What's new

Reconfiguring Small Office Network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

businesstx

Occasional Visitor
Hi everyone


After getting some advice on wifi problems and some prodding from @coxhaus, I have decided to try and reconfigure the network because it looks like the guys who did this cut corners. So, in this post I am looking for advice on the best way to use the items I already have so I can minimise the cost UNLESS the devices are so slow than they will affect the performance of the rest of the network.


Also, I am looking for advice on what specific products I should use.


I will begin by describing the layout. I attach an image of the current network layout (N1) and the office layout.


This is a relatively new office so the ethernet cable wiring, switches and router are all only around 6 months old. All the wiring is Cat 5E. All ethernet sockets in all the rooms have been tested and work OK.


The red circle is the location of the cabinet with the switches, router, NAS, etc…


The pink R is the Reception.


The green O is a common office area where most of the wired devices and the wifi printer are located.


Rooms with a green X are where most of the wireless laptops will be used.


The blue lines indicate reinforced concrete load bearing walls.


Thin grey walls are just stud walls.


Single lines are glass panels (many of the rooms have glass panels on one side).


All the ethernet cables are terminated in a wall cabinet (red circle) and all the switches sit on shelves in the cabinet. The ethernet wires from the wall sockets in the smaller rooms connect directly to the switches. However, 95% of these wall sockets are not used as the powers that be decided to buy laptops with no ethernet ports.


The ethernet cables from the 25 POE cameras are also terminated in this same cabinet. All images are recorded locally using a DVR. Remote viewing of the cameras is very rare i.e. 2 or 3 times a year so the DVR still needs internet access.


Two 16 port HIKVision DS-3E0318P-E/M POE Switches are used for the cameras only. The POE ports are 100Mbps and there is a gigabit uplink port and SFP.


https://www.hikvision.com/en/produc...Network-Switches/Value-Series/DS-3E0318P-E-M/


All the other ethernet cables from the wall ethernet sockets are connected to two 16 port unmanaged TP-Link Gigabit switches (SG1016DT). As mentioned, not all wall ethernet sockets are used so one of these TP-Link routers is currently switched off).


Only the reception area and the main office have wired PCs and hence use the ethernet wall sockets.


The NAS is located in the same location as the switches and is connected directly to the TP-Link R476G+ router.


Here is what I have done so far:


- I bought one of those ethernet wire testers and checked each ethernet wall socket.

- I labelled all wall sockets and the cables with numbers.

- I did not label any of the POE camera wires yet.


As I was doing the labelling, I noticed that the cables were a mess and hard to move around. The guys who installed the wiring, switches, etc… did not use a patch panel.


Here is what I think needs to be done:


1. Remove the shelves and install a rack in the cabinet.


2. Install two 24 port patch panels. Two 24 port patch panels should be enough as 25 ports are needed for the POE cameras and the remaining 15 can be used for the wired devices. Only 5 devices are currently wired at the moment so I think the 15 ports on the patch panel should be enough for now.


3. Label all ports on the patch panels (trying to keep all the POE Camera ports together).


4. Install the existing switches into the rack as follows (POE Switches at the top as they produce the most heat):


POE Switch S1

Patch Panel 1

POE Switch 2

Patch Panel 2

TP-Link Switch 1

TP-Link Switch 2

TP-Link Router

NAS


5. Update the configuration to that shown in image N2.


So my key questions are:


1. Are there any problems with what I propose above?


2. What managed core switch would you recommend? Will something like the TP-Link T2500G-10TS (TL-SG3210) be OK or should I go with something with more ports or more advanced features as I will need the following:


- Make the wifi connections as fast as possible with as much coverage as possible. Most devices in the office are wifi AC at the moment. The Huawei WS832 is slow as its LAN ports are 100Mbps. It looks like I will need a core managed switch so I am not sure if I should go for a router like the Asus AX88U (282 USD) or Asus AX86U (226 USD) or or an AP like the UniFi UAP-AC-HD (which costs around 35% extra at 440 USD). I need coverage for the areas marked in green on the office plan. Note prices are cheapest local online prices.


- I want to keep the data on the NAS safe from wifi guests in reception.


- I only want SPECIFIC office laptops to be able to access the NAS. All other devices should not be able to access the office network.


-. I need wifi for non-office staff to use without worrying they will be able to access my data.

So my questions are:


- The HIKVision POE routers are 100Mbps so will they slow down the whole network?If so, how can I minimise their impact? No one needs to access the cameras. We can view images locally with a display connected the DVR. We rarely view the cameras remotely online.


- As soon as I get a new wifi solution, can I reuse the Huawei WS832 as an AP for non-office people or for the rooms furthest from the wifi where the signal might otherwise be very weak.


Image N2 shows an updated layout based on recommendations from @Trip and others.


I am sure I will have more questions but this post is getting quite long so I will not add more here


Finally, please note that I am not a technical guy so go easy with the technical terms. I am only just reading up on Switches, VLANS, etc…


Thanks


Ray
N1.jpg
Office.jpg
N2.jpg
 
@businesstx - Ray, I was under the impression that those separate access switches (S1 through S4) were all located in different parts of the building... I should have thought to ask if all cable runs were homed to the same closet. Since they are, that changes my switching recommendation rather drastically, and much for the simpler. I would replace all four of those lower-density switches with a single 48-port managed PoE switch, or two stacked 24-ports, to run the entire LAN direct from the core as OBFN ("one big flat network"). This will greatly increase performance and manageability in nearly every way imaginable, and you don't need the most expensive switch(es) in the world to do it, either.

Per my private message, I'll add specifics along with an updated topology soon, and if you can send me a clean blueprint, also a proposed markup of where APs might best be placed as well.
 
Last edited:
1.) You are way over complicating this.
2.) WiFi, simplify it down. Unlikely the UAP-AC-HD is the right solution, you probably would benefit from a couple of distributed cheaper APs.
- A couple of UAP-AC-LITE or the TP-Link devices distributed across the office will probably better service the clients than a single fancy device.
3.) You will need at a minimum basic managed VLAN capable switches to handle your guest duties.
4.) Don't worry about the Camera switch slowing things down. As long as that switch isn't in the communication path of your systems, it will have no impact.
5.) Router - If you are going down the UniFi path, consider a router from them. There are gobs and gobs of router options in general.
 
@Trip

Appreciate your input. I should have included a complete description of the layout.

@MichaelCG

Thanks for the input. I have been looking at Unifi and also some offerings from Huawei (which probably aren't available in the US)... but it is a difficult task....
 
@Trip

See attached image. The areas on green require good wifi coverage.
Wifi would be nice to have in the areas in yellow.
I am not bothered about the areas with no colour as we have wired ethernet sockets in most of those areas or there is no wifi used in those locations.

At the moment, the wifi router is located above the cabinet housing the switches, routers, etc...

Would it be better to mount any future wifi solution on the ceiling?

It might be difficult to get the wiring above the ceiling in the corridors as the ceiling space is not accessible without damaging the ceiling.
In the offices it is easier as they all use suspended ceilings.

Also, I should be able to run any new cables to nearly any new location from the current IT cabinet.
 

Attachments

  • N3.jpg
    N3.jpg
    49.9 KB · Views: 202
@Trip

The only problem I can see with a single switch is what happens if it fails. At the moment, if a single switch fails, the damage is limited to certain parts of the network and I can always move the connections to other switches on the network to get things working temporarily.

Also, will there be any security problems with a single switch and will I have to setup VLANs for different devices?
 
Your network will run better if you use bigger switches. Bigger switches have bigger back planes. If you are worried about about failure then buy Cisco small business switches. They usually run until they are out of date. You can buy redundant switches and use STP to keep them online and hot. STP is Spanning Tree Protocol which is used to protect your network from loops but also works for redundancy.

A nice side benefit of the Cisco switches is they run layer 3 which is a good thing for an Office. I would look at the Cisco SG350, SG250X, and the SG350X switches for small office. If you need to stack switches in larger offices then the Cisco SG550 switches but the SG550 are not needed in small offices.
 
@businesstx - These days, most business-class switches should last you their entire service life and then some, but if you're that concerned about redundancy, per @coxhaus's reply, you could run another switch alongside, and enable STP on both, with the primary switch set as the spanning tree root.

The above setup would give you failover-readiness, but it wouldn't be automatic, as you'd still have to manually move patch cables from the failed primary switch to the secondary switch in order to restore endpoint connectivity. One exception would be for any devices with two or more network interfaces (such as your QNAP 453A); you could do doing what's called dual-homing or multi-homing (uplinking via two or more paths), cabling one NIC to the primary switch and the other to the secondary switch, so that a single switch failure wouldn't disrupt connectivity. For all other single-homed devices with only one NIC, you'd still have to move their respective patch cables to the hot spare switch before connectivity to those items could be restored. Hope that makes enough sense.

One additional option would be to run stackable switches, for easier manageability and often, depending on the stacking method/medium, higher performance. But that's more a convenience/preference than it is a necessity, and it's usually a fair bit more costly.

I'll include the above options in my schematic (soon to come).
 
Last edited:
Yes and no Trip. You don't have to move cables using STP if you setup a loop and STP blocks it. Then it can become redundant. The real question becomes where do I want to stop with redundancy? At the switches, at the servers, at the routers? So it can get more complicated but just talking switches not too hard. This is the problem I see with redundancy and I don't think it is worth it for a small business. It becomes too expensive and too complicated. I say buy good hardware and not worry about it.
 
@Trip @coxhaus

I read some stuff on STP and why it is needed but given my current setup, I do not think I will have any looping problems as each switch only has only one route to the router.

As for a 48 port switch with POE (for the cameras) .... wow.... I didn't realise they are so expensive .... The cheapest price I found for a Cisco SG350X 48P is 1400+ USD :eek:
Is there a cheaper option?

In the meantime, does anyone have any experience of the Huawei AirEnginer 5760? I can't find any reviews of it outside of China and I cannot read Chinese :(
 
@coxhaus - I was focusing on the point at hand: full physical switch failure. Backplane, frontplane -- the whole box. Then you would have to move cables off that switch, to a secondary, or replace. Regarding the points on redundancy, I do agree it's more cost and scope creep than is usually worth it for most micro businesses.

@businesstx - SG350X is giving you 10Gb uplinks, 10Gb or multi-gig access ports on certain models, and stacking. All very nice to have, but nothing your situation really demands in order to have a functional-enough core (for now). You could drop down to an SG350-52P, or for just Layer 2 and much quieter, a Zyxel GS1920-48HPv2.
 
@coxhaus - I was focusing on the point at hand: full physical switch failure. Backplane, frontplane -- the whole box. Then you would have to move cables off that switch, to a secondary, or replace. Regarding the points on redundancy, I do agree it's more cost and scope creep than is usually worth it for most micro businesses.
.

I think you are missing the redundant switch point. Using STP you have 2 active switches 2 wires both switches are hot. You have a client plugged into 1 switch. You have a wire going to switch 2. Both switch 1 and 2 are plugged into say a RV340 router. STP in the switches stops the loop. So you can unplug switch 1 in the router and switch 2 will be active. You can then plug switch 1 back in and it is being blocked until you unplug switch 2 then switch 1 becomes hot again and switch 2 goes into blocking mode. If switch 1 dies then the client cable would need to be moved to switch 2. We have redundant switches not redundant clients. Redundant switches are what we are talking about. Redundant switches just takes twice the switches and twice the cables. STP does the work.

If you want redundant clients then plug 1 wire from the client into switch 1 and 1 wire from the same client into switch 2. Not all clients can do this.
 
Last edited:
No confusion on redundancy or STP and we both mentioned cable migration required if there's a physical fail of the primary switch:
For all other single-homed devices with only one NIC, you'd still have to move their respective patch cables to the hot spare switch before connectivity to those items could be restored.
If switch 1 dies then the client cable would need to be moved to switch 2.
Perhaps my phrasing was confusing in conjunction with talking about homing. It appears it was clear enough for Ray, though, plus he seems fine with a single switch, so all good.

@businesstx - Here's the updated topology, how you might structure your rack, plus a layout of potential wifi APs (green = higher-power/spatial-stream APs, lower speed at edges, probable 2.4ghz use; purple = lower-power, 5ghz, higher client speeds):
SNB 2.1 Layout.png SNB 2.1.png FloorPlan.png

EDIT: To clarify on AP layout, it would be green or purple, but not both. Also, for good 5Ghz (purple) no client would be more than 1 cement wall away from an AP, which should deliver enough signal, but a proper on-site survey would serve as the ultimate determination (with at least one of the actual APs intended for use).
 
Last edited:
No confusion on redundancy or STP and we both mentioned cable migration required if there's a physical fail of the primary switch:perhaps my phrasing was confusing in conjunction with talking about homing. It appears it was clear enough for Ray, though, plus he seems fine with a single switch, so all good.

Trip figure on only moving half of the single NIC clients. I think it would make more sense to split the load across the 2 switches since you are paying for them.
 
Trip figure on only moving half of the single NIC clients. I think it would make more sense to split the load across the 2 switches since you are paying for them.
Indeed, if he ran two switches, splitting single-home ports would lower migration by up to half. But we're likely back to one switch for this case. Still, good idea in many instances.
 
I've been trying to find the Zyxel switch but it doesn't seem to be available in China.
The Cisco POE 48 port switches with POE are too expensive.

Would a Cisco SG250-26-K9 switch work assuming the cameras stay as they are and their switches just plug into the new switch?
 
How about a Netgear GS752TPv2, or perhaps more available in China, a Huawei S1720-52GWR-PWR-4P ? Would you ever consider refurb enterprise, or something used off eBay or Alibaba?

Otherwise, yes, your two HikVision switches uplinked to a lower density, non-PoE managed core switch would work well enough.
 
Last edited:
Thanks @Trip

I'll check those out.

As for used products, I am not sure if they are worth it unless the price difference compared to new is significant. I will still check them out anyway.
 
If you are looking at a Cisco SG250-28 switch what about a Cisco SG250X-24 switch. It will be a better switch for your core network.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top