[Pc_Support] Entry-level Layer-2 and Layer-3 Managed Switches ... $200-400 nowdays ...

Bryan J. Smith b.j.smith at ieee.org
Fri Sep 23 00:38:59 EDT 2005 

I've recently had a few, various posts come up on other
lists.  In a nutshell, the typical solutions someone already
had in their mind was to NAT/PAT themselves (be it with a
Linux-based Linksys 'Ritter, or maybe a PC with Linux) from
the rest of their corporate network.  As much as I would want
to take a gun to their head if I was the netadmins of those
networks, I have been trying to steer people away from such
nightmare, poor performing and otherwise troublemaking
solutions.

Cisco has all but killed Linksys' former Layer-2 and Layer-3
Managed Switch Solutions.
SMC and Dell are way too costly.
But DLink and NetGear still seem to be affordable.

In a nutshell, I've gotten to the point where for a Small
Business, the magic number if 9+ nodes.
At 9+ nodes, I recommend a Layer-2 Managed solution.
Another tell-tale is if they are daisy chaining any switches,
another killer issue.

Most 12, 16 and 24 port switches are already over the $100
mark.  In fact, GbE switches of these capacities are still
expensive enough per port, that looking to a managed switch
is basically little extra cost.

At the very entry, non-stackable level, the $200 NetGear
FSM726 (24 100M, 2 1000M) is a true layer-2 managed switch. 
You get all the 802.1/802.3 goodies, SNMP/RMON, etc...,
including DHCP, RADIUS and other management/security extras.
Yes, you only get 2 GbE ports.  But which you could put a
erver on, or daisy chain an unmanaged switch off of anyway,
while at least getting statistics at the port-level.
  http://www.netgear.com/products/details/FSM726.php  

This solution is ideal for the office network that is full of
typical users.  You have one GbE for a server, maybe another
for a 5 or 8-port unmanaged switch for your "power-users"
(which then feeds to a "real switch" with a lot of buffer --
as measured in MBs, not KBs ;-).  It will also let you know
quickly if you really need GbE or not, before spending the
money on a solid GbE network (which is _not_ by chaining
5-port switches together ;-).

More on the stackable level (when you need more than 20
nodes, or 2 GbEs), don't even bother with layer-2, go
straight to NetGear's entry, stackable (up to 8 units)
layer-3 in the $400 NetGear FSM7328S (24 100M, 4 1000M).  You
can setup VLANs that will directly route/switch, SNMPv3
managed, SSHv2 or SSLv3 remote access, and it will provide
RIPv1/v2 routes (no OSPF -- but at this price point for the
target user, it's unbelievable).  Yes, this means you could
have nodes using 9000 byte jumbo frames and they would
dynamically be assigned a VLAN, and the switch would handle
routing to the standard 1500 byte frame nodes at full wire
speeds.
  http://www.netgear.com/products/details/FSM7328S.php  

Stacking just 3 units to get 12 GbE ports (plus 72 10/100
ports) is typically cheaper than most other vendors 12 port
GbE Layer-3 switches.  Again, we're talking small business
under 100 nodes, with requires little more than just RIPv2
(which is classless capable) for maybe a handful of subnets,
so this is an ideal standpoint for basic management (such as
measuring network usage to identify bottlenecks), etc... for
a price point starting under $500 for the first unit.

You don't have to be a CCDP to appreciate what management can
show you.  These days, you don't have to setup a full SNMP
system to track usage, as web and easy-to-use admin tools
accompany even these low-cost switches (even if they are
OpenView and other SNMP management system compatible).  You
can quickly identify network bottlenecks, and problem nodes. 
You can also authenticate nodes and block various traffic, or
setup a monitor port for your internal IDS (intrusion
detection system).

And for multiple subnets, you'll get wire forwarding speed
measured in 10s of GbEs, not sub-GbE through NAT/PAT -- much
less sub-100M if you're using a cheapy ARM-based "Ritter"
that will only introduce ARP and other issues into a
multi-subnet network.  It's worth the few hundred bucks to
actually have some control over the network, even if you only
visit every few weeks.

Especially when you want to segment off a department of 20-50
nodes from another once you start talking Small to Medium
Businesses (SMBs) of 100+ nodes.  Do _not_ put a 'Ritter in. 
Put in a Layer-3 switch like the NetGear FSM7328S so you can
actually sharing routes via RIPv2 to the rest of the
corporate network (even if it's OSPF-based beyond that, most
router setups also handle RIPv1/v2 for more "local" routing
compatibility).  As much as you might be segmenting your
systems from the network admins for various reasons, don't go
the NAT/PAT route, especially when the solution is under
$400.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)

More information about the Pc_support mailing list