Suitable routers and switches for SMBs

Hi guys,

I work for an SMB service provider. Traditionally, we've gone with Cisco for our customer routers. However, as none of us are Cisco certified, we're finding them overly complex to configure. Most seem to have three interfaces - CLI / Telnet, Cisco Network Professional, and Cisco Professional Express (I think?), but seem to lack a decent web interface.

Now, I understand these are robust and feature rich units, etc, but given none of us really know all that much about Cisco, we'd like to switch to something easier to manage as we're not using all the features anyway! Ideally, something with a nice simple web interface, and optionally built in wifi. Cost isn't a motivator for switching here - we pay about $800 for a Cisco 800 series router anyway, so anything under $1000 is a good option. We're not looking for $80 DLink's.

So basically, a broadband router with WAN ethernet that's easy to configure and manage. I recently had the pleasure of working with a Fortinet Fortigate unit, but these seem significantly more expensive than Cisco; ideally we'd like something competitive.

Also, what are people using for unmanaged gigabit switches? Most of our clients use 48 port switches, but once again, they don't need VLANs or management of any kind. I'm a little concerned about Netgear as it seems a little consumer orientated, but please enlighten me. I can't seem to find ProCurve unmanaged or web managed 48 port gigabit switches either, which would be a nice alternative to Cisco.

Your recommendations are most appreciated!

 

For routers, Draytek and Sonicwall. Both great units, Draytek more SMB Sonicall more SME.

If you are paying $800 for an 800 series you are buying from the wrong place.. cost on a 867 (non wireless) is $360 ex.

For switches, Netgear Prosafe (good stuff) not their entry level stuff whic is rubbish, HP Procurve and for budget stuff, TP-Link make some good metal chassis plug and play unmanaged gig switches at unabeatable prices. I dislike the Linksys/Cisco switches these days, too much plastic and external PSU's can be annoying.

 

while their firewalls and simply amazing, 8k a pop is a bit to much for some people lol

switches - procurves. they arent the cheapest switches however......while not the best procurve, a 1810g-24 can be had for about 800$ inc, alas only web managed. plus/minus cost for features/ports of course... They also have a lifetime warranty which is pretty hard to beat.

24port neatgear prosafe fjxxx switches are even cheaper and are pretty solid.

routers - second crusher for draytek. can get routers with dual wan etc. pretty good units, i would however still stick with the cisco 8series personally. goodluck

 

Geex where are u guys buying your gear from Wholesale on a 1810G-24 is $427 ex and thats just from the first disti I loaded up

I also do Talkswitch IP PBX's and so throw in a Netgear Prosafe 24 port 10/100 switch with 12 PoE ports for the handsets.

 

Thanks for the responses guys.

Our main disties are Ingram and Dicker, but neither seem to stock Draytek or Sonicwall. Which wholesalers are you using?

We have been using Cisco 881W's, and these are about $800. I can see the 867 non-wireless, my buy is closer to what Crusher mentioned, so I don't think price is the big issue for me here, it seems to be choice of stock!

 

Draytek is distributed by i-lan in Sydney. Sonicwall I get through LAN1. Dont have an account with Ingram out of principle

 

The company i work for ran into the exact same issue.

Our standard router was a Cisco 877 or 1841. Problem was that none of us were cisco certified and wern't all that good at configuring them.

The best solution we found at the end of the day was to contract an individual to handel our cisco configuration and managment. It has worked out very well, as well as saved our company time and money.

 

Anyone management type person who does 60mins of research into ICT providers will be able to tell you who the tier1 vendors are. Don't think you won't get questioned about ibm vs whitebox for servers, or Cisco vs abc for networks. Gone are the days where SMB management is just along for the ride. From my experience, they are more brutal then large enterprise and government.

You'd best have a good argument ready for why you are making those recommendations. "None of us know how to drive Cisco" is honest, but will probably lose you a few customers.

Personally, i'd stick with the cisco stuff and fix the business skills issue, or take on a contractor/consultant for the network. I know a few SMB's service providers that have done the latter. And honestly, it doesn't take all that much effort to put together some templated configs. I'd be surprised if you can't find a basic config generator on google already.

 

Spend the extra time and learn some cisco - gives you a better understanding of how it all works rather than punching numbers in a fancy web interface.

In the past I've picked up plenty of customers because they couldn't find anyone else to configure their cisco gear. Even other I.T. companies in my region have approached me to program up gear for them. Cisco CLI really isn't that difficult once you get into the swing of it.

That said though, it comes down to what is right for the customer - if you're not comfortable configuring a cisco box properly and securely - best to go with something you're more familiar with and can configure securely.

I'm a fan of Netgear business routers and Sonicwall.

 

This

And this.

If the CLI is breaking your spirit, then that is the least of your problems. What I've found with most non-cisco techs is they can make something work, but often don't know why. So when something breaks, you basically see a whole lot of button pushing and rebooting until it some how rights itself.

Whereas, most cisco guys (well, the ones I know anyway) understand eg cabling, spanning tree operation, ip addresses particularly non contiguous masking, tcp operation, and generally quite a bit about L7 (eg HTTP). They can troubleshoot a problem methodically, and figure out the root cause, then find a solution so that the problem doesn't happen again.

The gui button pushers are less bothered about resolving the underlying issues. The next time they will just hack away at it again until it comes good.

I realise I am making massive generalizations - apologies if you happen to be a competent button pusher or an incompetent CLIer.

 

Draytek is great, ive been running a vigor 3300 for a few years without issues

 

I just get our CISCO re-seller to configure our CISCO gear, I got too many things on my desk to spend the time making a half baked job of trying to learn all that stuff, i'll leave it to the subject matter experts and trust their advice.

Comes a time in our career as we move into management and broader responsibilites we need to 'let go' of some of the hands on stuff we used to enjoy, shame really but there you go.

Last thing you want is a misconfigured router or firewall at your network permiter....

We use a combination of CISCO routers and HP Procurve switches, seems like a good combination.

-NyarghNia

 

how best to learn IOS?

put the case to your employers to buy 800/1800 series routers for you to use at home (on a loan basis (I've done that here with our guys and also ran a CCNA condensed course for them)), the fastest way to learn how to use cisco equipment is to break it and realise why it broke and what you need to do to fix it.

whether you're using ethernet / ATM as a backhaul or whether it be an 800 or an 1800 or a 2800 series, IOS is IOS.

use the business case of cross skilling your team in IOS for better business continuity.

 

Yes I forgot to mention Netgear Prosafe units... again the business models. 3 year warranty, run a linux OS so they are one of the reliable multi pptp passthrough as they have pptp session tracking in kernel.

 

we use to use snapgear products, but as is known they are gone and sucked into Mcafee's bit bucket.

We are currently trialiing the Cyberoam gear, and so far seem OK, but have not dealt with their support yet, so I don't really have a good/bad repore on them.

Switches: you can't go past HP procurve.

 

Or buy an older model on ebay yourself if they won't/can't buy you one. There's some stuff on now that's around the $50 mark. There's even one listing for a stack of routers/switches for $60 buy it now (no shipping offered though).

 

I'll agree with this. I've had good experiences with the larger (24 port), blue metal chassis netgear switches (the 16/8 port ones drop packets under any kind of real load, but you'd probably never encounter in most SMB's). The Procurves are solid with a lifetime warranty (and look and smell suspiciously like a cut down entry level cisco). I actually like the workgroup linksys (cisco branded) switches (8-24 port), they've performed well for me. I have one of their WAP's however, which is awful.

If you can't configure cisco, don't sell or support them until you either hire someone to or learn. End of story.

You could also configure a single linux box to provide active directory like services, provide exchange like services, serve files, route and proxy traffic and provide all sorts of amazing stats.. all for free! But it's unlikely you have anyone who can support that (those people are pretty rare). So should you be pushing that instead of say, SBS 2008, because it's cheaper?

Nothing pisses a customer off more than watch a tech at $200 an hour bumbling away at something they don't know how to drive.

 

You're kidding, right?

I've got a list price for a Fortigate 60C in front of me (sub-$2k) and a Cisco ASA5505 (~$2.5k, limited to 50 users). IMHO, Fortinet are significantly less expensive than Cisco in every respect, and work better than the equivelant Cisco ASA.

I still wouldn't spec anything less than Cisco or Juniper for SME/LE switches or routers. There's a great thread here (http://www.gossamer-threads.com/lists/nanog/users/127576) from nanog that discusses Cisco/Juniper/HP/et al.

IMHO/experience:

3Com - good gear as long as you don't ask too much of it, and now part of HP.

Dell - CLI isn't too bad, reliability isn't too bad, however I've had issues getting them to play nice with other gear.

Extreme - still getting over the 'big purple packet eater' slogan.

Fortinet - great little firewalls, haven't played with the FortiSwitches but they also look good and I haven't heard bad things about them.

HP - good gear as long as you don't ask too much of it, I suspect the 3Com acquisition will produce interesting things in the next 18 months.

Nortel - total joke, and bankrupt to boot. CLI on their switches is the worst I've seen in years.

-A.

 

i use cisco routers personally and if the need arises i use the ASA's as for switching i like Procurve

never had a cisco router die on me but did get a DOA Procurve and literally have deployed hundreds if not actually close to a thousand in 3 years

current project we have over 40 offices all running on 8xx routers and no problem for over a year, all switching here is Procurve as well, no problems either

 

Can also vouch for Draytek and HP. We have a Draytek 2950 router that routes all our WAN traffic and a mic of 2510G and 2610-PWR switches.