Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VLAN Isolation, Bandwidth Shaping in Multi-Tenant Office Suite

Posted on 2012-03-24
6
Medium Priority
?
627 Views
Last Modified: 2012-06-21
Hello Professionals,

My client has a multi-tenant office building with about 50 tenants.  I was hired as his new I.T. consultant and one of my tasks (of many) is to redesign his network, thus:

Requirements:

+ Each tenant must be isolated from all other tenants, so each on his own VLAN and subnet.
+ Each tenant have access to the internet.
+ Each tenant have access to a shared VLAN that hosts a large multi-function printer/scanner.
+ Bandwidth shaping, or even just simple max-traffic enforcement, on each VLAN, so tenants can’t abuse the internet by streaming Netflix movies all day (some do this as background noise, ug)
+ A couple of tenants need external VPN to their respective VLAN for file sharing or other approved purpose.
+ Failover to alternate ISP, e.g. DSL

I’ve setup simple networks in the past with a couple of VLANs, but this project is quite a bit larger than what I’ve done recently.

ISP is Comcast, providing a 50 mbit pipe on a business class cable-modem.

I would appreciate advice on equipment to purchase.  If I can get it all in a single box, e.g. a Sonicwall or something similar, great.  If not, multiple boxes are OK.  A device with a web-accessible GUI (as opposed to CLI) is desirable as I will instruct the client on how to make minor changes.

Thank you!
0
Comment
Question by:pbcit
6 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 37760879
A sonicwall NSA could do the Internet part just fine, but none of them have 50 ports. So you'll need probably two layer 3 switches behind it for all your vlans.
Really, I'm in your position, 50 is a little over my head. I just wanted to comment on sonicwall.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 800 total points
ID: 37761148
You will need at least two L3 switches unless you go to a chassis, which could get expensive.  Typically a non-chassis L3 switch tops out at 48 ports.

Some vendors (Juniper and Cisco) offer "stacking" switches.  Basically 1U switches that can logically be managed as a single switch.  Give you the ease of management of a chassis, but at less cost.

You should get a switch that supports PVLAN's (private VLAN's).  Typically makes it easier than trying to code ACL's to block traffic.
0
 
LVL 13

Accepted Solution

by:
Sandy earned 1200 total points
ID: 37761236
I suggest go for CISCO 4948, Having all required features you are looking at. This can provide you both CLI and GUI Console to manage this whole part.

You can create Vlan there and also can use dot1q encapsulation to get them communicated with each other.

In order to configure VPN i suggest to opt for CISCO 5505 (Not so costly) device and your task can be accomplish on that.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 37

Expert Comment

by:bbao
ID: 37764081
just go L3 switching with any vendor supporting this feature.
0
 

Author Comment

by:pbcit
ID: 37776501
The Cisco option is too costly.  Is anyone familiar with Netgear or Sonicwall offerings?  Specific model numbers?

50 ports was a high estimate.  A 48 port device would probably work.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37776681
Just about any L3 switch should do and Netgear does offer these.

I don't think Sonicwall offers L3 switches.  Their devices are firewalls which have a limited number of ports.

Although 48 ports may work for now, unless you way over estimated, I would plan on more than 48 ports.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Make the most of your online learning experience.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question