Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 631
  • Last Modified:

VLAN Isolation, Bandwidth Shaping in Multi-Tenant Office Suite

Hello Professionals,

My client has a multi-tenant office building with about 50 tenants.  I was hired as his new I.T. consultant and one of my tasks (of many) is to redesign his network, thus:

Requirements:

+ Each tenant must be isolated from all other tenants, so each on his own VLAN and subnet.
+ Each tenant have access to the internet.
+ Each tenant have access to a shared VLAN that hosts a large multi-function printer/scanner.
+ Bandwidth shaping, or even just simple max-traffic enforcement, on each VLAN, so tenants can’t abuse the internet by streaming Netflix movies all day (some do this as background noise, ug)
+ A couple of tenants need external VPN to their respective VLAN for file sharing or other approved purpose.
+ Failover to alternate ISP, e.g. DSL

I’ve setup simple networks in the past with a couple of VLANs, but this project is quite a bit larger than what I’ve done recently.

ISP is Comcast, providing a 50 mbit pipe on a business class cable-modem.

I would appreciate advice on equipment to purchase.  If I can get it all in a single box, e.g. a Sonicwall or something similar, great.  If not, multiple boxes are OK.  A device with a web-accessible GUI (as opposed to CLI) is desirable as I will instruct the client on how to make minor changes.

Thank you!
0
pbcit
Asked:
pbcit
2 Solutions
 
Aaron TomoskyTechnology ConsultantCommented:
A sonicwall NSA could do the Internet part just fine, but none of them have 50 ports. So you'll need probably two layer 3 switches behind it for all your vlans.
Really, I'm in your position, 50 is a little over my head. I just wanted to comment on sonicwall.
0
 
giltjrCommented:
You will need at least two L3 switches unless you go to a chassis, which could get expensive.  Typically a non-chassis L3 switch tops out at 48 ports.

Some vendors (Juniper and Cisco) offer "stacking" switches.  Basically 1U switches that can logically be managed as a single switch.  Give you the ease of management of a chassis, but at less cost.

You should get a switch that supports PVLAN's (private VLAN's).  Typically makes it easier than trying to code ACL's to block traffic.
0
 
SandyCommented:
I suggest go for CISCO 4948, Having all required features you are looking at. This can provide you both CLI and GUI Console to manage this whole part.

You can create Vlan there and also can use dot1q encapsulation to get them communicated with each other.

In order to configure VPN i suggest to opt for CISCO 5505 (Not so costly) device and your task can be accomplish on that.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
bbaoIT ConsultantCommented:
just go L3 switching with any vendor supporting this feature.
0
 
pbcitAuthor Commented:
The Cisco option is too costly.  Is anyone familiar with Netgear or Sonicwall offerings?  Specific model numbers?

50 ports was a high estimate.  A 48 port device would probably work.
0
 
giltjrCommented:
Just about any L3 switch should do and Netgear does offer these.

I don't think Sonicwall offers L3 switches.  Their devices are firewalls which have a limited number of ports.

Although 48 ports may work for now, unless you way over estimated, I would plan on more than 48 ports.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now