/g/ help me out with this:
You must design a network for a two floor company of 200 users. Include what devices you would use.
I would split the network into 5 vlans. The switches have 48 ports each. Is the best method?
Don't listen to this pleb.
vlans do more than breaking up broadcast domains; which doesn't matter with only 200 stations. In this scenario it would be used to segment the network into roles such as mgmt/wifi..etc
I usually use vlans alot specially for diffrent kinds of groups of people not able to connect to example the staff of the company / wifi segmented from the main working ground or even have 2 wifi's 1 for the company and other for guests whatever you want my friend.
I run more than a few 200+ networks for a managed service provider. Here's how things work.
Every every office should be wired up with a jack on 2 walls. If you're talking 100 users per floor you probably want to terminate each floor to a series of patch panels located on each floor. Run those patch panels into a couple of 64 port Cisco switches per floor. Connect the switches with 100gb multimode fiber. The switches terminate with 100gb multimode fiber into a nice cisco router.
This is how literally every enterprise level network is designed.
>If you're talking 100 users per floor you probably want to terminate each floor to a series of patch panels located on each floor. Run those patch panels into a couple of 64 port Cisco switches per floor.
Do you really need two 64 port Cisco switches per floor? Is there a reason not to use 1 64 port cisco switch + a couple un-managed $20 switches?
And on the subject of VLANs.
1 VLAN for IP phones
1 VLAN for VPN users
1 VLAN for the Public/Guest network
1 VLAN for Corperate
Layer 3 management, POE, Remote management, because that how you do it right.
I was just up above drop panelling for six hours today at a clients office fixing a botched job from their old MSP. Makes me really appreciate the well thought out and professionally done jobs a ton more. I'm mainly back office, RMM, marketing and HR stuff, but I love going out with our engineers when they need help pulling cable. Really satisfying work.
Going into a well organized network is fucking awesome. Last week some client we only do a very small amount of work for called up needing us to light up a new office. All the wall jacks and patch panels were labeled. All I had to do was find the person's new "numbers" and connect the patch cables. I went over there thinking I would at least have to tone down the run and maybe even run some cable. Because they had VOIP phones the job almost did itself.
You are retarded.
If you do use cisco or juniper, you are killing your network.
No other company produces proven technology like those do. Security is why you do not buy "apple networking turds"
Umm they can't copy cisco commands?
They also have a completely different experienced software engineer team which think different like a certain fruit company that retards keep buying shit from.
They also almost copy hardware designs. I am surprised they have not been sued by having an almost exact hardware layout.
Oh yeah, I will be sure to tell all of the network industry that apple is the best networking vendor on the planet. When I see someone not using apple products, I will tell them they are retarded like /g/.
I am at this point going to say apple, don't you mean linux you useless uneducated American.
Linux is the second most used networking application on the planet. Cisco the the top.
Hohoho, look at this scrub. I fear for the future of networking, when the pros like me retire we'll be left with these kids installing Cisco routers all over the place.
Apple is not and will never be a networking choice for enterprise uses.
You understand that your home router has a modified linux system running in it?
That is, if you brought a non cisco router.
I hope so.
Fuck those ASAs. Just use a proper IOS router and ACLs.
If you're super lazy and/or just retarded, Meraki is super easy to manage. A previous IT guy had sold one of my clients on the entire Meraki suite. Switches, router, APs, the works. Sure, they are locked into a recurring fee, pretty much forever to keep using the equipment, BUT.... Damn it is easy to manage. All the APs are perfectly placed on Google Maps. I can see each client's traffic going in and out. I can update the firewall and network policies in real time from my laptop, anywhere. All through a simple, effective web GUI. I can leave it alone and it takes care of itself, even pushing firmware updates and scheduling reboots automatically.
Now, you can do ALL of this with a proper cisco router like an 1861. It's just super complicated and requires a ton of work in CLI. You have to tinker with the settings and play around with your ACLs. You gotta basically have a CCNA to do any of that. I don't have one and I am only just barely able to keep up with the guys that do. It's amazing how these routers never really get obsolete. They just remain perpetually difficult to setup. Don't even get me started on CCP, that bloated piece of shit.
I already have cancer from the desktop thread.
I must reply so I can die before these stupid cunts run this planet.
>Trump will be president.
>Americans be gone from the Internet
Bad or good thing. /g/ be the judge.
Because that's stupid, anon. You're networking an office, not a supercomputer cluster.
No you're not.
As a consumer product with their faggot ad hoc networking devices, well that is all they are good for.
As a mass scale product for networking, you would use UNIX, unless you are fucking retarded.
As a free solution to UNIX you would use linux(distro here). I have worked in many network design projects and I have never once seen apple directed design. I cannot hold the cringe I feel when I think enterprise networking + apple devices.
I said cisco ASA for compatibility, in my network designs, I suggest edge linux routers.
They do deep packet scanning at a faster and much cheaper rate.
>$7000us cheaper per 500 computers.
I think I laugh when I see the textbook example of making a vlan for "Sales, Marketing, etc".
Unless the business is transferring gigabytes of data per day no one would know if they were plugged into one big 200 port switch.
Separate networks by business need. That means if you don't need it, you don't have access to it. Even pfSense running on a $40 Celeryon could do everything you need and more. Any stackable managed switches would provide the same user satisfaction as a Cisco Nexus.
I can go on will all the switch attacks.
VLANS are more for segmenting a flat network while adding control and security.
You're obviously fresh out of school, I've installed Airports for all my enterprise clients and haven't had a single complaint.
I've had several cases where I had to throw Cisco routers in the trash because the previous guys installed those and _nothing_ worked properly. With Airports I can just scale up by adding more as needed.
Don't know, but they are cheaper then Cisco.
I always use cisco devices. First reason is that they last for ever. Hardware failures are not highly rated before 10 years.
The quality you get is where the price comes from. Security ISO and also what is attractive.
>500 person network
>10 64 port 10/100 unmanaged switches
>10/100 uplink connecting one switch to another
>Single 10/100 to FORTIGATE router
>Bonded T1 for the entire office
>DHCP handled in Server2003
You wanna know hell, anaon? You wanna know fast and dangerous?
Enterprise, or medium business?
School? nah mate. Been working for 7 years in networking design and implementation. I work with the architects. I will ask them what they think about apple products in networking.
I presume that I am being played since you would used UNIX and not apple for networking. Apple are not strong when it comes to server products. They are good for client shit.
Please elaborate. I would like to know the difference between packet scanning and packet sniffing. I would also like to know how those are possible with a standard implementation of defenses against ARP spoofing. If you are concerned with multiple workstations being on the same subnet, why do you allow your users to run arbitrary executables?
Packet scanning is that you aim for specific reply, arp request or something.
Packet sniffing is when you record everything sent through the switch.
Having a lot of users on one switch opens up the costs of needing a system to support these security protocols. There are different switch levels for protection.
VLANS, if managed well can be good. UAC on systems is then put into place. But even then, people try to find work a rounds.
Just buy them from your local Apple certified store and you're good to go, plug-and-play.
I think you should ask for a refund to be honest, in a real company they'd laugh you out the door if you bring up Cisco and other meme products.
i am serious, the last half makes it seem like yes vlans are good, but the first half i dont even know. a 200 port switch is irrelevant because it could go both ways.
just answer the question, it wont work to look smart in this thread.
not that guy, but you have half of a point. however, no one is EVER going to try and define scanning vs sniffing, because they are both the same. don't try to say othewise, because everyone knows you are capturing everything regardless, and just filtering what is SHOWN to you.
and uac is useless unless the account is NOT a local admin
So to you, packet sniffing and packet scanning are security protocols? Do you know how L2 networking works? If traffic is not meant to be received by a machine, it doesn't know about it. What work arounds are there for prevent unauthorized executables?
Daisy chaining is using a port to connect to another devices. Thus chaining.
Trunking is different. Trunking has protocol to handle and managed information sent from device to the other.
No. The switch will contain protocols on how to handle such threats.
I am implying protocols on the switch aimed at security.
I named threats such as sniffing. These are not protocols.
We don't have the luxury of having just cable pullers... Yet. The guys who are pulling the cable are the same guys designing the network and maintaining it. So for us, it's not just "pulling cables", it's everything. And if you don't take pride in your work it's not worth fucking doing it.
You cant imply one thing but say another. What protocols are you referring to? First you say a switch it vulnerable, but then you say its not? Did you have long day at the call center?
I may have stated the wrong implication of what I said.
>I need to name protocols
Fuck off you retard. There is no joke 35 different protocols which come with particular images. I have already wasted my time, caught cancer, and now slowly dying, since someone suggested the use of apple networking products in any network environment.
Weigh your options.
Is it all hard wired? Or is there wireless? Are there other network devices that could be separated to a vlan?
The purpose of VLAN is to reduce redundant traffic. However this can be done with out vlans if your switches can share address tables.
I'd probably have 4 64 port switches (2 for each floor, and maybe a seperate one for the offices server's), then I'd run cable's through the walls, and then have a few access ports on the ceiling connected to the jacks.
>some dumb fuck in one departments runs the obvious ransomware attachment that turns up in his email
>every fucking device on the network is visible because "why separate things when you're just a small business and you won't notice performance difference of everything being all one big network"
Are you going to cover the ransom?
>Do you know how L2 networking works?
Hubs were L2 as well you know, L2 (and really L3 too) Switches are just smarter in that they store a table of MAC addresses to ports so they can forward the packet to the correct port instead of broadcasting it.
However, there are some possibilities for ARP poisoning to cause packets destined for another client to come to you, possibly even for them to come to you both.
There are some ARP spoofing prevention capabilities on Ciscos (DAI) and Junipers which can help with that, but obviously you shouldn't fully rely on them.
Flat networks are just awful from a security perspective. Aside from ransomware, there's the "I popped a Sales computer and now I can reach every desktop and server in the company" issue.
Granted most people don't want to spring for the 100GB fiber trunk. A few of our clients have multiple spaced out buildings of 100+ users that are connected with 100GB fiber. I thought it was multimode fiber connecting these building, but it might be single mode. I know we have a bunch of these floating around the boss's office.
>Hubs is l2
Bwhaha, and switches swtich packets right?