Thanks Greg I've discussed the cabling with the contractor who's building it, and the plan is to run 6 core fibre between the buildings. There's a small workshop where we can put a half-height cabinet, and we'll run fibre to there as part of the initial build, and then we can run from there to each of the units when they're built later. We will need VLANs - we'll have VoIP, internal network, guest network. Not sure about CCTV/access control yet. With CRS125/226's I can use the switch chip and port/mac based vlans and use isolation to prevent people broadcasting dhcp to everyone else etc, but I'm open to considering other options too. At the core - looks like it might make sense to use something else for switching. Regards Russell Hurren Managing Director Zero Point Networks PTY LTD (08) 6262 ZERO -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Greg Sent: Wednesday, 30 December 2015 15:47 To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] Network design Russell I think you need to divide up what requires 'ROUTING' and what requires 'SWITCHING' to narrow down equipment. You should also describe what kind of traffic you expect and services required(Internet/ access control / CCTV / Voice /Internal corporate network/ etc...) all of which may all translate into requirements for VLAN segments running over trunks Consider the anticipated average and burst traffic levels especially for backbones. Consider your options for redundancy between network devices vs cost and complexity to manage. You should also note limits on physical cabling distances, if as you say they will possibly expand cat5e/6 has a limit of 90meters and allow for 5/5meters of patch cabling on either end. If they expand then you need to make sure you dont need to rip all the old gear out and start again.. Fiber optic is defiantly worth it for backbone trunks, especially when your talking 10Gbps and above and you want reliability, long distances and future proofing. Cost is getting very reasonable for 6 to 12 core indoor 50uM OM3 and outdoor fiber. Consider hardware other than Mikrotik for pure switching(EG. Cisco 2960's), as you will find when running a CRS226/CRS125's that once end users are pushing 1Gbps+ traffic through the unit you will need to ensure you are using the 'switch chip' functionality of those models rather than relying on the CPU side of RouterOS to move layer 2 frames as CPU load will soon reach 100%(those units don't have overly fast CPU's) and of course depending on traffic load. Other reasons to look at other hardware is the lack of 802.1x support in MT on the physical ports and port security in general(e.g Guests plug in all sorts of random crap into ether ports in there rooms, e.g rouge DHCP servers, there own AP's, monitoring equipment etc.., so you need a plan..!). Good luck <http://www.google.com.au/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0ahUKEwijyeDjhoPKAhUG4qYKHRTND2AQjRwIBw&url=http%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsolutions%2FEnterprise%2FSecurity%2FSAFE_RG%2FSAFE_rg%2Fchap5.html&psig=AFQjCNHV71Rk4rTvprN0VQ00T9-a63g-EA&ust=1451546630282279> Regards Greg. On 30/12/2015 5:16 PM, Russell Hurren wrote:
Hi everyone
I'm designing a network for a large accommodation facility. It'll have an office/conference hall containing the server room and 8 houses (mixture of 1, 2 and 3 storey). Later on they'll add numerous small units at the other end of the site.
My thoughts were to use an AxiomTek NA850 (http://axiomtek.com/Default.aspx?MenuId=Products&FunctionId=ProductView&ItemId=1152&upcat=233) with 3x 4 port 10GbE running RouterOS as the main switch, a CCR1016-12S-1S+ as a secondary (so we've still got 1Gbps if the 10Gbps fails, but cheaper than 2x 10Gbps switches). I'd put CRS226-24G-2S+RMs in each of the buildings. The site will have NBN. It's a non-profit organisation so I don't think they'll go for enterprise fibre. Might go for multiple NBN links, not so much for redundancy but to separate voice and data etc.
When they build the second stage, I was going to have a half height rack somewhere with another CCR1016-12S-1S+, and that connecting to either CRS125-24G-1S-RMs, or perhaps wall mount RB2011's or similar.
My questions: . Will I get wirespeed switching at 1Gbps on the CCR, and at 10Gbps on the NA850? It'd be a dual Xeon with as much RAM as I need to specify. . What should I use a router? Perhaps a CCR1009-8G-1S-1S+? The bypass feature of the RB1100AHx2 was interesting (and the AxiomTek's have a bypass feature too) but I'm not sure how much cpu power I need.
The site is a day's drive from me, so it needs to be reliable. There's people onsite who can handle things like swapping out a power supply (as long as I've got a way of detecting a failed one).
Regards
Russell Hurren Managing Director Zero Point Networks PTY LTD (08) 6262 ZERO _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au