[zx10guy]

That's good. Apparently, you already have some sort of patch panel already in place. Yes, you won't need the couplers I linked.

My concern is I know how much those things go for. I have never seen gear like this discounted that heavily; even from resellers who buy inventory from bankrupt companies. Even though this person has 100% feedback, I would still question the origins of the inventory he has...ie get the story behind how he has them and why he's selling them. I looked at his other auctions and it looks like a mix match of stuff. I also tried to get info for other items he's sold recently and couldn't get anything from the posted feedback.

[zx10guy]

One other thing. Doing on the cheap has its limits. Sometimes doing things on the cheap ends up costing you more in the end. Those that are controlling the purse strings need to understand you need to do it right and you're not asking for frivilous stuff like a chasis based switch.

To put things in perspective that they might understand. Ask them if they are ok if their doctors decide to save some money and re-use needles between patients.

[master4g]

For the Info: I went ahead and order two of those signamax fiber to ethernet converters. Now i just need to order those SC to ST cables. Anyways, i went and took photos of the cables. These are ST, right? (sorry one of the photos are unclear

[JohnWill]

I have a stupid question here. Since this is just for Internet access, and you have seven buildings, why is the 10mbit link to the apartments considered a problem? I would think that would almost work out as a natural barrier to any bandwidth hogs that might attempt to suck up a majority of the bandwidth.

I'd certainly replace the main hub that feeds the others with a switch fed with at least a 100mbit connection, but I think I'd think twice about the others. You may have a better situation with some bandwidth limiting in place.

[master4g]

Hey. You have a very good point there. Maybe you saw my other post about a managed switch. I was looking for another way to do some sort of bandwidth limiting possibly by user, not port.

These hubs were installed in the buildings in the 90's and in the end of the day...they are hubs. Lately we have been having a lot of problems with dropped packets and collisions i guess. many times we have to press refresh once in a while for a page to actully load. I would like at least swaping them with switches and then do the bandwidth limiting from a managed switch or the like from the main spot. I have currently set up an unmanaged switch at the main location and it does seem to have made quite some difference already, but I would like to put swiches in all the buildings.. What do you think? Do you have any experience with any other type of bandwitdth monitoring/limiting device? router or managed swtich?

[JohnWill]

Well, managed switches would do the trick, but they're not going to be cheap. I'll wait for zx10guy to comment on the single switch to do the bandwidth management, I suspect he'll have more details on exact models and options. If you can do the bandwidth management for all connections at a single point, that clearly will keep the costs down. Inexpensive unmanaged switches would be sufficient for the individual buildings in that case.

As far as the fiber connector, it sure looks like an ST connection from the pictures.

[zx10guy]

Yes, the connection is an ST end.

As far as QoS, I haven't done a wide scale deployment. I've done some QoS setups where I needed to throttle down a particular connection to a server using ACL rule on a Cisco switch.

If you're focusing on doing it on a managed switch, you're looking at CoS and not QoS. This applies to straight layer 2 managed switches. Layer 3 switches add in QoS capability as they are more IP "aware." CoS or class of service goes by priorities and you can set up groupings of ports which have a higher priority over other ports or ports assigned to a lower level of CoS. How much flexibility you have in terms of declaring a particular CoS level gets so much bandwidth is dependent on the switch.

I like John's outside the box look at this. If you establish 10 Mbit connections, you provide a built in bandwidth management for all connections. So I would get a managed for each building which chokes down the connection at given point as you can manually set a port of that switch to run at 10 Mbit.

[JohnWill]

Would those Dell 2708 switches do this job? They're pretty cheap.

[zx10guy]

Yes, any managed switch will have the ability to force the connection speed on any of its ports.

[JohnWill]

That would certainly be reasonably cost effective. Even moving up to the 16 port ones would work if more ports are required.

The only issue is the fiber link...

[master4g]

Thanks. It might be best to just get a managed switch as the main switch and then control the speed from there. Adding 16 port managed switches to each building would be beyond my budget.

Also, one clarification I would like to make is that when I say block off a port, i don't mean the actual port on the back of the switch, i meant a internet port like to block off ftp then to block port 21 (i think).

I linked a managed switch on the other thread, the Linksys SRW208. some of the things listed in the description:

*The SRW208 is able to secure the network through 802.1X port authentication and MAC Filtering. 802.1X requires client to authenticate themselves before the port will pass data.
*Simplified QoS management enabled by advanced queuing techniques using 802.1p, Diffserv or ToS traffic prioritization specifications
*With the enhanced QoS and traffic management features in the SRW208, voice data can be prioritized, ensuring clear and reliable voice communications.
http://www.digiconcepts.com/linksys_...witches_03.htm

One main question I still have is, can i make these traffic/blocking rules by ip address (even though there will be an unmanaged switch between this mananged one and the actual user)? Ive never played around with QOS, so Im not sure, but can i make several groups of users . For example: the IP's 10.214.6.100 - 10.214.6.150 all go into a group and they can only browse at speeds of 5mbps each (or their traffic would be low priority if others submit a request at the same time). ?

[zx10guy]

No. QoS has nothing to do with ACLs (access control lists.) QoS focuses on traffic prioritization and shaping. ACLs are for control of traffic either permitting or denying. Layer 2 switches can only do permits and denies based on MAC address only. Layer 3 switches can add to this to do ACLs on IP address and port.

If you want to add egress traffic control, then you'll have to do it at the router. Adding a layer 3 switch isn't a quick answer either. For one layer 3 switches are many times more expensive than layer 2 managed switches. Add to it the complexity of setting one up and the need to properly design your network for proper integration.

[zx10guy]

So here's another option. It does require money to be spent but provides the best combination of features for the price. The only draw back is that the device doesn't support QoS. The device I'm talking about is a Cisco ASA 5505. It provides a very good SPI firewall which allows ACLs to be created both in bound and out bound. It also includes a 8 port managed switch. The 8 port switch built into the 5505 is practically a Catalyst 2960 switch minus some managed features. You can wire up your unmanaged switches to the ports on the 5505 and then do a forced 10 Mbit speed setting.

The drawback is the 5505 costs some money. It'll certainly blow your budget. But like I said, to do this right based on all the things you're asking, you have to spend a certain amount. Provantage has the 5505 for $362 which about the cheapest you're going to find this firewall for through legitmate channels.

[JohnWill]

Truthfully, it simply isn't realistic to solve this kind of issue on a shoestring. If you're really that limited, I'd leave it the way it is and live with it. You're trying to put band-aids on bullet wounds by cutting corners too much here.

[zx10guy]

Quote:

Originally Posted by JohnWill

Truthfully, it simply isn't realistic to solve this kind of issue on a shoestring. If you're really that limited, I'd leave it the way it is and live with it. You're trying to put band-aids on bullet wounds by cutting corners too much here.

Agreed. And the hidden cost behind cutting corners is lost on the bean counters. I can't tell you how much more a company ends up spending cutting corners initially versus biting the bullet and doing it right the first time with the proper equipment. The hidden costs which gets lost with them is labor. In many ways, labor is usually more expensive than the gear in question. Add to this the productivity time lost due to network/systems issues and that $1 bargain basket solution doesn't look so cheap any more. Then when they get so frustrated that things are not working right, you all get to do it again the right way. So now you're repeating work that should have been done the first time AND spending more money as you're paying for the labor time and the proper equipment.