Need a 16 port w/VLAN Switch

L

LoStMaTt

2[H]4U
Joined
Feb 26, 2003
Messages
3,180
Doesn't have to have gigabit support.

I need VLAN's so that I can seperate public wifi network from restaurant internal network.

Need a minimum of 16 ports.

What do you guys recommend?
 
If VLAN's are your only requirement, the HP 1810G (new) is good.

But since you don't need gigabit support, any 'ol 24-port Cisco switch from eBay would work too. I like the 3550 and 3560 series, but a 3524XL or 2950 would be fine too.
 
HP ProCurve if they have the budget, or one of the Stinksys/Cisco SRW series if they are pinching pennies.
Difference if they ask? HP ProCurve..lifetime warranty. Set it..and forget it. Stinksys/Cisco SRW series..maaaaaayyy need a reboot once or twice a year because something funky goes on with the network.
 
Someone had a new HP 1700 series 24 port for sale over in the FS/T forums for a good price. I'd go for that or an HP 2524 from eBay.
 
I had another thread on this a while back -- maybe I am still confused as to how to best set up this network.

Currently we have your everyday WAN --> Router ---> Switch ---> PC's setup.

What I want to do is WAN --- > Router ---> Switch w/ VLAN that will break up into our internal network and a Public WiFi network.

I don't want public WiFi to have any access to internal network.

Right now I am double NATing and I dont feel comfortable with that set up.
 
Netgear ProSafe FVS114 or FVS318 are what are in most of the stores. We use Netgear VPN to the corp office.
 
LoStMaTt said:
Netgear ProSafe FVS114 or FVS318 are what are in most of the stores. We use Netgear VPN to the corp office.
Click to expand...

I don't think these support 802.1Q VLAN tagging, and only have one interface you can use for this. Unless I'm mistaken, you'll need to either add a dedicated router that does or replace these Netgear boxes. It may be more cost effective (though less elegant and flexible) to *just* replace these boxes with some that have multiple LAN ports that can be separated internally (either as separate interfaces or with tagging on the internal switch).
 
Last edited:
So far I've been very happy with my powerconnect switches. A 2716 or 5324 would fit the job and both are very easy to come by. Only downside with the 27xx and 28xx series is that they are web managed so they don't have more advanced options. The 3xxx series powerconnects would do fine as well if you only need 10/100.
 
I am not opposed to taking a ground up approach.

If I need to switch off of the routers I have for something else I can do that.

As long as we have VPN.

I have even considered running a pfsense or IPCop box out in the stores and just do it that way but we don't have room to put extra boxes.
 
LoStMaTt said:
I have even considered running a pfsense or IPCop box out in the stores and just do it that way but we don't have room to put extra boxes.
Click to expand...

I feel like a salesman because I'm always pushing them (I'm not :p), but the ALIX hardware is great for this. Little aluminum box, fairly inexpensive to set up and you can get a low power 2 or 3-interface fully capable pfSense box (e.g. this kit). AES throughput is 20mbps or so. Add an 802.1Q switch or just use your existing switch and dedicated an interface to connect to your AP (or install a wireless card directly on the ALIX). This is what I would recommend if you're replacing the routers.

If your 'trusted' clients never need to talk to your 'untrusted' clients (and vice versa), it might make more sense to just tack a switch (or use a port based VLAN) onto your incoming WAN connection and isolate them that way.
 
Hmm if I could find a way to maybe put together an Intel Atom setup with a lithium ion battery as backup power I could maybe swing that.
 
LoStMaTt said:
I had another thread on this a while back -- maybe I am still confused as to how to best set up this network.

Currently we have your everyday WAN --> Router ---> Switch ---> PC's setup.

What I want to do is WAN --- > Router ---> Switch w/ VLAN that will break up into our internal network and a Public WiFi network.

I don't want public WiFi to have any access to internal network.

Right now I am double NATing and I dont feel comfortable with that set up.
Click to expand...

I'd just get a managed switch that does port based VLANS.
Router plugs into port 1
Your office network plugs into ports 2-20, call that VLAN 1..and make port 1 a member of that VLAN 1 too.
Wireless guest stuff plugs into ports 21-23..call that VLAN 2, and make port 1 also a member of that VLAN.
 
YeOldeStonecat said:
I'd just get a managed switch that does port based VLANS.
Router plugs into port 1
Your office network plugs into ports 2-20, call that VLAN 1..and make port 1 a member of that VLAN 1 too.
Wireless guest stuff plugs into ports 21-23..call that VLAN 2, and make port 1 also a member of that VLAN.
Click to expand...

Thanks Cat

Have any procurves or other switches for sale that you are trying to get rid of?
 
Not much for spares...got an older Cisco Catalyst 3560G with a noisy fan ...but we use that for a backup switch to plop into place in case of emergency.

Staying warm out there? Danged single digit temps over here.

Got some older PIX 501's I don't need ...should plop them up in the F/S forum.
 
You must log in or register to reply here.
Back
Top