Small hotel with a switch question.

[hpesik]

Background info. I'm running a small family owned hotel (in a remote village in Indonesia) and i have 15 IP cameras and 3 AP for guest, all connected to the same switch.

 

This 8 port 10/100. (TL-SF1008D)

One port connects to the internet router (load balance), One of the port is used by the IP camera DVR/PC (using ISPY) and goes from 20 - 30 Mbps (not recording) to 60 - 70 Mbps (When all recording) plus on top of that i have 3 AP. connected to the same switch and each limited to 10 Mbps. and one AP for the family (at least 3-4 devices at one time).

 

Problems come when the hotel is full, the guest complain that their internet is choppy, the connections from the PC to the some of the IP cameras drops and the family AP also suffers.

So what I'm asking is, is my conclusion right that my problems comes from the fact that i have too much bandwidth going through this one switch and that i should buy another switch and separate the IP camera and AP connections.

i'm asking this is because I didn't want to waste money on something that wouldn't help and just sit in storage.

 

thanks in advance for the help.

[Kilrah]

Yes. And you definitely don't want your security stuff anywhere near the same network customers use in the first place...

[Caennanu]

what Kilrah said.

Get a switch that supports 1Gbps, and at the least have your camera's and home network on a seperate Vlan.

you don't want customers on either of them.

 

Also, customers experience might be due to your actual bandwidth from the provider. So depending on your connection, you may also need to upgrade that to support more bandwidth to the outside world.

[Ben17]

@hpesik

 

btw remember to @ people or quote them or they don't always see your message

[PineyCreek]

VLANs are a good thing if you can configure them with your network gear.  Also keep in mind that not all switches are created equal.  Some switches can't maintain full wirespeed on all ports simultaneously, so that's another potential source of bottleneck.  Get a gigabit switch.  Dumb unmanaged switches are cheap.

 

Make sure your guest wifi's on a different vlan or network than your internal/IP cam network.  Block off the routing in some fashion (vlan, manual route entries, firewall, etc.)...you don't want your guests to even SEE your internal devices on a scan even if they know the subnet you're using.  You're asking for trouble otherwise.

[hpesik]

6 hours ago, Kilrah said:

Yes. And you definitely don't want your security stuff anywhere near the same network customers use in the first place...

Thx and will do. I was constrained by cost and needed to do it quick to get WiFi to all the rooms

5 hours ago, Caennanu said:

what Kilrah said.

Get a switch that supports 1Gbps, and at the least have your camera's and home network on a seperate Vlan.

you don't want customers on either of them.

 

Also, customers experience might be due to your actual bandwidth from the provider. So depending on your connection, you may also need to upgrade that to support more bandwidth to the outside world.

yea also one of the issue is upload speed. going to combine 2 ISP in the future

4 hours ago, PineyCreek said:

VLANs are a good thing if you can configure them with your network gear.  Also keep in mind that not all switches are created equal.  Some switches can't maintain full wirespeed on all ports simultaneously, so that's another potential source of bottleneck.  Get a gigabit switch.  Dumb unmanaged switches are cheap.

 

Make sure your guest wifi's on a different vlan or network than your internal/IP cam network.  Block off the routing in some fashion (vlan, manual route entries, firewall, etc.)...you don't want your guests to even SEE your internal devices on a scan even if they know the subnet you're using.  You're asking for trouble otherwise.

"Some switches can't maintain full wirespeed on all ports simultaneously" this what i was thinking but didn't know if it was fact.

 

"Get a gigabit switch.  Dumb unmanaged switches are cheap." so like even though some of my peripherals aren't gigabit the overhead in the switch network speed between the ports wont cause a bottleneck... right?

 

On the VLAN thing

 

Can i get VLAN working on the same subnet?

do i need to use seperate Lan socket for each VLAN?

if yes, can i plug the two sockets to the same switch and give my peripherals static IP to set which VLAN they can access? 

 

 

thank you all for the replies.

[beersykins]

1 hour ago, hpesik said:

Can i get VLAN working on the same subnet?

do i need to use seperate Lan socket for each VLAN?

if yes, can i plug the two sockets to the same switch and give my peripherals static IP to set which VLAN they can access? 

 

 

thank you all for the replies.

You'd need a different subnet for each VLAN, ideally.  That way you can isolate traffic between the two with something like an access list or firewall policy.  You can theoretically overlay different IP space on the same VLAN/broadcast-domain, but that gives you nothing for separation.

 

How big is the hotel and how many clients do you have?  3 APs is probably a pretty sparse environment depending on size and density.  What model of AP are you using?