Looking for a small but manageable switch

[ciscokidjt]

Does anyone know of a small network switch (let's say from 3 to 10 ports) that is manageable, and relatively inexpensive? I'm trying to find something for very small offices (typically 1 to 3 people) using VPN over broadband (the switch would obviously sit behind a Pix506e, which provides the VPN function). ??

 

[NetEng631]

Why use a pix you can use a Netscreen 5 that has 4 user ports and an uplink port. They support IPSec and are manageable.

NetEng

 

[ciscokidjt]

It's a corporate thing. Cisco is our chosen vendor for LAN/WAN gear, and the 501's (which also have the 4 port integrated switch that you speak of) have proven to be less than reliable in the field... not a good thing considering that Cisco doesn't give you a technician on site as part of their maintenance on the 501's. So, 506e is what we're deploying. Now, I might be able to get away with a non-Cisco vendor for a small switch, if it's manageable and not too expensive, since management is asking for something and Cisco doesn't have anything to offer.

 

[baddos]

Just curious... What are you going to be using this small managed switch for? Is a managed switch necessary for a remote network?

BTW... I think Cisco has Netscreen beat on the technical support any day.

 

[ciscokidjt]

We won't do anything special with them. It's simply that the smaller, remote offices tend to have Internet service from some mom & pop provider, and I feel that the more I can see, the better shape I'm in when there is a problem (whether it's the ISP's issue, or somebody on site has mucked with the equipment (you'd be amazed how often that happens). At this point, if what I'm looking for doesn't exist, maybe a Linksys switch will have to do. Not manageable, but cheap, Cisco owned, and the support is half-way decent.

 

[NetEng631]

I curious Baddos have you had bad experience with Netscreen TAC. I haven't. I guess I haven't worked on a pix in a while and I remember them to be cluggy and hard to configure. I have a lot more experience with Netscreen and Checkpoint. I like the netscreen much better. They have a lot of great documentation on the web site and the tac seems good. I also like the product. Sometimes Cisco piece meals there products and they get a little weird. Netscreen really only does firewalls and it shows.

 

[baddos]

Yeah... We had a Netscreen the was pretty much DOA. The unit would work fine for about an hour, and then die for no reason. Tried a couple of software updates, but they never fixed it. We ended up selling it for $700 to some recycling company.

It was the older Netscreen 10 though, so things may have changed. I can still remember listening to the arrogant tech support people, and wondering how they were still in business. It's just that the Cisco TAC is totally opposite, and generally fix your problem while being nice.

Again though... this was over 3 years ago.

 

[NetEng631]

Currently Netscreen is really good. I haven't had any problems with them. I remember when Cisco tac was the same way and the only answer you ever got was do an IOS upgrdae.

NetEng

 

[vipergg]

Ever thought of buying something like a Dell switch , you can get a managed 24 port 10/100 switch for like $500 . I know it's more than you need but for the bucks or how about an HP 2512 , managed 12 port switch . Around $500 and has a lifetime warranty . Also has next day replacement if it fails .

 

[CCIEcandidate]

Ciscokid,

We just deployed about 4 501's. What issues have you seen with them?

Just so I'm ready for it.

Thanks,
Nick

 

[ciscokidjt]

There are two issues with the Pix501's. The first, from my experience, is that after being in the field for around a year, they become unstable and start rebooting themselves for no apparent reason. Cisco has yet to explain the cause of this to me, but we've RMA'd about 6 of them because of this, and are taking the rest out of production to prevent future outages (my remote offices are loan centers that write mortgages, so downtime is very costly). The other issue is that if you do have trouble with one, Cisco provides 4 hour onsite replacement, but NOT with a technician. Thus, I've never sent one to an office that wasn't within driving distance of our corporate office.

 

[ciscokidjt]

One very nice box would be the Linksys 802.11G wireless / VPN / router / integrated switch. However, I work for a financial institution, so there is some hesitation to implement wireless. They are manageable, but unfortunately there's no console access.

 

[baddos]

If you experience rebooting of your PIX boxes, that would first lead me to a heating/cooling problem. I know that those little PIX boxes aren't very big and if in a hot area could overheat easily.

 

[ciscokidjt]

You could be right. However, they all were in well ventilated areas. It just became too much to support, so we're going with 506e's across the board now.

 

[lui3]

Regarding the switch question.
I would go with a 2950T

24 port 10/100 w/2 1000 Base T connections.

It supports the enhanced image and does some qos on per port basis/marking and policing mainly. it list for around 1000 bucks w/ support contract. I think list on the switch itself is 2950.


great switch and should work nicely with other cisco gear.