Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Network Design for Office w/multiple Tenants

Posted on 2014-03-30
12
Medium Priority
?
277 Views
Last Modified: 2014-05-03
Hello,

We are moving to new building where we are going to be sharing an Internet Connection with 3 other companies. Now, each company will have their own internal network (pcs/servers), but we will all be sharing a high speed fiber internet connection. What do you think I should consider when setting up this network? I proposed a main Firewall which would handle the connection from the ISP. From there, I was thinking about a Cisco 3560 L3 switch as the main VLAN gateway which each company having its own VLAN. Each company would have their own Cisco 2960's which connect back to the 3560.

Let me know your thoughts.
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 39965548
Static IP's?

Layer 3 is a bit of over kill.

A UTM like Watchguard or Sonicwall could do your vlan's directly and eliminate the need for a master switch.

A smart layer 2 switch vlan would do just as well.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39965554
Yes I would give them their own public static IP not really a requirement at this point though.

I was thinking of having a Core design with a L3 switch and then just have it span out to each company with their own L2's
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39965577
Your concept is on track

You won't need a public IP each for all three companies since they will be going out through 1 connection. If you however want their traffic identified separately on the internet, then you can create a sub interface for each company on the firewall's internet facing port and assign separate public IPs to each sub interface. You will then NAT each traffic through the desired public IP
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:Cobra25
ID: 39965579
Akinsd

I plan on using Cisco ASA 5510

I should have about 16 public IPs, i would like each company to have their own public IP. Do you see any issues
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39965677
You will need to call your ISP. The only thing to worry about is communication (route), otherwise, there shouldn't be any issues if NAT is properly configured
0
 
LVL 30

Expert Comment

by:pgm554
ID: 39965711
Are you running Exchange or any other static IP hungry apps?
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39965713
Nope

not at all, just like to keep things segregated
0
 
LVL 30

Expert Comment

by:pgm554
ID: 39965718
I would forget the l3 switch,use the ASA to do VLAN's into separate L2 switches and be done with it.

Personally ,I would consider the use of a UTM appliance with a subscription.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39965934
pgm554 thats an interesting thought

There maybe up to 7-10 companies that may join. Wouldnt i be limited on ports
0
 
LVL 19

Expert Comment

by:Andrew Davis
ID: 39968249
As has been said, if it is just 3 tenants then this is commonly supported by UTM devices (Watchguard, Sonicwall, or UnTangle) however if you are looking at possibley going out to 10 or more then i would be agree that VLAN switches are the way to go.

With Public IP's. Whilst you are not planning on having any internal exchanges, or devices that require external port redirection, i think it would be a good idea to allow for it, by having each tenant having their own public IP so that they can, if the day comes, have their own port redirection.

Especially if each tenant is going to be responsible for their own LAN, and you are not managing all of the internals.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39968450
Why is UTM recommended in this scenario? Price?
0
 
LVL 30

Accepted Solution

by:
pgm554 earned 2000 total points
ID: 39969779
UTM's do a lot of nice things,they filter out malware sites and exploits,as well as email virus.

http://www.watchguard.com/products/xtm-software/overview.asp

You can do a Watchguard for under $500 bucks with 1 year sub.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question