Bandwidth limiting switch or router recommendations?

Need some recommendations and configuration advice. Note that the budget is a bit tight for this project. A $3,000+ Cisco is out of the question, unfortunately.

We're getting a re-distributable multi-meg connection from the cable company, and we're going to be selling some of that off to cover part of the expense. Our downlinks will all be in our own building, and a wireless feed to a café a few blocks away to set up a hot spot has already been requested (it's a few months out yet, though).

Downlinks will each have an off-the-shelf router that they connect their own systems to, and those will be assigned static IP's (no more than one each) we get from our provider.

We will also have one publicly-accessible server in the small office the connection is coming in to. We will not want that server going through a router's DMZ or port forwarding, and we will want the ability to add additional IP's to it down the road (1 to start).

We will need QoS and bandwidth limiting (configurable per port or MAC) to keep downlinks from hogging the whole pipe, and to make sure that sufficient bandwidth is available for Vonage VoIP. The bandwidth control should be in 100k or smaller increments, but no bigger than 256k.

We'd also like to have MAC authentication (internal to the device, not in conjunction with a RADIUS server or other authentication method). MAC authentication would mainly be used for a feed to the shared conference room. We could authorize one router, which we keep in our office unless it's needed. That would keep anyone from just plugging in.

The new café down the street, at some point, will be setting up a hot spot, and we'll be supplying a wireless feed (about 3 blocks away) to them for that, using something like DLink's outdoor PoE-powered AP's (roof mounted). The DLink DSA3200 hotspot gateway is being considered for hotspot management at their location.

We will have no more than 3 downlinks besides ourselves (makes 4, plus our server equals the 5 total we'd probably ever have at this location). We do not need anything huge or expandable. 16 ports is way more than plenty for us. 100mbit fast Ethernet is sufficient network speed and a 10mbit uplink is more than adequate.

The static IP's from the cable company are not cheap (as much as a third of the total bill will just be the IP's), so we'd like to minimize how many get used, while still giving everybody one.

I've not set up multiple static IP's on a cable connection before, nor have I ever had to set up anything more than VLANs on a switch; but I picture a switch or router getting connected to it, and then our server and the off-the-shelf routers getting hooked up to that, each with it's own IP. So that's one IP down for the managed switch or router… (and the cable modem itself will remain in 'bridge mode' and not use one up?)

How about the wireless AP's we will be getting later to feed porn to the local café? Is it possible to run those on private addresses (e.g. & 2), while still allowing their hotspot gateway to have one of the public static IP's? Or is that two more IP's taken up, without really getting "used"?

So, we need a managed switch (or router?) capable of getting hooked up to the cable modem and giving us some bandwidth control and MAC authentication. Something that won't break the bank is crucial, and easy-to-setup would be nice. We are no "enterprise", we don't need carrier-grade equipment, but it needs to work.

How far "up" do we need to go to get a switch with the features we're looking at? Recommended models? I'd rather have a standalone hardware solution than use a Linux box to serve as a router, but I'd consider that option if there was no other way to keep costs in line.  Note this is a US location.

Suggestions, recommendations, ideas? Anyone have a similar setup?
LVL 14
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I have a similar situation at home, where we are subscribed to 6mbps cable, but have Vonage. I also do a lot of Torrents and high-speed downloads, which used to compete for bandwidth with the Vonage system. If you setup a Linux router or use a Linksys WRT54G router, you can load Wonder Shaper on it:

This wodnerful little piece of software will prioritize your traffic and make sure critical things you set like Vonage will always have enough bandwidth. I use it at home, and while I can get torrent downloads exceeding 5mbps, my Vonage stays crisp and clear.

If you choose not to load modified firmware to the Linksys WRT54G, or use a linux router, the regular stock firmware in the Linksys WRT54G has bandwith control options which can be set to limit via protocol or via port. Just run a line from a port on the router to your client, then set its priority in the settings.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nltechAuthor Commented:
i know about wondershaper. but i'm curious about other options that don't cost a bundle.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Good, fast, cheap; pick any two.
There is a device called packeteer , wich could help you network.

Officially it's a little expensive but if you could spare the updates and support, you could find them here used of course and lower price...
with enough documentation and user manual I was able to make it work, Hope you could too..

nltechAuthor Commented:
would a simple managed switch like be enough for the bandwidth control and qos for the voip?
physical port managed and ToS type priority works if this is sufficient for you. I have not much experience with these type of switches, but I do have a shaping box(like recommended)... and I see it far better to have a IP based bandwidth management, for lots of reasons:better control (by application on ports), troubleshooting (P2P hogs, virus), monitoring user rates at graphical levels to know when your exceeding % and need to buy more bandwidth, stuff like that... sure it's looks a little fancy but it does really nice on controlling what you want... I confess I bought mine on ebay and still works OK after 1+ yr.

and it's all webpage(dummy level) easy to use, no special knowledge of IP protocols to be learned...

nltechAuthor Commented:
i'm not too worried about "unauthorized" bandwidth usage.. at least not initially, as i am the contracted administrator for the networks that will get hooked up to the onnection.  the main concern is having enough bandwidth available for the voip application (and then mainly it's to ensure i don't bog down the voip myself during a debian install, streaming my tv from home down to the office, etc...)

down the road, when we set up a hot spot, then yes, that might be important, but simple bandwidth control might be sufficient there, as it's not going to be a heavily used hot spot.  if they (the hot spot owner) wants the extra controls or monitoring, then they can pay for it.

even when i managed a fixed wireless distribution system, we only had simple bandwidth limiting on the uplink to the distribution radio. we just let the downstream clients fend for themselves, and that worked out ok (all small businesses, no residential users). although if i get into that again in the future, i might want a little additional control for my own piece of mind, seeing how i work for myself now. but that is even further down the road than the hot spot(s).
right, My recommendation is to cover your back in he future and not endup needing higher level adminstration. Excellent to see you have a good Idea of what's happening or what's going to happen, and sure puts you in control.
you might want to check out for WLAN links and bridges.

A Router solution is at hand even if it's cisco, unless you want it certified and every nut and bolt squeezef out from cisco... simple to do is
a Managed switch I find very attractive is summit ... also can get used and Price accesible from ebay... cheap and used but helps alot. with the switch everything you wanna do is possible.

Hope everyone help to lead you in the proper direction... or answered your Q.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.