Upgrading network for VLANs and robust WiFi

[MeshFile]

So I have this network at work that needs to be upgraded for VLANs because we want to separate guest devices (Guest1-3 from the diagram below) and NIC teaming for a file server. Currently using layer2 switch only for all of them and consumer grade APs (router acting as AP only) with same settings except channels. Limit for number of devices will be on the lower 100s (no way of reaching 150 ever).

 

What model and brands of layer3 switches and APs would you use and their respective price?

[levibaker88]

If your work can afford it, Cisco make what you are after.

[MeshFile]

2 hours ago, levibaker88 said:

If your work can afford it, Cisco make what you are after.

Yes, but what models from Cisco that has functions that I need and nothing else? I've been given a budget but I'd rather not overspend If I only need to have VLANs and APs with wireless controllers.

[Mikensan]

No real need to replace the APs as you'd assign a VLAN the port that the AP is connected to. VLAN tagging is a pretty basic feature now, so I would expect even their lowest model business managed switch would suffice. You just have to determine what type of throughput you want and future growth/support.

When looking at specs, just look for 802.1q / vlan tagging support.

I've used D-Link, TRENDnet, and Cisco - slight curve transitioning between the three and managing VLANs. Cisco via CLI has been the easiest to understand, but more of a PITA configuring multiple ports than the web GUI of D-Link / Trend...

[brwainer]

If you only want three APs, you're going to need APs that support multiple SSIDs and per-SSID VLAN tagging. For your purposes I would recommend Ubiquity or Xclaim APs. Otherwise, in order to do your VLAN tagging based on the switch port the APs are connected to, you'd have to have separate APs for private and guest usage.

In either case you need switches that support VLANs. Any "Smart" switch I've seen, like Dlink or Netgear, can do this. Ubiquity I believe also makes some options in this space, and you can look at the the Mikrotik CRS line (Cloud Router Switch - a full normal switch with a SOHO router inserted as a bonus) as well. If you want to go more enterprise, you can look at HP switches, or even Cisco. there are many other brands  at each price point but I can only name the things I am familiar with and could personally recommend.

If your APs are doing your VLAN tagging based on SSIDs, then all your switches need to do is include the ports for the APs and the uplink to the core as tagged ports, and any attached workstations as untagged ports. If you are using seperate APs for private and guest, then the switch would have the AP ports as untagged as well.

Note that in all of this, I never once said "Layer 3 switch" (although the Mikrotik CRS line is technically a router and a switch smushed together). Layer 3 means it is doing something based on IP addresses, or it's doing VLAN assignment based on packet/traffic analysis (like separating out VOIP into a different VLAN). For what you've described, all you need is a Layer 2 switch (in other words, a normal switch) that has port-based VLAN capabilities.

[Blake]

2 hours ago, brwainer said:

If you only want three APs, you're going to need APs that support multiple SSIDs and per-SSID VLAN tagging. For your purposes I would recommend Ubiquity or Xclaim APs. Otherwise, in order to do your VLAN tagging based on the switch port the APs are connected to, you'd have to have separate APs for private and guest usage.

In either case you need switches that support VLANs. Any "Smart" switch I've seen, like Dlink or Netgear, can do this. Ubiquity I believe also makes some options in this space, and you can look at the the Mikrotik CRS line (Cloud Router Switch - a full normal switch with a SOHO router inserted as a bonus) as well. If you want to go more enterprise, you can look at HP switches, or even Cisco. there are many other brands  at each price point but I can only name the things I am familiar with and could personally recommend.

If your APs are doing your VLAN tagging based on SSIDs, then all your switches need to do is include the ports for the APs and the uplink to the core as tagged ports, and any attached workstations as untagged ports. If you are using seperate APs for private and guest, then the switch would have the AP ports as untagged as well.

Note that in all of this, I never once said "Layer 3 switch" (although the Mikrotik CRS line is technically a router and a switch smushed together). Layer 3 means it is doing something based on IP addresses, or it's doing VLAN assignment based on packet/traffic analysis (like separating out VOIP into a different VLAN). For what you've described, all you need is a Layer 2 switch (in other words, a normal switch) that has port-based VLAN capabilities.

Can confirm, We use ubiquity, set one SSID to use the Guest VLAN and the other to use the internal VLAN.

[MeshFile]

4 hours ago, brwainer said:

If you only want three APs, you're going to need APs that support multiple SSIDs and per-SSID VLAN tagging. For your purposes I would recommend Ubiquity or Xclaim APs. Otherwise, in order to do your VLAN tagging based on the switch port the APs are connected to, you'd have to have separate APs for private and guest usage.

In either case you need switches that support VLANs. Any "Smart" switch I've seen, like Dlink or Netgear, can do this. Ubiquity I believe also makes some options in this space, and you can look at the the Mikrotik CRS line (Cloud Router Switch - a full normal switch with a SOHO router inserted as a bonus) as well. If you want to go more enterprise, you can look at HP switches, or even Cisco. there are many other brands  at each price point but I can only name the things I am familiar with and could personally recommend.

If your APs are doing your VLAN tagging based on SSIDs, then all your switches need to do is include the ports for the APs and the uplink to the core as tagged ports, and any attached workstations as untagged ports. If you are using seperate APs for private and guest, then the switch would have the AP ports as untagged as well.

Note that in all of this, I never once said "Layer 3 switch" (although the Mikrotik CRS line is technically a router and a switch smushed together). Layer 3 means it is doing something based on IP addresses, or it's doing VLAN assignment based on packet/traffic analysis (like separating out VOIP into a different VLAN). For what you've described, all you need is a Layer 2 switch (in other words, a normal switch) that has port-based VLAN capabilities.

Thanks for the insight. I'll note some of it for building my argument.

I may not have been specific about the network setup. A single AP on the diagram represent a site where I need reliable WiFi coverage for conference room, etc. While some of them strangely has only 1 network patch panel forcing me to use 1 physical AP and give out internal and guest WiFi SSIDs, some of them have lots of network patches.

For the switches, I'll go with layer2 with port-based VLAN, but I was wondering if I can just get one and use it as the main switch (Switch1) while use the existing hardware for the rest.

There's multiple ways on how to approach a solution for this and it will be up to management if it gets approved or not. It will depend how good my arguments will be.

[brwainer]

1 hour ago, MeshFile said:

Thanks for the insight. I'll note some of it for building my argument.

I may not have been specific about the network setup. A single AP on the diagram represent a site where I need reliable WiFi coverage for conference room, etc. While some of them strangely has only 1 network patch panel forcing me to use 1 physical AP and give out internal and guest WiFi SSIDs, some of them have lots of network patches.

For the switches, I'll go with layer2 with port-based VLAN, but I was wondering if I can just get one and use it as the main switch (Switch1) while use the existing hardware for the rest.

There's multiple ways on how to approach a solution for this and it will be up to management if it gets approved or not. It will depend how good my arguments will be.

if you want to use port based VLANs (i.e. a separate AP for each SSID in a location) then the port the AP plugs into has to be the one doing the VLAN tagging. you need to keep all traffic seperate in every switch, so every switch needs to support VLANs. This doesn't change if the APs are doing VLAN tagging either.

[Mikensan]

I believe I see 2950 in your diagram just peeking out, and 2950s support vlans. 

[MeshFile]

On 2/2/2016 at 2:32 AM, Mikensan said:

I believe I see 2950 in your diagram just peeking out, and 2950s support vlans. 

I've only used 2950s on packet tracer as there's no unmanaged one available.

 

On 2/2/2016 at 3:16 PM, brwainer said:

if you want to use port based VLANs (i.e. a separate AP for each SSID in a location) then the port the AP plugs into has to be the one doing the VLAN tagging. you need to keep all traffic seperate in every switch, so every switch needs to support VLANs. This doesn't change if the APs are doing VLAN tagging either.

I see. I'll have to replace all switch to a VLAN capable one. I've also found out that there's at least 5 switches I need to replace, not just 3.

 

I've been looking into HP 1810 Switch Series specifically the HP 1810-24 v2 and the SG200-26FP. Let me know if it's a sound selection so far or there's better options.

I haven't looked over options for APs. I'll update this post when I found something.

 

I'm going with UAP-PRO for APs as I don't want to deal with yearly licensing on it and SG300-28 for switches as I still need ACL; only a few bump in price going to SG300s.

Edited February 5, 2016 by MeshFile
Found APs

[brwainer]

6 minutes ago, MeshFile said:

I've only used 2950s on packet tracer as there's no unmanaged one available.

 

I see. I'll have to replace all switch to a VLAN capable one. I've also found out that there's at least 5 switches I need to replace, not just 3.

 

I've been looking into HP 1810 Switch Series specifically the HP 1810-24 v2 and the SG200-26FP. Let me know if it's a sound selection so far or there's better options.

I haven't looked over options for APs. I'll update this post when I found something.

the HP you named is a solid choice for a switch that really just needs to do VLANs. the Cisco you named is also a good choice, but I believe there are cheaper HPs out there if you need a POE switch. I know HP makes some that aren't full POE, but only POE on the first 8 or 12 ports.

[leadeater]

1 hour ago, MeshFile said:

I've only used 2950s on packet tracer as there's no unmanaged one available.

 

I see. I'll have to replace all switch to a VLAN capable one. I've also found out that there's at least 5 switches I need to replace, not just 3.

 

I've been looking into HP 1810 Switch Series specifically the HP 1810-24 v2 and the SG200-26FP. Let me know if it's a sound selection so far or there's better options.

I haven't looked over options for APs. I'll update this post when I found something.

I use SG300 at home for my lab env but I am using the basic L3 static routing features of it. Solid unit and been working for years non stop. HP is also good but we have had many issues at work with them and likely going to change back to Cisco at some point, or something else. Our issues are rather specific though and probably won't apply to your setup so don't read to much in to it.

[MeshFile]

Updated my post on what gears I'm proposing to get.

[brwainer]

I think you're good with that combo, but the UAP-AC-PRO is more capable and cheaper. I think anyone selling the UAP-PRO still is selling their old stock. I'm not aware of any reason why the UAP-PRO is a better choice.

[MeshFile]

9 hours ago, brwainer said:

I think you're good with that combo, but the UAP-AC-PRO is more capable and cheaper. I think anyone selling the UAP-PRO still is selling their old stock. I'm not aware of any reason why the UAP-PRO is a better choice.

All wireless devices provisioned and their BYOD are all N devices. Even if there's a few BYOD devices that are AC capable, they're likely just 1x1 client.

 

After looking into the price of the AC unit, not much difference. I might get 1 out of 5 or 7 but not of a priority.

[brwainer]

3 hours ago, MeshFile said:

All wireless devices provisioned and their BYOD are all N devices. Even if there's a few BYOD devices that are AC capable, they're likely just 1x1 client.

 

After looking into the price of the AC unit, not much difference. I might get 1 out of 5 or 7 but not of a priority.

Even N clients experience better service on AC APs, because the newer chipsets in the AC APs are better optimized all around. Also I'm not sure what you mean by cost wise, when I look at the UAP-PRO, I see it being sold for $200+, whereas the UAP-AC-PRO is $150

[MeshFile]

6 hours ago, brwainer said:

Even N clients experience better service on AC APs, because the newer chipsets in the AC APs are better optimized all around. Also I'm not sure what you mean by cost wise, when I look at the UAP-PRO, I see it being sold for $200+, whereas the UAP-AC-PRO is $150

Can you give me the links like amazon or similar that is quite accurate on pricing? If the ACs are more cheaper, I'll go with them.

[brwainer]

All I did was go to Amazon and search for "UAP-PRO" and then search for "UAP-AC-PRO" and I found my prices above. If you find different prices, those are the prices you need to go with.