Any IT people here? Stacked switch vs daisy-chaining-what do I need?

[Mbira]

Wondering if there are any people here with experience with building networks in mid-size businesses? 

I am in a facility with about 75 rooms.  The rooms have been wired with Cat5e and there are some pieces from the old system that was here, but it's not complete and I've been tasked with getting it up and running. 

The building has three wings and the Fiber cable comes in to one wire drop and one of the wings has all the ethernet cables terminating there in to a patchbay. 

The other two wings are each around 150' away and also have their own drops for the Cat 5 cables.  So in other words-  each wing has it's own drop point for the cables and are not currently connected.

It seems like I'm going to have to daisy chain switches in order to make this work, but I'm not certain if I'm correct.  I'm thinking

Fiber Cable -> Switch 1 -> Patch bay
                                                      ->Switch 2 -> Patch Bay
                                                                                ->Switch 3 -> Patch Bay

We only have a single Fiber cable coming in, but I'm not sure if there is some way to do it like this instead.  I don't know if that is what the uplink ports on a switch does?
Fiber Cable -> Switch 1 -> Patch bay
                            ->Switch 2 -> Patch Bay
                            ->Switch 2 -> Patch Bay

For now I want to just get the first switch to get the first wing up and running.  The first wing has 27 rooms.  We are trying to do this on the cheap, so the switches need to be at the most around $300 each.  I'm currently looking at this one:  https://www.amazon.com/NETGEAR-26-Port-Gigabit-Ethernet-Managed/dp/B07PHVBQVS/ref=sr_1_19?keywords=managed+switch&qid=1575680820&sr=8-19

Any help would be appreciated! 

 

[pucho812]

Daisy-Chain describes a topology or a method of connecting devices. Any devices can be daisy-chained. Daisy-chained devices are connected one after another, like train cars, or monkeys from a barrel, so each device is connected to, at most, two others. This is a very simple topology that avoids many possible pitfalls but does so by sacrificing bandwidth and latency. It is generally a very inefficient design.
Stack-Wise is a special port and protocol for connecting compatible switches so they operate as a single unit. While they do operate as a switch-to-switch Ethernet link as well, they do far more than just that and support quite higher speeds than the other interfaces on the switch. Because SW ports can pass management-plane information as well as data-plane, the two separate devices can operate as one. This combined management plane allows for unique features like MC-LAG and shared configuration.
Also, Daisy chanining switches you still have the manage that switch individually. You have to assign it an IP and treat it as a separate switch.
With stacking, the switches can all be programmed under the same IP and config... The ports increment 1/0/1 for first stack and 2/0/1 for the next stack.. and so on.
You can also mass update all the firmware at once.

 

[boji]

We are trying to do this on the cheap

What type of work is this company doing? 
Doing it cheap usually means going consumer grade, and with a ~100 node business network it's not advisable unless you are allowed to walk away from the job after you add basic internet/lan.

Ubiquiti makes some rather inexpensive enterprise level gear with no subscription fees that do something like what pucho mentioned. Switches/AP's are managed under a single unifi controller. 

Edit: But to directly answer your question, extending a network using switches as nodes is perfectly fine and practical unless you're building some facility that needs crazy speed.

 

[PRR]

> 27 rooms.  ....at the most around $300 each.

Tell the staff they are only worth $11.11 each.

Remember that networks always EXPAND. I counted my building's  jacks closely. By the time the installer came I knew I'd need 30% more (wasn't on the job-order, didn't get done). Over time I found unexpected HVAC and (insecure) security boxes tapped-on. Cameras. Vending machines. WiFi. One guy (yes, me) grew from one jack to 9 jacks.

Some of this can be done with $59 hubs in-room. (That 9-jack pig liberated a slow 16-port from parts unknown to split his one connection into 13.) But do too much it becomes a management and debugging headache. (The 16-box user could only complain to himself...)

You want a 48-port switch and 2" of empty rack for another 48 in 2025.

If your staff is all about Facebook and cats on You-Tube, I would not worry about chaining 100-speed switches a layer or two. If it is researchers or music producers transferring many-gig files all day long, you need it neat and direct (and surely more than $300).

 

[boji]

What PRR said.  ++1

If you don't need PoE (if you add VoIP, PoE gets rid of 70+ wallwarts):
https://www.amazon.com/Ubiquiti-switch-Managed-gigabit-US-48/dp/B01LZZ6DQ9

Controller software is free, easily scalable provisioning.  Much cheaper than Meraki or Sonicwall, but with similar features where you can see and control switches, firewall (USG) and AP's from a single point.

Edit: AP's can share SSID's. Portal can be added to guest network (login to track mac). Too many features to list.
https://www.amazon.com/Ubiquiti-UniFi-PRO-3-Pack-UAP-AC-PRO-3/dp/B07SGZ6DB8

 

[Mbira]

I found a guy on Craigslist last night with three Poe HPE 48 port switches. Got all three of them from him for $350. They had just switched over to a different provider. 

My issue is that there is considerable distance between each drop-from what I can tell, stacked switches need to all be in the same room and the cables that run between them can only go a meter or so.

Does a managed switch replace a router, or do you need to have the router between the switch and the demarcation box? 

I plugged one switch in to a LAN port on the router and it worked out of the box.  It seems like I can just run two more cables out of the router to each of the other switches and be done with it. 

The demarcation box is a 10/100/1000 box anyway and the switches are all capable of 1000 so I think that won’t adversely affect anything...  ?

 

[PRR]

> from what I can tell, stacked switches need to all be in the same room and the cables that run between them can only go a meter or so.

You know, it is tough when you won't tell us the distances, the data-flows, or the expectations.

If you had a serious *server cluster*, all machines talking *to each other* fast and constant, then yes: you make a 180 port switch out of several 48 port switches and some special short/fat interconnects.

But I gather you have NO working ethernet now. So I bet you do not have a massive Server Cluster. What you have is staff who want email, Google, BookFace, and YouTube. They do not send packets to *each other*, they send them out to The Internet which sends packets back.

And for 50+ workers, this un-specified Fiber Cable is probably the worst bottleneck. If they don't "all" spend "all" their time watching Youtube it is probably fine. You can pass a lot of email and a good amount of web-surfing through HOSO cable. Adding a second layer and a 300' 100-speed interconnect won't matter. (I had 25+ workers on 10-speed coax to four 10bt hubs and it was only a problem when Judy's PC jabbered, bad card.)

> It seems like I can just run two more cables out of the router to each of the other switches and be done with it. 

Yes, just run plain ethernet from a port on one switch to a port on another switch. Technically this needs a CrossOver cable. Sometimes there are 1-2 "special" holes which look normal but say "uplink" or similar. However 99% of ethernet ports today will detect the "faulty" connection and go into crossover mode.

 

[boji]

Does a managed switch replace a router

Nope.

Do you need to have the router between the switch and the demarcation box?

Demark typically means the point where the ISP hands-off the responsibility for cable/signal. They often provide a gateway on your side of the demarc that has a WAN uplink and LAN IP for the router to talk to.  In homes, the GW and router are often housed in the same piece of plastic.

For a standard business network, the gateway is put in bridge mode or is pseudo-bridged so that a firewall/security appliance can be added to handle NAT and routing.  The best benefit to having managed switches comes from using a router that supports vlan tagging, and I keep mentioning AP's because cellphones/tablets/laptops/IoT devices are becoming so popular that good signal coverage is the next generation's wall jack.

It seems like I can just run two more cables out of the router to each of the other switches and be done with it.

Speeds may not be an issue, but 'done' depends on what type of work the end users are doing.
Do they have a PBX with rollover landlines? (VoIP is typically 1/4 the price)
Do they have a department that deals with sensitive info, customer records or accounting? (You'll want them on a vlan)

Also if the business plans on adding any printers, scan-to-pc, shared drives, or IoT devices, and the router is kept dhcp on a /24 subnet, 'done' is an ip's lease time on a perfect electrical grid.

 

[boji]

What kind of router are you using?  For small biz,  I recommend pfSense (free, open source) running on something that supports AES-NI.

Protect-li makes an inexpensive box that performs well:
https://protectli.com/kb/category/software/pfsense

https://www.youtube.com/watch?v=bK2_ROQrMcM

 

[Mbira]

THere is just a hodge-podge of lots of different businesses here.  We are musicians with studios, independent record labels, PR people, etc, etc.  No hardcore datacenter stuff, but just a bunch of creative professionals that are hoping to get the most out of what we have (and the owner is currently paying $1500 a month for this internet service (!!!) and so we want to get the best we can with what we have and the owner isn't going to pay for more service than what we have. 

I picked up three of these HPE Officeconnect 1920 48 port poe switches off craigslist. 

PRR-sorry if my information in the first post wasn't enough for you-I'm learning as I go with this stuff.  Here is a pic of the Demarcation box where the fiber comes in.  The box is rated 10/100/1000.:

It looks like I can only put one pic in a post, so I'll continue the post...

 

[Mbira]

Here is the current "Main room" where the fiber comes in.  One of the new switches is there.  The blue cable is going from the demarcation box down in to the router.  boji we are using a Netgear Nighthawk R7000.  The yellow cable is coming up from the router and in to the switch.  I'll be building a bunch of little cables to go from the switch in to those patch panels. 

This is all for the first wing.  About 100+ feet away is another wing and I will install a wall-mount rack cage, a patch panel, and a second switch.  I'm thinking I will run another cat6 cable from the router (not the switch, PRR) to this second switch. 

Another 100+ feet away is the THIRD room where I will do the exact same thing-install a wall rack, patch panel, and switch.  We'll be under 300' from the first drop so I will run a single cat6 cable (again from the router-not the first switch) to that third spot to this third switch.

I understand that in more full-on situations there would be backup power supplies, etc, in all the different rooms, but that's not going to be able to happen-at least not in the near future. 

 

[Brian Roth]

Joel, before going "all into" the construction, begin to work out a method of documentation of the system cabling.  I learned this om the early 1990's while building an expanding LAN that started very small (workgroups sharing a fancy laser printer).  Next thing I knew, the system's size exploded into a mass of undocumented CAT-whatever cables going "every-which way".  Troubleshooting quickly became a nightmare. 

It was for an ad agency which employed me, with multiple floors in a highrise building.  At one point, it had gone so far out of control ("we'll just toss a new CAT cable above the ceiling tiles")  we had to stop, take a deep breath, and start clean documentation.  Excel became a friend, along with Ptouch labels, etc.

In the later installs, we ended up with fiber "risers" between floors and often within a floor to link the backbone together.  It paid off as the PBX was retired and phones (wired and wireless) were integrated into a VOIP system.

Bri

 

[Mbira]

Hi Bri,
The construction was done years ago. All the rooms already have cat 5 wiring, jacks, etc. 

Unfortunately when the old switches were taken out they literally cut the Ethernet cables and so indeed a lot of the labeling for those cables is gone. I got a sniffer and tester to start to remap everything...good times!

 

[boji]

Ahhh ok this is making much more sense now. Have you toned-out the punch panel, confirming that the 48 patches are for just one wing of the building?

I'd definitely want to make vlans for all the different 'customers', so you can at least know who's using what bandwidth. If they all are under the same scope, then not only can each 'business' see each other on the network, but one business can eat up everyone else's speed! You should do subnet bandwidth limiting to make it fair for everyone. Now I really wish you went with a ubiquiti controller and switches, as for just a few hundred more in hardware you could have been everyone's ISP.  8)

The $$$ quote for fiber seems expensive, btw. Like to know the speeds you're getting from it:
https://support.google.com/fiber/answer/6032574

I'm thinking I will run another cat6 cable from the router (not the switch, PRR) to this second switch.

The speed is nearly the same either way, but sometimes the switch can be slightly faster on the lan if tables are stored, which some managed switches do. For wan/port 80 requests, bypassing an intermediary switch and going straight to the router will shave off only the slightest bit of travel time, not really critical for your project.

Netgear Nighthawk R7000

Grrr...pro-sumer home router.  It's fine for gamers doing a lan party in a single room but not for distributing wifi to the spaces or situation you've outlined.  And dear god... these are musicians, which means they'll have all types of customers and friends coming and going, all with cell phones, all wanting to play candy crush on the couch while their friends track in the booth.  Bandwidth limited guest networks will be critical.

 

[boji]

Erp looks like we were replying at the same time regarding the tone probe. Yeah, good times. So the internet is included in everyone's rent? Whoever in that building has the most outside work will be getting the best 'deal' on internet of everyone there.

 

[Mbira]

Whoever in that building has the most outside work will be getting the best 'deal' on internet of everyone there.

...I'm planning on that person being me.  ;-)

I'm definitly planning on creating a "guest network" for all the candy crushers.  If we end up needing a better router, that may be able to be in the cards for sure-especially if that means better internet than what this netgear can do?

 

[boji]

better internet than what this netgear can do?

Not better, but more fair, more secure, and you can provision ip's based on who's doing what.  For label and PR folks, having private office lines where clients can leave messages is critical. VoIP is great for this, as calls can be routed to cell phones when people are afk, and voicemail is sent to email as text. Manager's can also know who's putting in the time to send and receive calls. This is a sellable upgrade if they are running copper, as it is cheaper than copper and you can get a monthly residual out of it if you go with the right VoIP provider.  Going VoIP means QoS, and net segmentation. Your nighthawk belongs in a dorm room, not in your business's closet. 

Edit: Yes likely better in a heatmap sense. Don't care how many antennas are sticking out of it. dB is dB, and if it's in the main closet, the folks 100' away with 4-8 sheets of drywall between it don't really have wifi.

 

[Mbira]

Not better, but more fair, more secure, and you can provision ip's based on who's doing what.  For label and PR folks, having private office lines where clients can leave messages is critical. VoIP is great for this, as calls can be routed to cell phones when people are afk, and voicemail is sent to email as text. Manager's can also know who's putting in the time to send and receive calls. This is a sellable upgrade if they are running copper, as it is cheaper than copper and you can get a monthly residual out of it if you go with the right VoIP provider.  Going VoIP means QoS, and net segmentation. Your nighthawk belongs in a dorm room, not in your business's closet. 

Yeah-there's no voip happening.  I think these managed switches let me control things on the individual port level-so I could see if one person is doing all the damage...does that make sense? To clarify something - it's like each business (band, pr, etc) has a single room, so one business will only have access to 1 or two ports from the switch depending on the size of the room.

 

[boji]

these managed switches let me control things on the individual port level

You can turn ports on and off, set slower speeds, see which ports are active, set passive/active PoE, but traffic analysis comes from the router/firewall. Switches are mainly just signposts. Firewalls are the cops/detectives.
Managed switches are only as smart as your firewall rules.

 

[boji]

https://www.studytonight.com/computer-networks/osi-model-datalink-layer

https://www.petri.com/csc_routers_switches_and_firewalls