Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VLAN Isolation, Bandwidth Shaping in Multi-Tenant Office Suite

Posted on 2012-03-24
6
Medium Priority
?
622 Views
Last Modified: 2012-06-21
Hello Professionals,

My client has a multi-tenant office building with about 50 tenants.  I was hired as his new I.T. consultant and one of my tasks (of many) is to redesign his network, thus:

Requirements:

+ Each tenant must be isolated from all other tenants, so each on his own VLAN and subnet.
+ Each tenant have access to the internet.
+ Each tenant have access to a shared VLAN that hosts a large multi-function printer/scanner.
+ Bandwidth shaping, or even just simple max-traffic enforcement, on each VLAN, so tenants can’t abuse the internet by streaming Netflix movies all day (some do this as background noise, ug)
+ A couple of tenants need external VPN to their respective VLAN for file sharing or other approved purpose.
+ Failover to alternate ISP, e.g. DSL

I’ve setup simple networks in the past with a couple of VLANs, but this project is quite a bit larger than what I’ve done recently.

ISP is Comcast, providing a 50 mbit pipe on a business class cable-modem.

I would appreciate advice on equipment to purchase.  If I can get it all in a single box, e.g. a Sonicwall or something similar, great.  If not, multiple boxes are OK.  A device with a web-accessible GUI (as opposed to CLI) is desirable as I will instruct the client on how to make minor changes.

Thank you!
0
Comment
Question by:pbcit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 37760879
A sonicwall NSA could do the Internet part just fine, but none of them have 50 ports. So you'll need probably two layer 3 switches behind it for all your vlans.
Really, I'm in your position, 50 is a little over my head. I just wanted to comment on sonicwall.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 800 total points
ID: 37761148
You will need at least two L3 switches unless you go to a chassis, which could get expensive.  Typically a non-chassis L3 switch tops out at 48 ports.

Some vendors (Juniper and Cisco) offer "stacking" switches.  Basically 1U switches that can logically be managed as a single switch.  Give you the ease of management of a chassis, but at less cost.

You should get a switch that supports PVLAN's (private VLAN's).  Typically makes it easier than trying to code ACL's to block traffic.
0
 
LVL 13

Accepted Solution

by:
Sandy earned 1200 total points
ID: 37761236
I suggest go for CISCO 4948, Having all required features you are looking at. This can provide you both CLI and GUI Console to manage this whole part.

You can create Vlan there and also can use dot1q encapsulation to get them communicated with each other.

In order to configure VPN i suggest to opt for CISCO 5505 (Not so costly) device and your task can be accomplish on that.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 37

Expert Comment

by:bbao
ID: 37764081
just go L3 switching with any vendor supporting this feature.
0
 

Author Comment

by:pbcit
ID: 37776501
The Cisco option is too costly.  Is anyone familiar with Netgear or Sonicwall offerings?  Specific model numbers?

50 ports was a high estimate.  A 48 port device would probably work.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37776681
Just about any L3 switch should do and Netgear does offer these.

I don't think Sonicwall offers L3 switches.  Their devices are firewalls which have a limited number of ports.

Although 48 ports may work for now, unless you way over estimated, I would plan on more than 48 ports.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question