Depends on lots of things of course - but building in flexibility is the
name of the game :)
You're right in everything except running a port straight from the switch to
a modem - that means no real traffic control. That switch port should run
into the firewall's LAN or OPT port.
If this hasn't been cabled yet then absolute minimum two runs of cat6 to
each apartment, and proper cat6 inside each apartment too. Consider what
other services will be offered in the next 10 years and whether you can
allow for that. Maybe even run some coax for cable TV/whatever is
Another option is more OPT interfaces, each with some apartments hanging off
them - 2 with 12 each, or 3 with 8 each? Spread the load a little.
That said - its good to buy the server for now, cos in three years when
speeds have gone up 10x then a new box is easy. Its hard to upgrade wiring
in place though. ( I still have some cat3 in the walls here)
From: Aaron Cherman [mailto:aaronc at morad dot ab dot ca]
Sent: Monday, 24 July 2006 3:12 p.m.
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] VLAN's, QoS, bandwidth hogs
> * Apartment building
> * DSL
> * Each apt ought to be on its own VLAN
> * Each apt to see internet but not each other
> * Cisco switch (don't know model ... yet)
> * A few serious bandwidth hogs (need to reign them in)
> Can I create 24 VLAN's, one for each switch port, as handled by the
> switch; or can I create 24 VLAN's on the m0n0wall?; can QoS be applied
> to all of the VLAN's? I think the regular "QoS wizard" will be just
> fine for us without too much tweaking since I can enable "share
> bandwidth evenly across LAN", if that setting (in this situation)
> means "share evenly across all VLAN's".
First, I think m0n0wall can only handle a certain number of interfaces (I'm
not 100% sure on this). If it could handle all 24 VLANS, plus the LAN and
WAN, it still seems to me like the hard way of doing this. Can I assume the
building has 24 units? Each with a home-run to the switch? Does the switch
have trunk ports? Most managed switches can have port based VLANs
configured in them - meaning you can set which ports can see which ports.
So all you would have to do is make sure that the only port all of the units
can see is the one going to the DSL modem.
If I am wrong, someone else please correct me.
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch