VLAN Isolation, Bandwidth Shaping in Multi-Tenant Office Suite

Hello Professionals,

My client has a multi-tenant office building with about 50 tenants.  I was hired as his new I.T. consultant and one of my tasks (of many) is to redesign his network, thus:

Requirements:

+ Each tenant must be isolated from all other tenants, so each on his own VLAN and subnet.
+ Each tenant have access to the internet.
+ Each tenant have access to a shared VLAN that hosts a large multi-function printer/scanner.
+ Bandwidth shaping, or even just simple max-traffic enforcement, on each VLAN, so tenants can’t abuse the internet by streaming Netflix movies all day (some do this as background noise, ug)
+ A couple of tenants need external VPN to their respective VLAN for file sharing or other approved purpose.
+ Failover to alternate ISP, e.g. DSL

I’ve setup simple networks in the past with a couple of VLANs, but this project is quite a bit larger than what I’ve done recently.

ISP is Comcast, providing a 50 mbit pipe on a business class cable-modem.

I would appreciate advice on equipment to purchase.  If I can get it all in a single box, e.g. a Sonicwall or something similar, great.  If not, multiple boxes are OK.  A device with a web-accessible GUI (as opposed to CLI) is desirable as I will instruct the client on how to make minor changes.

Thank you!
pbcitAsked:
Who is Participating?
 
SandyConnect With a Mentor Commented:
I suggest go for CISCO 4948, Having all required features you are looking at. This can provide you both CLI and GUI Console to manage this whole part.

You can create Vlan there and also can use dot1q encapsulation to get them communicated with each other.

In order to configure VPN i suggest to opt for CISCO 5505 (Not so costly) device and your task can be accomplish on that.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
A sonicwall NSA could do the Internet part just fine, but none of them have 50 ports. So you'll need probably two layer 3 switches behind it for all your vlans.
Really, I'm in your position, 50 is a little over my head. I just wanted to comment on sonicwall.
0
 
giltjrConnect With a Mentor Commented:
You will need at least two L3 switches unless you go to a chassis, which could get expensive.  Typically a non-chassis L3 switch tops out at 48 ports.

Some vendors (Juniper and Cisco) offer "stacking" switches.  Basically 1U switches that can logically be managed as a single switch.  Give you the ease of management of a chassis, but at less cost.

You should get a switch that supports PVLAN's (private VLAN's).  Typically makes it easier than trying to code ACL's to block traffic.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
bbaoIT ConsultantCommented:
just go L3 switching with any vendor supporting this feature.
0
 
pbcitAuthor Commented:
The Cisco option is too costly.  Is anyone familiar with Netgear or Sonicwall offerings?  Specific model numbers?

50 ports was a high estimate.  A 48 port device would probably work.
0
 
giltjrCommented:
Just about any L3 switch should do and Netgear does offer these.

I don't think Sonicwall offers L3 switches.  Their devices are firewalls which have a limited number of ports.

Although 48 ports may work for now, unless you way over estimated, I would plan on more than 48 ports.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.