Need some recommendations and configuration advice. Note that the budget is a bit tight for this project. A $3,000+ Cisco is out of the question, unfortunately.
We're getting a re-distributable multi-meg connection from the cable company, and we're going to be selling some of that off to cover part of the expense. Our downlinks will all be in our own building, and a wireless feed to a café a few blocks away to set up a hot spot has already been requested (it's a few months out yet, though).
Downlinks will each have an off-the-shelf router that they connect their own systems to, and those will be assigned static IP's (no more than one each) we get from our provider.
We will also have one publicly-accessible server in the small office the connection is coming in to. We will not want that server going through a router's DMZ or port forwarding, and we will want the ability to add additional IP's to it down the road (1 to start).
We will need QoS and bandwidth limiting (configurable per port or MAC) to keep downlinks from hogging the whole pipe, and to make sure that sufficient bandwidth is available for Vonage VoIP. The bandwidth control should be in 100k or smaller increments, but no bigger than 256k.
We'd also like to have MAC authentication (internal to the device, not in conjunction with a RADIUS server or other authentication method). MAC authentication would mainly be used for a feed to the shared conference room. We could authorize one router, which we keep in our office unless it's needed. That would keep anyone from just plugging in.
The new café down the street, at some point, will be setting up a hot spot, and we'll be supplying a wireless feed (about 3 blocks away) to them for that, using something like DLink's outdoor PoE-powered AP's (roof mounted). The DLink DSA3200 hotspot gateway is being considered for hotspot management at their location.
We will have no more than 3 downlinks besides ourselves (makes 4, plus our server equals the 5 total we'd probably ever have at this location). We do not need anything huge or expandable. 16 ports is way more than plenty for us. 100mbit fast Ethernet is sufficient network speed and a 10mbit uplink is more than adequate.
The static IP's from the cable company are not cheap (as much as a third of the total bill will just be the IP's), so we'd like to minimize how many get used, while still giving everybody one.
I've not set up multiple static IP's on a cable connection before, nor have I ever had to set up anything more than VLANs on a switch; but I picture a switch or router getting connected to it, and then our server and the off-the-shelf routers getting hooked up to that, each with it's own IP. So that's one IP down for the managed switch or router… (and the cable modem itself will remain in 'bridge mode' and not use one up?)
How about the wireless AP's we will be getting later to feed porn to the local café? Is it possible to run those on private addresses (e.g. 192.168.1.1 & 2), while still allowing their hotspot gateway to have one of the public static IP's? Or is that two more IP's taken up, without really getting "used"?
So, we need a managed switch (or router?) capable of getting hooked up to the cable modem and giving us some bandwidth control and MAC authentication. Something that won't break the bank is crucial, and easy-to-setup would be nice. We are no "enterprise", we don't need carrier-grade equipment, but it needs to work.
How far "up" do we need to go to get a switch with the features we're looking at? Recommended models? I'd rather have a standalone hardware solution than use a Linux box to serve as a router, but I'd consider that option if there was no other way to keep costs in line. Note this is a US location.
Suggestions, recommendations, ideas? Anyone have a similar setup?