Help selecting a managed switch for small business

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
Hi all,

This is my first post on mybroadband.

We are a small family business with 7 PCs currently on an un-managed switch. We all access the internet via an ADSL connected to the switch. We operate on a workgroup.

We are looking to upgrade our network for the following reasons:
1> We are growing and need additional ports for new users
2> We have several employees who are milking our bandwidth on Youtube, FB etc despite numerous warnings


So what are we hoping to achieve?
1> Increase the number of ports to accommodate the additional users (24 should suffice)
2> have the ability to block certain ports from connecting the the ADSL
3> all within a R 3,000 budget


Any ideas on a good managed switch to achieve the above?

Please bear in mind that my IT knowledge is below average so something that isn't too complicated to setup and manage.
 

lumpyza

Well-Known Member
Joined
May 29, 2012
Messages
150
well managed switches are more for sub netting, QOS and port aggregation, i would upgrade your switch to a standard 24-port switch without all the bells and whistles like SPF ports and web interfaces etc... then get a old P4 or core2duo desktop and put something like smooth wall on the box to act as a firewall and proxy, you'll be able to pull reports for each users bandwidth usage and block them from Facebook and youtube during normal business hours... can def do this setup for under 3k...
 

CataclysmZA

Expert Member
Joined
Apr 1, 2010
Messages
4,786
What I'd suggest is actually getting a managed switch because you can manage the data rate for each connection. So instead of each person getting a 100MB/s local connection, you could throttle it to, say 50 or even 10MB/s to reduce overheads and contention for ADSL bandwidth. You could even prioritise computers connected to the switch and have those on higher speed profiles.

So something like D-Link's DES-1100-24 is a pretty good option. If you're leaving it at 100MB/s to not have to fiddle with settings that would work fine as well and you can even prioritise certain ports and protocols.

As for the website blocking, a small, inexpensive PC being used as a dedicated proxy server with Linux is a must. I'd recommend installing something like Ubuntu 12.04 LTS on a PC with at least a single core at 1.6Ghz, 1GB RAM, two 100MB/s network cards and a hard drive larger than 20GB in size. You can set it up with Webmin as a proxy server and firewall and you can even have generated reports for each user e-mailed to you at the end of every day or month, if you wish.

You'd then run this PC as the only connection between the router and the 24-port switch and all data will go through it before reaching the internet. You'd have to run it as a headless server without a mouse/keyboard or monitor attached and you can login remotely to the server by installing Teamviewer on the proxy server and your computer.

Also, since you're getting more systems on-site, support is going to become a lot more of a pain than usual. Do you have backup schedules implemented? An updated anti-virus on every computer?
 
Last edited:

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
NAG - Wesley: Thanks for the advise.

We currently using a D-link un-managed switch and D-link Router so I quiet like the switch you recommended.

The setup you recommended is exactly what we need and is how I envisioned the setup working, I just didn't know how to execute it.. so thanks for the info. I will keep you posted.

In terms of back up; we have 1 machine on our workgroup which we all back up to and I back that baby up once a week on to a removable hard drive. I also backup our Pastel (sorry for swearing) data on to flash daily and DVD weekly. All backups are stored in a fireproof safe on site. So I think we pretty covered there.

As for the antivirus; we have been using AVG on all our machines for the last 3 years now we have not had any issues with viruses. Prior to that we had major issues.
 

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
6,010
I'm with lumpyza on this one. Blanket throttling is the worst kind of network setup possible. It kills productivity.

You throttle based on destination IP and/or destination URI. Both would be preferable. Apart from that also throttle based on protocol. Eg. throttle UDP packets and all ports apart from 80.

Lastly you can also limit bandwidth on a sliding window but seriously if you employees aren't cooperating, perhaps you have a problem with authority in your business and you should start there.
 

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
Hi Gnome,

Thanks for the advice.

There is no problem with authority in the business. We know who the guilty party is but are unable to prove it with our current setup.

At present all I can monitor is the ADSL stats. When I compare the days where we had heavy bandwidth usages (10x) with our CCTV footage I notice a common denominator, one of the sales reps. When I confronted him with the coincidental evidence he flat out denied it was him.

Throttling his IP wouldn't reduce productivity as he is supposed to be on the road selling not in the office on YouTube. Unfortunately I travel alot so Im not always here to keep an eye on everyone so some sort of system needs to be in place.
 

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
6,010
Hi Gnome,

Thanks for the advice.

There is no problem with authority in the business. We know who the guilty party is but are unable to prove it with our current setup.

At present all I can monitor is the ADSL stats. When I compare the days where we had heavy bandwidth usages (10x) with our CCTV footage I notice a common denominator, one of the sales reps. When I confronted him with the coincidental evidence he flat out denied it was him.

Throttling his IP wouldn't reduce productivity as he is supposed to be on the road selling not in the office on YouTube. Unfortunately I travel alot so Im not always here to keep an eye on everyone so some sort of system needs to be in place.
Fair enough, I apologize for quick judgement there.

Still, if you did setup a proper router you can monitor bandwidth usage, which web-sites were visited and at what times by whom.
 

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
Fair enough, I apologize for quick judgement there.

Still, if you did setup a proper router you can monitor bandwidth usage, which web-sites were visited and at what times by whom.
No problem mate. No offense taken.

Thanks for your input. It has been helpful.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
72,451
Firewall/proxy. That is all.
You don't want to manage traffic at switchport level. Then they'll get slow ADSL speeds copying traffic off local file servers, which is a recipe for going postal ;)
 

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
That's exactly what I want them to have.. the culprits that is... very slow internet so they can not stream videos and watch live rugby!

But I will setup a proxy to monitor usage and block certainn sites etc.
 

JustinD

New Member
Joined
Jul 27, 2012
Messages
7
I have purchased and installed the D-Link's DES-1100-24 successfully.

Thats Phase one complete. Now at least I can monitor network traffic.

Phase two is to setup a proxy server as NAG - Wesley suggested. I have a spare machine that will do the job with some minor upgrades. Will keep you all posted.

Thanks all for your input. Much appreciated!
 
Top