Network upgrade

I've been asked to put together a proposal for replacing hubs with switches at a branch office. I need 2 different solutions to the following situation:

* The company has a branch location still using an Ethernet hub network. Congestion issues are getting to be a serious problem as more and more services are being added to the network.Currently each of the four floors has one or more hubs in a wiring closet supporting 30-35 computers except the ground floor, which has 65 computers.

*The four floors plug into an 8-port switch that was added earlier to reduce the congestion problems. While that solution was a major improvement it cannot keep up all of the time anymore. The Two servers and router to the internet also connect to the 8-port switch.

*The Branch cabling is relatively new and certified to category 5 standards. The company is not interested in any major cabling changes at this time.

*At least 75% of the 160 current workstations have NICs with 10/100, full duplex capabilities. All Laptop computers have newer NICs. All new machines include similar NICs.

*Need to consider what should be done with the existing switch. Are there higher bandwidth options for connecting the two servers?

Any suggestions would be greatly appreciated. Thanks in advance....

Most of our servers are on 100Mbit. But some of the more heavier loaded ones are on 1000Mbit.

I would place one or more managed 10/100Mbit switches on each floor. Cat.5 is max. 100Mbit and should be enough for the client PCs. Use 1000Mbit fibre to connect all the switches to a central switch/router. This would involve a little recabling for the fibre but it's well worth it.

As for types of switches, if budget permits go for something like the Cisco Catalist 4/5/6000 series. These come in different sizes and will allow you to add blades when needed. You can segment your network using VLANs (I'd go for a VLAN per floor) to keep your broadcast domains in check..

So just replace each hub with a 8-port switch on all floors?

How are you going to connect 30-35 computers to one 8 port switch?

I'm talking about an (at least) 48 port switch for each floor. Perhaps switches with even more ports so your network is able to grow.

Change all the hubs out on each floor with a higher end manged switch, use a cat 4/5/6000 series router as a central point for all the network. segment each floor into its own vlan. switch everything to atleast 100Mb full duplex, upgrade the cards that are not capable of this speed. Then if possible use a program like solarwinds to monitor all switches and servers, look for bottle necks and if needed set up a second switch at that point for load balancing. also use something like snort to monitor traffic and for early warning of malware infections. As usual keep everything up to date.

Thanks for the feedback. Does anyone know a good site with detailed specs and pricing of switches? I'm more interested in comparing specific switches in terms of price and performance

www.cisco.com

=)

Solarwinds is nice for monitoring. Other options to monitor your bandwidth usage are MRTG and NRG.

How many switches am I looking at all up? and will this upgrade raise any security concerns?

Lets see.. 1 48-port for each floor. 2 48-ports for the ground floor. 1 12-ports for your servers (you're probably going to add servers in the near future). Connect all these and your Internet router to a 12-ports switch. All switches are managed ofcourse. Layer3 if possible.

That makes 6 48-port switches and 2 12-port switches.
Unless the ground floor is one of the four floors. Then it would be 5 48-port switches.

Security concerns? Not really, it'll improve that's for sure... Because you're getting rid of those hubs.. Any kid can monitor traffic on a hub. It's slightly more complicated on a switch (but not impossible!).

Simply replacing the hubs with switches is a bandaid approach that will once again fall off and require another bandaid.

If all they want is a simple change of hardware, then sell them some switches and be done with it.

But I would not go that route. Not at all.

I would sell them on allowing me to fix the problem once and for all, after a study of traffic volume and priority, security needs and future projected growth needs. Rome wasn't built in a day and neither is a lasting solution.

The best approach to fix their problem is to create a paper plan based on employee gripes, traffic analysis, existing network configuration documents and a couple of building walkarounds with a knowledgable manager. If you want to really fix this problem, you have to get a "lay of the land", ask alot of questions and that means interfacing (connecting) with the people that are gonna live with your solution. Nobody knows the network gripes/needs better than the people who use it.

You use that paper plan to segregate traffic using switches, Vlans, routers with the existing wiring.

It's always a safe bet going that:
1) Too many employees are Internet surfing
2) That alot of traffic comes from Spyware/Adware/Non-work related...
3) That the network was not properly planned and documented (think congestion points)
4) That if they keep bandaid fixing it, one day it'll simply implode (figuratively speaking)
5) They have no idea of the costs incurred by company downtime based on a faulty network infrastructure.

Before you give them a proposal, I'd do my best to convince them a network analysis is the only way to go, before equipment is put into place.

Remember if you sell them a high dollar solution that later needs revamping, customer satisfaction and trust goes down the tubes.

Just my quick thoughts.

This question is strangely familiar to a question in the CCNA Lab companion workbook

ZT3000 does make a good point. But right now the OBVIOUS problem is the hardware is not up to par for the work load. Monitoring the network will be MUCH easier once it is segmented correctly and you have proper hardware in place. One that is done you can drop a sniffer box on the network somewhere and monitor each vlan on its own (I said this all in my first reply BTW) Networking monitoring and policy management is a beast on its own, and changing the hardware is far from just a bandaid. Its a pain to use unmanages switches and hubs if you really want to do GOOD monitoring. especially in set up where everything is in one domain. You cant control nearly as much and you cant fix a problem when it is found nearly as easily.

I do fully agree that the company should do a full network analysis/audit before dropping this kind of cash. that way you can get an optimum solution for the problem rather than a generic one.

Would anyone recommend any of the cat 29XX or 35xx switches. Or any other specific recommendations

the 2900 series are great, we use them alot where i work. they are great mid range switches, we have them so sgment each floor of our main building, and also use them at remote sites often.

Ok, like many have said, the prefered setup would be managed switches on the floors, configured with vlans, with a layer 3 core switch to connect all the access switches, and route between vlans. Preferably you'd have gigabit uplinks; while fiber is nice but pricy, unless you have really long distances to go, good quality Cat5e or Cat6 cabling for these would do fine.

That being said, I'm most certainly sure that the suggestion of 4/5/6000 series is WAY overkill and WAY over budget (concidering they're still running hubs!)... I myself have used a catalyst 3550 series which are featurefull but much less pricy. And while the cisco brand is nice and sounds leet, consider alternatives like the HP procurves (1/4th the price of ciscos per port) or Foundry Networks for "brand" alternatives or even d-links (which work nicely with a more than sufficiant featureset without the brand price) if money doesn't allow.


Ammo

D-Link sucks... cisco is prcey but is also the industry standard. 3com does make some cheaper alternatives, and we use those also, specifcly the superstack series for lower end work. The reason I suggested the cat5000 series is becasue it leave you alot of room for expansion, but the 3000 series would be sufficient.

The cat5000 series is a bit out of the price range i was after. Thanks for the suggestions guys. I'm sort of comparing prices at the moment. What would be a decent price for a 29XX 48 port switch?

Id check ebay, we have been very successful in picking up cheap gear there among other places.

New equipment is all over the net. Throw a stone and you hit 25 resellers and the rebound get's the used/auction sellers.

I prefer established sites that have a reputation for dealing with corporate clients who demand more from their vendors...the problem is you usually don't get the rock bottom price from these sites. http://www.cdw.com/ is a perfect example.

There are a LOT of good suggestions here. ZT3k makes a good counterpoint, but you really need to think about your audience. If you are in the unfortunate position of being the IT monkey aka digital janitor aka tech dude who we hired as an intern and won't go away... Anyway, if you are in a position like this, they probably aren't willing to listen to a lot of input on the results of your usage analysis and long term reccomendations. It's the right way to go, but if it's not what they want to hear, and you don't have the ability to change their mind, then SirDice has given you some clear cut examples of what to consider. You definitely want switches on each floor, with vlan'd segments and top-of-the-tree switches/routers at your PoP. Servers shoudl absolutely be on a separate segment, and while you're at it you should consider where you would place sensors and such (if you don't currently have IDS in place.)

Best of luck, and let us know how things go.

Oh and dont forget the firewall. I am very fond of the PIX line of cisco firewalls myself.