I am seeking advice on our planned network project.
Our network comprises of a mixture of unmanaged and smart managed switches and building connecting by media converters mainly at 100mb and some 1gbs.
We have 16 unifi APs broadcasting a single SSID with the controller software running on a linux VM.
We are planning to introduce our own and students tablets into our network from September 2013 and I am seeking advice in a proposal to manage these devices in our current environment.
What considerations do we need to look out for please with regards to upgrading the network?
We use lightspeed TTC for a web filter.
Well it all depends on (as usual) how much money you have to play with.
Firstly, I would get rid of your unmanaged switches and put in managed ones, then get rid of your media converters (if poss - I know its not always viable)(Are you running fibre between buildings?) Then I would VLAN your network to accommedate the BYOD. Keep those pesky things off the main network :)
Thanks for the reply, with the budget in mind I was hoping to keep the cost down and upgrade the core switch so the fibre connections between building can be be upgraded to 1gb (if the core is an option to be replaced).
Am I correct in thinking that we can connect unmanaged switches to managed vlan'd switches if the down stream traffic of the same type (port tagged with student vlan and pass traffic to unmanaged switch with student devices plugged in)?
How do you publish resources to the BYOD network, from research I was thinking vlans, Microsoft Network Policy server and direct traffic to a captive portal publishing a website with resource links both internal and external.
What environment do you have (and tablets)?
Yes you can connect an unmanaged to an untagged vlan port but every port on the unmanaged will be in that vlan. Obviously this is no good if that switch serves domain workstations.
trying to understand vlans better.
if the port from the managed switch is tagged with say vlan10 for printer every device plugged into the unmanaged switch will pass back to the managed port as vlan10?
Me and @john have recently completed big infrastructure upgrade projects. If you can give us an idea of your layout - we can give you pointers on some of the best ways of doing it. Worth a chat to @Net-Ctrl too, which were our partners. Having a partner on board can help with the tricky matter of cost vs benefits...
Some manufacturers use different terminology so you may hear "tagged" and "trunked" being used interchangeably.
Tagged/trunk ports are used to carry multiple VLANs between switches, routers and wireless access points (where there are multiple SSIDs accosciated to multiple VLANs - as you will be doing). Also servers can be connected to tagged ports so that they can have multiple IPs connected to each VLAN - on Windows you will need special network software/drivers such as broadcoms BACS.
Untagged is what your client devices are connected to. Any traffic exiting the switch will be "untagged" and sent to the client. Any traffic coming into the switch will be tagged with the VLAN ID.
Example - a client wants to access a server on the same VLAN two switch hops away. The server is connected to an untagged port. (Dashed line means a cable, underscore means within the same switch)
Client ---> untagged port on switch 1 ___> tagged/trunk port ---> tagged/trunk port on switch 2 ___> untagged port on switch 2 ----> server
Hope you follow that. Basically the client sent a frame. It enters the switch on an untagged port. The switch knows that port is on VLAN 10 for example and tags that frame. It then passes it out of a trunk/tagged port to the next switch. Switch 2 receives the frame on its tagged port. The switch knows the server is on an untagged port so strips the tag from the frame and forwards it on.
For traffic to move between different VLANs you will need a router or layer 3 switch (if you are upgrading your core get a L3 switch, the price difference isn't much now).
All VLANs will have a different subnet on them.
A frame with a VLAN tag can only leave a switch on a trunk or on a port which is untagged with that VLAN ID (unless the L3 switch changes the packets VLAN ID)
Thanks for the explanation, things are beginning to make sense.
Would you like me to send you a copy of my network diagram might be easier.
bear in mind that if you arre going to Vlans you will need a router that can do vlan trunking (Router on a stick ) or layer 3 switch to provide interconnectivity between the Vlans.
If I was doing it again in a new environment I would buy up some Cisco 3560's off ebay second hand. ( perhaps with a couple of spares ) for the distro and edge switches. Core Switch would depend on the size of the network.
I second this and wouldn't think twice about going used for Cisco equipment. I've got about 40 or so managed Cisco switches in my environment and we've only had to replace one in their ten years of duty. The one that fried was due to a lightning strike hitting an outside IP camera mounted on a poll. :D It stopped at the switchport and nothing else was affected. I did get some cool video from the other outdoor cameras too.
Originally Posted by twin--turbo
Would be cool to see that if you still have it? :)
Originally Posted by Duke5A
Hi @somerset_tech , hope your project is coming on well, if you need any assistance or would like to talk through your project and plans with one of the guys here i can happily set something up or if you're at BETT next week were on stand D55. The guys here have done countless projects and have a wealth of experience, hopefully they can answer any unanswered questions you may have.
Good luck with it all! (sorry for tardy response, my days and nights have been dedicated to making sure we dont have a naked BETT stand :) )
I would consider Juniper, HP or Cisco for the switching side they fight each other for the best deal.