Context:
Recently one of my partners called me as they had some issues with their customer and they didn’t have any network specialist in-house. Its network performed poorly, regular disconnections from wifi, Internet slowness, VoIP calls dropped.
The building of the customer is composed of 3 floors in the center of Brussels. The building has been well renovated.
The customer’s employees work mainly with Cloud based applications. As we are talking about a real estate company, it is important to consider that the customer works with big files (pdf, MS word, maps and so forth. So, in that case, it’s critical that the network performs well.
Characteristics of the infrastructure:
- Number of users: +/- 20 (1 site)
- Type of devices: VoIP phones, Laptops, Desktops, MFP printers,
- Type of Network: Wired + Wireless
- Internet Line: Fiber 500 Mbit/s symmetric
- Network Switches: 4 different models / specs
- AP: Cisco Meraki Go AP (802.11ac capable)
- Firewall: Fortigate 60F
Constraints:
- very limited budget (implies re-use of existing equipment)
- Network cabling coming from the different rooms to the patch pannel are CAT 5E STP
Identified issues:
- Network switch topology (Daisy Chain)
- Mixed switches architecture (1Gbit/s mixed with 100 Mbit/s – old Cisco SG series)
- Flat network (no VLAN) – All types of traffic running on the same /24 subnet.
- Firewall issue (Firewall not responding correctly on LAN interface & limited bandwidth)
- No structure in cabling
- Network cabinet not maintained correctly
- No restrictions on outgoing traffic (LAN -> WAN)
- Cabling from patch pannel to network switches were UTP (very bad due to electrical interferences)
The solution:
Network topology review:
Instead of using a daisy chain topology wich increase the latencies all along the switches, I’ve decided to move to a 3-tier topology ( FW – AGG Switch – ACC Switch). Due to the limited budget making a redundant setup at Firewall and AGG switch was not possible. Planned for later. The switch with a max bandwidth of 100Mbit/s has been removed.
New Cisco Catalyst 1200 have been bought to give more freshness and robustness to the infrastructure.
VLANS have been defined to isolate main types of traffic and optimize network segments.
Introduction of a guest wifi attached to a specific vlan.
The new topology can be depicted as follow:
Network Cabinet review:
Introducing cable management between switches to permit easier maintenance and air flows. To ensure a perfect stability of the data running on the cables, all of them have been replaced by STP (Shielded Twisted Pairs CAT 6 cables). Labeling rings have been placed on the cables to easily maintain and troubleshoot. Proper color convention has been established based on the type of devices.
Firewall Replacement:
As the firewall had a lot of issues, it has been replaced by a new one. Outgoing traffic (South -> North) has been limited with L7 features included.
Before/After Snapshot:
Notes:
- At the moment of the picture the faulty firewall was replaced by a old Fortigate 80C. As from March 2025, the new Fortigate F60 is working flawlessly.
- At the moment of the picture the STP topology was not configured, in between it has been implemented
Client / Partner reaction:
Both are happy:
- the Cloud applications has never been so responsive.
- Very quick printing and scanning over network
- No more issues with VoIP calls
- Internet can be used at full speed: 480Mbit/s UP & DOWN
- Wifi association process is very fast
My 50 cent on this project:
Funny fact. I could observe on this mission that I needed a CAT6A (10Gbit/s) cable to connect the Firewall to the Internet modem and AGG switch to take advantage of a 1Gbit/s bandwith. Using CAT6 or CAT5E cables on the firewall reduced the usable bandwidth to 100 Mbit/s.
I will investigate later…
Thanks for taking time to read this showcase. I hope that others will come. Feel free to reach out for any remarks or questions.
You are interesed to work with me, don’t hesitate to book an appointment via the Calendly widget
Enjoy your digital journey,
Your host,
Michaël
Phenix-ict Blog - Passion is our driver 