We're moving into an office much of which we don't need right
away so we'll be subletting suites to potentially as many as
five subletters.

The suites in our office all have their own ethernet jacks;
22 cables (after a day rewiring the basement) pop up through the
floor in our server room. Each suite has a single network
jack -- our area (plus common areas) has 17.

We want to bundle Internet access with the suites, but we want
to make sure that the subletters' networks stay separate from
each other and us. At this point, we don't know whether we'll
have 5 separate subletters in the 5 available suites, or if one
subletter will take more than one.

Our Internet feed comes in from a Cisco 3640 via ethernet from
an office upstairs (they handle the BGP4 routing and port blocking).

Our tentative plan is a lower-end Cisco router to handle NAT and a VLAN-capable switch to separate the networks. Another option
would be a Linux box with 6 network cards as a gateway server
and a non-managed switch for our area.

We need to monitor bandwidth utilization of our subletters of
course.


Opinions?

--J

For monitoring bandwidth, try out http://www.bandmin.org/ (although that URL is outdated..do a search on these forums for "bandwidth monitoring" and it will give the new url)

Keep your Cisco. Set up SNMP/RMON capabilities for the ports (whether or not you VLAN). Then use MRTG to monitor the bandwidth. If you move to the Linux solution, you'll loose performance, monitoring capabilities, and bandwidth. If you still want to go with a PC solution, use FreeBSD - not Linux. FreeBSD uses the BSD kernel which is used in most routing devices these days (ie, F5 Labs' BigIP series). You'll find supporting the network hardware solution less of a headache than the many potential pitfalls of Linux. Yes, I know network hardware has pitfalls as well, by they are by and large magnitudes less than a PC solution.

BTW, MRTG is used by most datacenters to monitor their customers bandwidth. It's pretty straight forward and since you are using Cisco it will be well supported.

So Karyn,

You're suggesting we pick up a Cisco 2600 for the 3640 to plug into? We don't have any administrative control over the 3640.

So then we'd have our Internet feed coming in from the 3640 into the 2600 (doing NAT), and from there out to multiple cheap switches or a VLAN switch for the different office suites.

Or can some switches do NAT?

Yes, we'd planned on using MRTG for monitoring.

Thanks.

Sorry I missed that. I thought the existing 3600 was yours. The 2600 is just a router, you'll need a hub or a switch anyways.

FYI, the 2600s are good little routers for a under-utilized T1s or closed LANs, but if your going to throw NAT on it and share it in a professional environment, you'll find a rapidly growing disturbance in the force.

Since you are getting a 10/100 feed from the basement, just get a Cisco 2924 which is a good little switch with all the whistles and bells you need. If the Cisco pricing doesn't do it for you, you could also look at 3Coms Superstack II series... just watch out for their 10/100 models. I've seen a few people get bit with the model that has 24 ethernet ports (10bT) and only two fast ethernet (100bT) ports. These two low end switch solutions have the VLAN (even 802.1q VLAN) support, RMON/SNMP support, and forwarding support you need in an affordable (to small businesses) range and can keep up with what they are built to serve.

Additionally, there is a lot of info and freebie help out there for configuring them.

Awesome Karyn, thanks.

The reason I mentioned the 2600 is that we may have an opportunity to get one really cheap here in the next few days. But if it's not the right tool for the job, I'll forget that.

So the Cisco 2924 is a switch that does NAT and can keep different networks separate from each other? If so, that's all we'd need... just plug the 22 ethernet cables (and our Internet feed) into it and configure it to keep the subletted suites separate from our network and each other?

Thanks again,

I've set up quite a few colocation customer with this product in datacenters that I've worked for. Their has not been any complaints. Its configuration is straight forward Cisco catalyst and yes, it does everything that you've mentioned you are looking for including NAT.

Originally posted by magnafix
Our tentative plan is a lower-end Cisco router to handle NAT and a VLAN-capable switch to separate the networks. Another option
would be a Linux box with 6 network cards as a gateway server
and a non-managed switch for our area.

Opinions?

--J


..might want to try freeCISCO http://freesco.org