Need some help with a switch setup

[Kaido]

I am replacing the network hardware in my workplace. We have three 24-port hubs right now. I am planning on upgrading to three 24-port 10/100 switches. We have a DSL line for basic Internet stuff (email mostly); I will be using a 4-port Linksys router with that. So the setup will be:

Linksys 4-port router -> Switch 1 -> Switch 2 -> Switch 3

The plan is just to replace the existing hubs with the new switches, and just run a cat5 between each of the switches and finally to the router. I've done this before on a smaller scale with 5 and 8 port hubs and switches, but never with something as large as a 24-port switch. Will this setup work just like the smaller stuff? Also, I was looking at this Dell 24-port switch:

PowerConnect 2224

Is that a good one?

 

[spidey07]

why not use 48 port 10/100/1000 switches and then just bond them with multiple gigabit connections?

I you have the need for 72 ports then you really need to be looking at a managed switch, something allows basic troubleshooting and features (like link aggregation/bonding, vlans, routing, etc)

The reason to suggest two 48 porters is - keep it simple.

If there is flac about the cost just explain that "that's the cost of doing business, just look at all the money spent on pcs and printers. What happens when the network gets flaky because of poor design, planning and the ability to pinpoint any problems quickly? Everybody loses. What happens if one machine is having trouble? Not much"

 

[ScottMac]

In addition to Spidey's suggestion of two 48 port swtches, I'd *strongly* suggest having "home runs" of each switch back to the central switch (which, in this case, is integrated into your "router").

Chaining hubs or switches is bad design and should be avaoided, if at all possible. If you're doing it to cover a distance greater than 100 meters, then consider a fiber link (with either a switch that has fiber uplink ports, or copper/fiber converters).

Unless all of those switches have a local resource that most users of that switch are using, you are aggregating (in this case) 24 - 48 ports worth of bandwidth into a single channel ... that goes to another 24-48 ports (adding their bandwidth utilization) going through yet another single channel. It's a congestion nightmare, and you have multiple single points of failure.

Also, consider geting a small commercial router instead of a SOHO / home-user special. Something like a Cisco 800 series ISR works great, and gives you commercial-grade NAT performance and throughput as well as a comercial-grade firewall (and VPN & wireless too, if you want it).

The argument in favor generally takes the form of "How much does it cost us if the network is down, the Internet is not available, yada yada yada ... it's a valid point and any manager that doesn't consider it is flirting with disaster.

.02

Scott

 

[InlineFive]

Originally posted by: ScottMac
Also, consider geting a small commercial router instead of a SOHO / home-user special. Something like a Cisco 800 series ISR works great, and gives you commercial-grade NAT performance and throughput as well as a comercial-grade firewall (and VPN & wireless too, if you want it).

I've always wondered, why aren't more solutions integrated? It seems simpler and easier to manage in my mind.

What are the reasons why one would want router and firewall as seperate devices?

 

[spidey07]

Originally posted by: InlineFive
I've always wondered, why aren't more solutions integrated? It seems simpler and easier to manage in my mind.

What are the reasons why one would want router and firewall as seperate devices?

Routers route.
Firewalls firewall.

Segregation of duties basically. Make a router try to be a firewall and it will go belly up for lack of processing. Make a firewall route and it will go belly up due to lack of resources.

It's all about duties/logging.

 

[InlineFive]

Originally posted by: spidey07

Originally posted by: InlineFive
I've always wondered, why aren't more solutions integrated? It seems simpler and easier to manage in my mind.

What are the reasons why one would want router and firewall as seperate devices?

Routers route.
Firewalls firewall.

Segregation of duties basically. Make a router try to be a firewall and it will go belly up for lack of processing. Make a firewall route and it will go belly up due to lack of resources.

It's all about duties/logging.

Okay, one issue I see with having the switches trunk back to a router is that the Cisco SMB routers only seem to have 10/100. Which would congest lots of traffic as scottmac pointed out above. Would an ideal situation be...

Firewall --> Router --> "mother" gigabit switch --> "baby" workgroup switches?

Even then I would think there is an issue with heavy traffic unless you trunk two gigabit links together for each "baby" switch.

 

[spidey07]

normal small business design is...

I---edge routers----3legged firewalsl-----internal

Meets most needs. Sure it's not the ultimate in security, but small business model don't have the staff nor resources to manages a more secure model.

 

[kevnich2]

Just my .02 here but my recommendation (if this is a small business setup) would be a smaller 8 or 16 port gigabit switch with cat6 drops to each of the switches. I would highly recommend a against a SOHO router because, as everyone said, business needs are not SOHO needs and your firewall/router will crap out on you. At my place we use a Sonicwall firewall along with a separate router for routing traffic (we have a T1 line though so it's a little different). If this isn't a small business setup, I'd look into a few 48 port managed switches. These switches should come with some sort of backplane for connecting multiple together. These backplanes don't cause any traffic "jams" and would save alot of headaches down the road.

 

[kevnich2]

Originally posted by: InlineFive

Originally posted by: spidey07

Originally posted by: InlineFive
I've always wondered, why aren't more solutions integrated? It seems simpler and easier to manage in my mind.

What are the reasons why one would want router and firewall as seperate devices?

Routers route.
Firewalls firewall.

Segregation of duties basically. Make a router try to be a firewall and it will go belly up for lack of processing. Make a firewall route and it will go belly up due to lack of resources.

It's all about duties/logging.

Okay, one issue I see with having the switches trunk back to a router is that the Cisco SMB routers only seem to have 10/100. Which would congest lots of traffic as scottmac pointed out above. Would an ideal situation be...

Firewall --> Router --> "mother" gigabit switch --> "baby" workgroup switches?

Even then I would think there is an issue with heavy traffic unless you trunk two gigabit links together for each "baby" switch.

You'll need to switch the firewall and the router around, the router routes packets between the internet circuit and the firewall. Other than that, it would work ok:

Router -> Firewall -> Backbone Gigabit switch -> "closet" switches

 

[James Bond]

Originally posted by: kevnich2
Router -> Firewall -> Backbone Gigabit switch -> "closet" switches

Yes! Someone got it right!

A few things some of the comments were right about:
Do NOT use a SOHO router. It will crash, and the nice network you're going to set up would be wasted; remember, your network is only as strong as the weakest link.

Do NOT chain the switches. Use gigabit cat-5 or gigabit fiber, and have them all lead to a backbone. Having the switches in a waterfall set up is going to completely bog down upper levels of traffic when it could be avoided.

 

[spidey07]

Originally posted by: Tizyler

Originally posted by: kevnich2
Router -> Firewall -> Backbone Gigabit switch -> "closet" switches

Yes! Someone got it right!

A few things some of the comments were right about:
Do NOT use a SOHO router. It will crash, and the nice network you're going to set up would be wasted; remember, your network is only as strong as the weakest link.

Do NOT chain the switches. Use gigabit cat-5 or gigabit fiber, and have them all lead to a backbone. Having the switches in a waterfall set up is going to completely bog down upper levels of traffic when it could be avoided.

But that setup offers no redundancy and a single point of failure. Just much better off to use cascade cables and setup a two switch core if you want to do that.

 

[InlineFive]

Originally posted by: spidey07

Originally posted by: Tizyler

Originally posted by: kevnich2
Router -> Firewall -> Backbone Gigabit switch -> "closet" switches

Yes! Someone got it right!

A few things some of the comments were right about:
Do NOT use a SOHO router. It will crash, and the nice network you're going to set up would be wasted; remember, your network is only as strong as the weakest link.

Do NOT chain the switches. Use gigabit cat-5 or gigabit fiber, and have them all lead to a backbone. Having the switches in a waterfall set up is going to completely bog down upper levels of traffic when it could be avoided.

But that setup offers no redundancy and a single point of failure. Just much better off to use cascade cables and setup a two switch core if you want to do that.

But to me that setup causes performance issues with each closet switch. Because many of the switches I see only have 2 Gigabit interfaces. And if you want to keep the network reasonably speedy I would trunk both of the interfaces.

But with two master switches you are slashing the bandwidth for 24 (or even 48) ports down to 1Gbps. Unless you go overkill and get models that have 4 Gigabit ports so you can trunk a 2Gbps channel back to each master switch. Unless (because my knowledge of the subject is limited, for now) it can still trunk both ports to create 2Gbps even though they go to different switches.

 

[kevnich2]

Originally posted by: spidey07

Originally posted by: Tizyler

Originally posted by: kevnich2
Router -> Firewall -> Backbone Gigabit switch -> "closet" switches

Yes! Someone got it right!

A few things some of the comments were right about:
Do NOT use a SOHO router. It will crash, and the nice network you're going to set up would be wasted; remember, your network is only as strong as the weakest link.

Do NOT chain the switches. Use gigabit cat-5 or gigabit fiber, and have them all lead to a backbone. Having the switches in a waterfall set up is going to completely bog down upper levels of traffic when it could be avoided.

But that setup offers no redundancy and a single point of failure. Just much better off to use cascade cables and setup a two switch core if you want to do that.

I agree, but if this is a small business setup, using cascading switches IMO is overkill. I'd rather get a very good, reliable switch and when it does fail, have a replacement. With my current setup, I can have dozens of replacements before it even closely reaches a fraction of the cost of cascading. Now in the instance of a much larger network where you need bandwidth management, the network absolutely cannot ever go down, yes, that IMO is the only option to deploy. As you said previously, most small businesses don't have the capital to be able to deploy a setup like this in most cases.