Cisco :: Network Design Task - None Of The Domains Will Be Able To Communicate With Each Other?
Mar 6, 2013
I've been tasked with designing a network consisting of 3 separate broadcast domains with each one representing a separate business accross 3 separate floors. None of the companies should be able to communicate with each other.I've been told that the design should only represent the first 3 layers of the OSI model so I'm only looking at Cabling, Switching and Routing.
I don't expect you all to tell me exactly how I should do this, however I just need a starting point. My main issue is with routing. I'm aware that each port on a router represents a broadcast domain so if I use one router, 3 broadcast domains, does that means that none of the domains will be able to communicate with each other? Should I use more than one router or can i get away with one? Also just so you are aware I've been told not to use VLans and each broadcast domain must have its own ip address schema.
and this router will connect to 18 access point.and each access point need 30 usable host...how to design this netwotk, what subnet should i use...there is only 1 router, so just have only 1 default gateway,it is if the network have too many host, the speed will slow down, because they need wait others host to broadcast?
I'm working on a new network design for my company. We're expanding and opening some more offices and satalite sites. We're a UK based company but opening some US sites.We have a main UK office (Office A on the diagram) a call centre (Office B) and then two buildings on another site (Office C). The USA offices will be very small and only require a couple of computers, hence the small IP allocation. I have marked the IP addresses of the links on the diagram, I intend to use 3560 switches for all the switches marked and all links will be layer 3 to route multiple VLANs from each site to each site (where permitted). question is this: How do I achieve this in the switches? I'm thinking that OSPF is the way forward, is this right? I want to do as little configuration on the switches as possible to allow for dynamic updates of the network (i.e. I don't want to add static routes for everything).
I have gotten the assignment of constructing a fictional network for my school.. and i cannot quite agree with myself upon which equipment i should choose.. its supposed to be all cisco. i need to supply 5000 users all in all, but only 300 on this site. i need to know which connections would be the most reasonable to use and of course which routers "if any" and switches i need.. (+ additional modules if needed) i have tried to make a visio representation, but i just think something is way off.
I have a new project coming up that will require more IPs added to an already quite full class C network. My other issue stems from foolishly putting all hosts in the crowded C network onto the management VLAN. In turn, I have to make each port a trunk.Moving forward I'm wondering what's best for design.or if I should just attempt to change the subnet mask across the board.?
I am in the process of planning our new network. Our business is changing from hosting its own data centre, to moving it to a professional facility. We have 120 users, over 100 servers (physical and virtual) and three sites (main premise, data centre, dr site). The new network will connect all three. Our new WAN links are almost ordered. We will be making use of a managed MPLS IP VPN, with a 100M access rate at each site. I am currently focusing on the desing of the network at the main business premise. We have a significant investment in Cisco 2960 & 3750 switches and Fortinet firewall appliances. I plan to re-use these in the design.
Our current LAN is very flat and I want to segment the network. My plan is to create a number of VLANs, enable the Inter VLAN routing on the 3750 and then attach the 3750 to the Fortinet appliance which will provide stateful firewalling and traffic policin based on the VLAN (subnet) addresses. It is important that the traffic be routed as quickly as possible from this site to our prod and dr data centres.The 2960's act as the access layer, the 3750 as the distribution layer. The 2960's will connect via port channels (layer 2) to the 3750's and the VLAN interfaces will be configured on the 3750.
I was then planning on creating a VLAN on the 3750 to connect to the Fortigate appliance with a /29 address to limit the addresses used whilst also providing some flexibility for any future design changes.I want to implement a little security between the VLANs on the 3750 switches. I have a question about this coming up.I then plan to use the Fortigate appliance to do basic traffic policing based on source/destination addresses.
The WAN routers will connect to the Fortinet appliance on a Gigabit copper interface. The WAN routers will run HSRP between themselves and only one router will be active at any one time. The failover will be managed by the Fortigate and Cisco routers.I plan to define those addresses hosted at the other data centres and associate them with the interface associated with the WAN.I will then define the routing on the firewall for the two other data centres through summary routes for each of the sites. We will run static routing from the Cisco 3750 to the Fortigate and Fortigate to WAN router. We have no other networks/sites and won't have any others in the future.
The following diagram is showing what I "Plan" on doing or "Hope" I can do. This is the most complicated deployment I have taken on in my profession, and Honestly it is very exciting, but had some questions.
1. The network between the ASA's and Routers, is that suppose to be a Private network or Public Network? I have to assume Public because I want my ASA's to take care of the NAT.
2. ASA's are runing single context Active/Standby so what way will the ASA push out going traffic?
3. The routers need to know about each other in a BGP configuration, correct? We accomplish this using iBGP so will that traffic need to be allowed through my firewall to allow the routers to share that information, or should these routers be talking to each other outside the firewalls?
Is this design possible? I am sure there are limitations as always, just trying to wrap my head around the flow of traffic and where to start.
Additional Details/Requirements -
BGP routers are 2921's that I have control of. Both routers have 4 port GigEtherswitches in them.
ASA's are Active/Passive and cannot be Active/Active due the limitations of the Active/Active Design (VPN limitations)
Both ISP's must be used for outbound traffic, I would like to be able to load balance, but can send some traffic one way and the rest of the traffic the other way based on Routes.
ISP's are not Symentrical, one is 50mbps and the other is 250mbps.
All NAT should take place at the ASA's
The routers that have gig etherswitches, can they run HSRP?
Should I be putting Layer 3 switches between the routers and the ASA's instead?
Where should I run my iBGP communication for the routers?
I'm looking for feedback and constructive criticism on our network redesign project for our company.We are currently on a 192.168.1.x/24 and running out of addresses. We are looking to move to the following design and implement VLANs as well for segregation and security. We are probably going to use a few SG300s for switches. [code]
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
I'm currently working on setting up 2 ASA 5510's with redundancy/failover. I'm not an expert when it comes to the ASA's so I'm not 100% sure if I can do what I need to.I have 2 inside networks that need to remain separate, a DMZ network,and an outside network. Since each network connects via ethernet to one of the 4 ethernet ports on the ASA 5510's, all 4 ethernet ports on the ASA 5510 will be in use. If I wanted to setup one firewall as Active and the other as standby, how would I go about doing that? Do I need a direct ethernet connection between the 2 firewalls to use something such as HSRP? Or would the Standby firewall be able to tell if the Active firewall is OK since they would both be connected on each of their interfaces to the same networks?
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
One of our clients is replacing some of their aging network components with 4 Cisco 2960S switches. Unfortunately in this case, my skills of switch configuration are greater than my skills of network design. I have a really crude network diagram of their basic network layout (4 servers, 4 switches, and a number of endpoints).
How would you experts design the physical connections in such a way as to facilitate some redundancy?
I am just browsing and looking for a solution to converge my multi-vendor switched network and bring some redundancy to it as recently we managed to get a redundant links. I have a need to change core switch to Cat3750G, which has Per-V LAN-RSTP+ on board, but tests have shown that it won't be compatible with some other proprietary per-V LAN RSTP solution other vendor's switches use currently.
So, I thought maybe standard-based MSTP design might do the trick. I've made some tests and got some weird and unstable switching result. I have two topology rings with a core switch in the center. Every ring has about 10 switches, so practically network diameter may vary from 5 switches (when spanning-tree converges in the center and I have a blocking port somewhere int the middle of the ring) to about 10-11 switches (if a I have link failure on any of ports right at the core switch). I disconnected one port from core switch to eliminate a possible switching loop while I will be configuring new MSTP design. Then I started enabling MSTP on all the switches staring from core Cat3750G to MSTP, one by one, placing all switches to the same MSTP region, and placing all V LAN's to default MSTI0(CIST) cause I don't need to organize any separate MSTP instances for every V LAN or for group of V LAN s. When I turned MSTP on on 7th or 8th switch in the chain (cause I had a physical chain when I disconnected one port out of redundant ring) I got all switches "flapping", storming and flooding the network with broadcasts. Even when I had one redundant port disabled.
I have no idea what I am doing wrong. I noticed that Cat3750G has an option that defines a possible network diameter which actually automatically changes some hello, max age etc. attributes according to diameter specified. When I defined a maximum network diameter of 7, if didn't change anything: I still have hello timer of 2 sec etc. I've been wondering if the maximum network diameter has something more than just a "variable" to fine tune hello timers etc? Maybe I won't be able to use MSTP in my network which might have diameter more that 7 switches. Or maybe it was a mistake of placing all the switches to the same region and all the v LAN s to the default MSTI0 (CIST) and I should configure one MSTI per V LAN or per some group of V LANs and subdivide my switches to few MSTP regions?
Everyday 04:00 AM, I set repeatly configuration sync. But, Since 04/16/11 04:00:00, Background tsak is not working. So, I was wcs stop -> start (04/18/11 08:30) this situation is randomly occurrenced. I found similar symptom, bug CSCtf23192. This bug fixed 6.0.202. But, I used 7.0.164. I want to know that this bug occurence 7.x and fix in 7.0.172.
04/16/11 03:55:37.774 INFO [monitor] [PollSerializationLock-1] SiAqStatspostNetwork Ending updateServiceDomainNodes for Area 184.108.40.206-12603442904884/GSIDC_12F, elapsed = 0 04/16/11 03:55:37.837 INFO [monitor] [PollSerializationLock-1] SiAqStatspostNetwork Ending updateServiceDomainNodes for Area 220.127.116.11-12603443248315/GSIDC_13F, elapsed = 0 04/16/11 03:55:37.837 INFO [monitor] (code)
I have a cisco 3900 integrated services router. I am a little new to the cisco IOS. I am having an issue getting my LAN network to communicate with the WAN gateway. From hosts I can ping the interface IP address but not the gateway. I have used the default route command of IP route 0.0.0.0 0.0.0.0 [wan gateway from ISP] I have already set up NAT, DHCP, I just cant seem to get the internet working, the following is my config.
create a scheduled task in LMS. In this task I would like to regularly check time on all network devices in LMS and generate a rapport about this that would be sent to e-mail. All network devices have the same NTP server. How can I create this task? LMS version is 3.2 SP1.
I have two ASA 5515 configured in failover (active / standby).I used the ASDM wizard to create connections through ipsec cisco client.Currently users are able to connect but can not do a ping to anywhere inside the network.
The ping request is received from the internal client but the internal client can not communicate with the remote user.The ping fail also directly from the ASA.
When the remote client is connected an entry is added to the routing table:
S 192.168.10.130 255 255 255 255 [1/0] via <ip of the ISP>, "WAN"
as if that IP was reachable directly from the Internet.I tried changing the settings of the NAT but in no way I can make them communicate.The ultimate goal would be to create different users with different access permissions to the LAN and the other subnets in the company.
I have a Cisco2811 SRST/K9 router with a four port FXO that is part of our phone system. It won't ping to anything on the network except for one particular switch. I can ping that switch (but nothing else) and that switch can ping the router and telnet into the router; however, when I plug the router into any other switch on my network, it will still only successfully ping that one switch. It won't ping the switch that it's physically attached to. I can see the router from the switch when I do a Show CDP Neighbor. And I can see the switch when I do a Show CDP Neighbor from the router. But it won't ping. When I do a Show Adjacency from the router, it returns only that one switch. I've tried a Clear ARP on both the switch and the router. I've also compared the config from the router to the config of a working router on the network and everthing looks the same. I can ping anything on my network from these switches - except that router. I even tried changing the default gateway of the router to be the ip address of the switch with which it can successfully communicate.
Implement the procedures required so that machine 1 and machine 2 can communicate statically with one another. Outline the TCP/IP settings to be used on each of the machines and set this machine up accordingly.
Me and my wife just moved into a new apartment and got subscribed to a new broadband provider. They sent us through a cisco router (model no.epc2425) and we created a WPA2-Personel secure network, with encryption type TKIP. I have connected my macbook to it, my iPhone to it, and my wifes samsung netbook (running Windows 7) but I cannot connect my laptop running vista to the internet. I've tried playing around with different network security and could connect to it on WEP but I didn't want to keep it on that and I couldn't connect the net-book. The rest of the security types and encryption types have the same response.The computer connects to the network with an excellent signal, but it is the only computer that cannot connect to the internet through this network. I never had a problem like this with this computer and have tried it on other networks.When I run windows network diagnostics it says 'Cannot communicate with Primary DNS Server (18.104.22.168)'Network diagnostics pinged the remote but did not receive a response.'
When I try to automatically get a new IP setting for network adapter it tries to repair but then says 'there still seems to be a problem with your connection'. Likewise when i click 'reset the network adapter' the repair leads back to cannot communicate with primary DNS server.I have tried a wired connection, router to computer, but as soon as I plug it in I get the message 'Windows has detected and IP address conflict' - and it once again connects to the network but not to the internet.I don't know if this makes any difference, but this is a British computer and I moved to Sweden, obviously using a Swedish ISP..i used to have this problem, you need to set the network adaptor to all automatic, your new cisco router uses uPnP so your IP conflict is probably a result of your unconnected laptop trying to connect to the same IP address as another PC on your network (eg/ 192.168.0.5 would be used by your iPhone, but your laptop has reserved that IP address for itself), to fix this, go to network and sharing center, navigate to adaptor settings on the left pane, right click the wireless card and choose properties>IPv4 properties, set everything to automatic, including all things in other tabs and click advanced and make sure DHCP is enabled on that card.Then reboot and try again.''I had a look at the wireless card (it's Atheros AR5007EG Wireless Network Adapter) and on the IPv4 properties it's already on 'obtain and IP address automatically & obtain DNS server automatically' as well as 'automatic private IP address' in one of the tabs.
I was wondering what this command that appears in default configuration of cisco routers: scheduler max-task-time 5000.I did some research in forums but did not find anything apart from the "scheduler" command with other options.
I'm new and just entered in the world of studying my certification for Cisco, since I'm curious I see that there are switches that can perform task depending on the layer? I see some with specifics for Layer 2, some other for layer 3 and even some others with router capabilities!I know this is a rookie question but how do I know what the best switch for a network? or how can I identify them?
I connect to the internet through a Thomson TG585 v8 modem. When I log in to the modem's IP (192.168.1.254?) through a browser, I only get one task available, that is "Check connectivity for this internet service". As far as I know, I should have some management options, like for example to block websites, to limit internet service for certain devices etc... Does anybody knows why I don't have these options? Could it be a restriction from the Internet Service Provider?
I am able to connect to the internet wireless. The wireless icon does not change. The blue dot rotates and moves about but instead of showing a connection, just the signal bars showing, it shows a land line connection with a red X over it. This happened after one of those many Windows updates.
I know I could try a reset to an earlier boot however, I made too many changes, installs and such that I don't want to loose any of it. There has to be a workaround for this lousy problem. I though of perhaps deleting my wireless connection and reinstalling it from the modem on up to the router. I just don't want to keep digging a hole! Ya know what, I really miss my apple computer which I finally gave up on because the price was overwhelming.