Thinking of buying this cisco switch

banross · December 7, 2020, 4:31pm

I am thinking of buying a layer 3 switch for my small business.

My requirements are :

I am planning to make separate five VLANS:
VLAN 10: Employees
VLAN 20: Managing Directors and their printers
VLAN 30: CCTV Devices and NAS for storing footages
VLAN 40: Guest WIFI which only have internet access
VLAN 50: Linux Server

I want to also enable the DHCP server and inter-vlan routing where VLAN 10,20 can access the VLAN 50.

Currently am not planning to upgrade my cheap Linksys router ,So can i do all the above things from my switch and just use my router to route traffic from internet.

Switch which gets fits in my budget : https://www.cisco.com/c/en/us/support/switches/sg350-28-28-port-gigabit-managed-switch/model.html

gsrfan01 · December 7, 2020, 4:55pm

It looks like that switch can handle what you’re looking for, it does VLANs, ACLs, DHCP, and inter-VLAN routing.

However, you may be better served by swapping the Linksys router out with a PfSense firewall and getting a Layer 2 managed switch. That way you can handle everything in PfSense through firewall rules to accomplish your restrictions on inter-VLAN traffic.

banross · December 8, 2020, 8:30am

Will this router be ok ?

abhay9 · December 8, 2020, 10:08am

Here the issue is not that cisco can do it, issue is the router or firewall which you use can do Vlan, DHCP etc.

All the Managed Switch can do what you want Cisco so do, so managed Cisco will do just switching provided your router/firewall can do what you want to do.

In fact if your are using for home then you can also get away by using Smart Switch like TP-Link SG108E for your switching job.

I am using pfsense as firewall/Router and I have 1 Cisco managed Switch and 2 TP-Link Smart Switch in my Network.

banross · December 8, 2020, 11:43am

But I want my switch to do all the VLAN and DHCP things and just want to use the router only to route traffic from internet.

Actually I am new to networking so having less knowledge about things and my company is also running on low budget so I think of just buying this switch and later on upgrading to a dual wan firewall router just like mikrotik or getting installed pfsense on any of my systems.

But at last my question is can I do all the above things which i mentioned above in the switch??

gsrfan01 · December 8, 2020, 2:21pm

The Cisco switch looks like it should do what you need.

Keep in mind that in order to prevent traffic flowing between VLANs you’ll need to setup Access Control Lists (ACLs) on the switch. Looks like there’s a Cisco video on this: https://www.youtube.com/watch?v=lzMVLCzc5yk I would dig into some YouTube videos on this switch, since Cisco seems like they’ve posted a few.

Keep in mind, you could get something like an SG1100 for $179 that is well reviewed by Tom here to handle PfSense. You could also get something like this: https://www.amazon.com/Firewall-Appliance-Gigabit-AES-NI-Barebone/dp/B072ZTCNLK you could even use the switch you’re looking at to do the tagging.

Normally in enterprise you’d have routers doing just routing, but for SMB that gets costly fast.

banross · December 8, 2020, 3:29pm

I am having around 15 users on lan so to buy a switch is mandatory for me.
The netgate router you recommended to me was in my buying list but unfortunately it is not deliverable in my area.
I think this mikrotik one will complete my need : https://mikrotik.com/product/RB750Gr3
So can you check this mikrotik one and reply me that will it be ok for me ?

gsrfan01 · December 8, 2020, 4:26pm

If you’re going to go down the routerboard route, I’d recommend only purchasing the Cisco switch and using that, it looks to be more user friendly. Even if you have a SFF PC laying around you can use that as a PfSense box with a cheap add in card.

Most of what you’d need to accomplish in RouterOS would be though command line. I’ve never used one personally, but it looks like it should accomplish what you want.

FredFerrell · December 8, 2020, 4:51pm

I would look at a used Cisco Catalyst 4948 with enterprise running on it. I am not really a fan of their SG switches.

abhay9 · December 8, 2020, 6:50pm

Ok Now I get it, if I am not wrong You want the switch to do the role of the router and use basic router as just modem.

I dont think you can do that on Managed Switch. You sure need firewall, as @gsrfan01 said you can use any of your old PC add dual port network card and use it as pfsense box or if you have VM Server you can also virtualise

FredFerrell · December 8, 2020, 8:38pm

A C4948 can act as a router.

banross · December 9, 2020, 3:16am

I have installed the pfsense in one of my pc lying around and also tested it.
But then I come to an end that I need to buy a router which will be reliable to work 24*7.
I don’t think the pc lying around will not last that much!! it is a powerful one but I doubt.
And for the command line configuration I had talk to my ISP they will help me out for configuring the router board.

I do really like the pfsense one but because of hardware issues am not thinking to go for that.
So can you do some research for me on the mikrotik one ?
Product code : RB750Gr3

banross · December 9, 2020, 3:07am

As replied to @gsrfan01 am thinking of buying a mikrotik router.

gsrfan01 · December 9, 2020, 11:47am

Based on what I can see it looks like it will do what you want. I’d look at how the configuration would have to happen as most of the documentation I see is CLI.