Quality Networking Hardware for a Midsized Business

[TheFunk 9]

I'm looking for network hardware for a midsized business. My only stipulations are that it has to be highly configurable for VPN access (I'll need both site to site connections and a site to user connection)

You guys typically give the best insight for this type of thing, so I figured I'd ask around here. So far I've looked at Meraki equipment and Ubiquiti. Both look like they'll be able to do what I want, although the Meraki has the added benefit of being extremely easy to configure and has web management for when I'm not in the office (which is 99% of the time). On the plus side for Ubiquiti, it's cheaper and does everything just as well as the Meraki without any regular license costs.

 

Thoughts? Opinions? Words of wisdom? Other suggestions?

[systems_glitch 111]

I'd still recommend pfSense for Firewall/Router/VPN. You can purchase preconfigured hardware with warranty and corporate support. I've got a number of pfSense boxes deployed with former and current clients, except for hardware failure due to power problems (surges or lightning, we're not sure which) we've had near zero problems. Updates used to be a bit shaky with older releases of pfSense, but newer (last year or two) releases are much better.

 

There's also OPNsense now, which is a pfSense derivative. I haven't personally tried it out, but supposedly they were going to nail down some of the interface issues/hacks present in older versions of pfSense. IIRC they also strive to provide a more open build environment (pfSense has premium level stuff you can buy, and supposedly their build process is poorly documented).

 

Are you looking for switches too?

[tekio 117]

Something like a Cisco 800 series? I know Cisco wants an arm, leg, and three fingers for integrated VPN licensing.  But there is nothing stopping you from using VPN sever inside the DMZ. 

 

Switches are tricky to recommend: do you need 1Gbps, Fiber. POE, etc... For something that supports all, I've been pretty happy with Netgear prosumer stuff. I'd get all one brand-model switches if possible just to ease administration. Cisco Catalyst will about twice as much for the same features and harder to administer.

 

The 800 series would have learning curve - but I think everyone who has posted in this thread could pick it up in a day. Basically just a good understanding of networking and finding where to go. And when the web gui has seceded usability IOS administration looks great on a resume

 

Just my 2 cents vs more community solutions mentioned. Both are great options worth exploring IMO.

Edited July 13, 2016 by tekio

[systems_glitch 111]

14 hours ago, tekio said:

Switches are tricky to recommend: do you need 1Gbps, Fiber. POE, etc... For something that supports all, I've been pretty happy with Netgear prosumer stuff. I'd get all one brand-model switches if possible just to ease administration. Cisco Catalyst will about twice as much for the same features and harder to administer.

 

I recently purchased a used Foundry/Brocade FastIron 24-port gigabit switch to try out. 24 gigabit ports, 4 of which are SFP (can be various kinds of fiber), an expansion bay that supports 10 gig modules, and switchable 802.3af PoE on all ports. Very nice hardware! The OS is very similar to Cisco IOS, and their documentation/command reference is excellent. I bought it used, I think I paid under $50 shipped -- there may be a thread on it elsewhere on the forums. Overall I'm super happy with it, would recommend Brocade for business/commercial hardware.

 

I've also had very good experiences with Allied Telesis (used to be Allied Telesyn) products. They make a solid line of managed and unmanaged switches. They aren't as feature rich as HP, Brocade, or Cisco, but the price reflects that. Most of the admin is better done through the web interface, I didn't like working with the CLI, whereas I prefer the CLI on my Cisco and Foundy/Brocade hardware. I really like Allied Telesis' smaller workgroup switches (4-8 port units) as you can get them with a built-in power supply -- no wall wart or line lump.

[tekio 117]

I can picture those being better than netgear. I usually get 48port. Always ask myself - are networking needs going to expand or decline? Usually I answer expand. At least in a mid-sized business. 

 

 

 

[systems_glitch 111]

15 hours ago, tekio said:

I can picture those being better than netgear. I usually get 48port. Always ask myself - are networking needs going to expand or decline? Usually I answer expand. At least in a mid-sized business. 

 

Certainly better than Netgear if you need any advanced features (VLANs, LACP, PoE, et c.). If you just need a dumb switch to connect everything together, I'd imagine just about anything that doesn't crash regularly will do the job.

 

+1 on always needing more ports. I've got a little 8-port Cisco 2960G in the apartment (didn't want the loud 24-port 1U switch going in the living room...moving soon tho!). Always feels like I'm hooking another switch to it if I'm hacking on much of anything. OTOH, the last place I worked, the boss wouldn't "invest" in having us run cable during slow days to the new workstations, so everything stumbled along on wireless for most of the workstations. I guess if the boss isn't going to let you build out the wiring ever, there's no point in buying extra ports, unless you just get a good deal on it.

[TheFunk 9]

You guys are the best.

To answer your questions I was looking for hardware for about 30 satellite sites that require a secure VPN connection back to corporate HQ and good QoS over that connection. The sites are practically SOHO, so I didn't need fiber or anything like that.

Just so you know, I stuck with Ubiquiti for the switches. At the moment they just need 8 port managed switches at each site, but as you said Tekio, it's always good to plan for growth, so I bumped that to 16 port PoE switches and with the money saved by not purchasing overly priced Meraki devices and licenses, I recommended rackmountable APC UPS systems, a set of nice WAPs, and Ubiquiti cloud keys (hybrid cloud device that lets you manage a site remotely and has no licensing cost)

 

Glitch, for the edge devices I remembered working with pfSense a while ago, and I asked myself, "What would systems_glitch do in this situation?" So I recommended they buy 33 pfSense security appliances. 

[tekio 117]

I've always liked Ubiquiti stuff. :-)

 

And thinking of what Glitch would do is a good concept. I must admit, Glitch has some skills.

 

[systems_glitch 111]

Heh, thanks guys. Mostly from years of having to get by on scavenged hardware Turns out if it's a good solution on a junky 486, it's even better when you've got a real router to run on!

[tekio 117]

 

4 hours ago, systems_glitch said:

Heh, thanks guys. Mostly from years of having to get by on scavenged hardware Turns out if it's a good solution on a junky 486, it's even better when you've got a real router to run on!

Dude, you impressed me when you fixed the trackpad on that MacBook G3. I pretty much fucked it up good. 

[tekio 117]

On July 15, 2016 at 10:39 AM, systems_glitch said:

 

Certainly better than Netgear if you need any advanced features (VLANs, LACP, PoE, et c.). If you just need a dumb switch to connect everything together, I'd imagine just about anything that doesn't crash regularly will do the job.

 

+1 on always needing more ports. I've got a little 8-port Cisco 2960G in the apartment (didn't want the loud 24-port 1U switch going in the living room...moving soon tho!). Always feels like I'm hooking another switch to it if I'm hacking on much of anything. OTOH, the last place I worked, the boss wouldn't "invest" in having us run cable during slow days to the new workstations, so everything stumbled along on wireless for most of the workstations. I guess if the boss isn't going to let you build out the wiring ever, there's no point in buying extra ports, unless you just get a good deal on it.

Netgear does support the following, but are crappy still. With that said, I really love this switch: https://www.neweggbusiness.com/Product/Product.aspx?Item=9B-0XP-000A-00014&nm_mc=KNC-GoogleBiz-PC&cm_mmc=KNC-GoogleBiz-PC-_-pla-_-Network+-+Switches-_-9B-0XP-000A-00014&gclid=CjwKEAjwrIa9BRD5_dvqqazMrFESJACdv27GKMaRqCF6jK0Mt5u_TL5FIeHyLVxsBRFLpbVuPP5KOhoCabPw_wcB

 

Ordered it on a freelance job today for a client. I replaced their main switch that went down with another in their building. To replace the one I pulled out: daisy changed three little d-link switches and am running about 10 machines, two VOIP phones, and an AP off my Asus RT-16 with DDWRT (in switch mode). I'm really surprised with my little Asus processing all that traffic. I made a call from a VOIP phone and it was clear as a bell. I'm sure full load on everything would cause issues. But really surprised my little SOHO wireless router with DDWRT was able to fill in until a new main switch arrived. 8-)

 

If it had more ports, wouldn't needed to daisy chain even. Hahaha