughter of one of the missionaries I'm working with is visiting soon, and will bring a 4 port gigabit nic for me.

  • There are thirty some students, and another 10 or so faculty that will need access to the internet, either over wifi or on the campus computers.

My plan is to build a pfSense router using the Compaq I purchased. The issue with the campus computers is I don't have the funds to purchase a license for Windows Server. So my plan is this: lock down all settings on the campus computers and have a common login, and then control network access using a RADIUS server and captured portal on the pfsense router. Any thoughts? I'll be happy to fill in any details. Also, the freaking fiber connection costs $40 per month and the installation is free.

1 Like

I can't help you with much, but first thing I can see here is that the E8400 does not support AES-NI which pfsense will require in a little under 2 years in their 2.5 release.

Other than that I can forsee people asking what your budget is and how the supply lines are/what hardware can we even recommend that you can reasonably order in Nairobi? Also how many firewalled subnets you will have and how big of a space/rooms need wifi.

I know other forum members have had quite sufficient help with larger networking setups, so I think you are in good hands.

My budget is $300. Bit of a shoestring. I've spent $140 on the computer and $50 on a 24 port switch. The computer was the best I could find at the $150 price range, and while the switch is only 100mbps (I know I know, but the only alternative was $170) there will only be 8 computers on it at once, and all social media sites and YouTube will be blocked. I'm also going to work on blocking embedded YouTube videos.

As for subnets, I only need two. The library is part of a small Christian college that is located on property owned by a church (the college rents the property and building). Once the network is configured in the library, it will need to be extended to the church, about 100m away.

The college is only three rooms; one large library room, one medium sized classroom, and one smaller studying room. The wifi will only have one wall to pass through, everything else is open space. I think that the wifi will be seeing the majority of traffic due to faculty using it.

I have not gotten a WAP yet. I have $110 left, and I'd like to get a UPS... Not sure if that'll work out though. Suggestions for a WAP would be good. I believe I can get the missionaries daughter to bring it over from America, as long as it's reasonably small.

As for the WAP, I know many including myself will recommend Ubiquiti, and I think the cheap one called Ubiquiti Unifi LITE will be able to handle 40 simultaneous connections (30 students + 10 faculty members), especially when you plan to block heavy network traffic like youtube, but you might want to research that a bit. It is even PoE and comes with its own PoE injectors (unless you get the 5-piece-bundle). You can install the controller software on the pfsense box if you want a guest network running, otherwise it is not needed beyond setup.

Am on mobile so can't look it up right now. But I think the 100m to the church is going to be a stretch. If I recall correctly ethernet cabling, regardless of version, is rated at 100m max, and PoE is 50m max, someone might want to correct me on that? You'll also need some kind of protection cable to run it through no matter if it is run above or underground. Ethernet cables are not meant to withstand the elements like soil or sun.

I appreciate the WAP recommendation. If a couple other people will back that up, I'll go with it. I haven't worked at all with wireless hardware, and the university I work for back home exclusively uses Aruba hardware, which costs an arm and a kidney. As for the run to the church, I'll measure it tomorrow and see just how far it is. I suppose if it's more than 100 we'll have to come up with a repeater.

How big are these rooms in terms of square meters? And more importantly what are the walls made of? Have you tested the reception through them? Some walls are thin but have a layer of tinfoil-like material commonly used with insulation, which can block wifi pretty effectively. Obviously thick concrete or brick walls is also going to be a problem.

PS: Please hit the reply button on the messages and not for the thread, otherwise responders don't get a notification if they are not directly quoted or mentioned with a @ in front.

PPS: I recall this thread which is a (strikingly) similar situation to yours. You might want to read through it and maybe call on some of the people participating in it. Also, come to think of it, the title of your thread doesn't describe a whole lot about what it is you need help with. Maybe rephrase it. If you include the word "pfSense" I'll guarantee you'll get more views. L1T community are suckers for pfSense :slight_smile: (oh you have it as a tag, didn't notice at first)

PPPS: (Sorry for spamming this post) I am not a network-wiz, but I wanted to make sure my recommendation of the Unifi LITE would suffice to your needs. So I (think I) have found out that it does support RADIUS and multiple SSID's on the single WAP. https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless#How_Many_SSIDs_.2F_VLANs_are_supported Check under where it says "UniFi System Management" and

1 Like

Which brings up something more important. Are you going to be there permanently?

If not. Who will take over? How will updates and upgrades be handled? If anything the boundary system is going to need to be secure and up to date. If there no long term support you should consider something that is easy to support and patch.

Make sure you make plenty of documentation. If there might be long term support issues, make sure things like how to manage the current configuration and updates is will documented. We don't need yet another dozen computers becoming a bot net.

2 Likes

@Zumps, the walls are thin plywood with no insulation of any kind, so I think one access point centered in the building will suffice (at least for now). Thanks for checking up on the WAP as well!

@Eden, I am not going to be here permanently, just until August. I will leave behind excessively thorough documentation (although I'm not sure there is such a thing), and I met a guy named Theo in a church that is associated with this college. He's in his first year of college, and he's going for an IT degree. He's not done much with software or hardware, mainly just theory so far, but he's clever. I'll be teaching him what I know and hopefully he can increase in knowledge after my departure. I also met a fellow named Duncan who owns a computer store in Thika (a smaller city outside of Nairobi) who would like to learn about pfSense as well. He already does hardware support for the school, and while not employed by the school, his hourly consulting rate is very reasonable. So if all else fails, he can come in to diagnose any problems.

Now as for the issue of the upcoming 2.5 release of pfSense, we'll cross that bridge when we get to it. If that means upgrading the computer, so be it. With any luck Duncan and Theo will be able to support the school by that point. I am a tad worried about the reliability and uptime of the router. Power outages are very common, so I'll be getting a UPS with a large battery capacity, and I'll also train some of the faculty in how to power down the machine safely and restart it.

3 Likes