Solved

VLAN Isolation, Bandwidth Shaping in Multi-Tenant Office Suite

Posted on 2012-03-24
6
598 Views
Last Modified: 2012-06-21
Hello Professionals,

My client has a multi-tenant office building with about 50 tenants.  I was hired as his new I.T. consultant and one of my tasks (of many) is to redesign his network, thus:

Requirements:

+ Each tenant must be isolated from all other tenants, so each on his own VLAN and subnet.
+ Each tenant have access to the internet.
+ Each tenant have access to a shared VLAN that hosts a large multi-function printer/scanner.
+ Bandwidth shaping, or even just simple max-traffic enforcement, on each VLAN, so tenants can’t abuse the internet by streaming Netflix movies all day (some do this as background noise, ug)
+ A couple of tenants need external VPN to their respective VLAN for file sharing or other approved purpose.
+ Failover to alternate ISP, e.g. DSL

I’ve setup simple networks in the past with a couple of VLANs, but this project is quite a bit larger than what I’ve done recently.

ISP is Comcast, providing a 50 mbit pipe on a business class cable-modem.

I would appreciate advice on equipment to purchase.  If I can get it all in a single box, e.g. a Sonicwall or something similar, great.  If not, multiple boxes are OK.  A device with a web-accessible GUI (as opposed to CLI) is desirable as I will instruct the client on how to make minor changes.

Thank you!
0
Comment
Question by:pbcit
6 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 37760879
A sonicwall NSA could do the Internet part just fine, but none of them have 50 ports. So you'll need probably two layer 3 switches behind it for all your vlans.
Really, I'm in your position, 50 is a little over my head. I just wanted to comment on sonicwall.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 200 total points
ID: 37761148
You will need at least two L3 switches unless you go to a chassis, which could get expensive.  Typically a non-chassis L3 switch tops out at 48 ports.

Some vendors (Juniper and Cisco) offer "stacking" switches.  Basically 1U switches that can logically be managed as a single switch.  Give you the ease of management of a chassis, but at less cost.

You should get a switch that supports PVLAN's (private VLAN's).  Typically makes it easier than trying to code ACL's to block traffic.
0
 
LVL 13

Accepted Solution

by:
Sandy earned 300 total points
ID: 37761236
I suggest go for CISCO 4948, Having all required features you are looking at. This can provide you both CLI and GUI Console to manage this whole part.

You can create Vlan there and also can use dot1q encapsulation to get them communicated with each other.

In order to configure VPN i suggest to opt for CISCO 5505 (Not so costly) device and your task can be accomplish on that.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 37

Expert Comment

by:bbao
ID: 37764081
just go L3 switching with any vendor supporting this feature.
0
 

Author Comment

by:pbcit
ID: 37776501
The Cisco option is too costly.  Is anyone familiar with Netgear or Sonicwall offerings?  Specific model numbers?

50 ports was a high estimate.  A 48 port device would probably work.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37776681
Just about any L3 switch should do and Netgear does offer these.

I don't think Sonicwall offers L3 switches.  Their devices are firewalls which have a limited number of ports.

Although 48 ports may work for now, unless you way over estimated, I would plan on more than 48 ports.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Why does my public IP keep changing? 6 81
Switch ports not working 8 54
exclude a user from a deny permisssion 4 61
what is mstp 6 38
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question