Plan a network to Connect 2 buildings 3 storey high with a distance of 500m between each building. Each floor is occupied by the Finance Department, Administration Department and Computing Department.the report should have the following items. Anything extra is encouraged.
a. Introduction b. Network Diagrams c. Devices that will be used.
I need to a run an Ethernet network between 2 buildings 1000ft apart. The buildings are in a forest so I don't think wireless is possible. What kind of cable can I run between the two buildings and what type of adapters do I need on each side?
and this router will connect to 18 access point.and each access point need 30 usable host...how to design this netwotk, what subnet should i use...there is only 1 router, so just have only 1 default gateway,it is if the network have too many host, the speed will slow down, because they need wait others host to broadcast?
I'm working on a new network design for my company. We're expanding and opening some more offices and satalite sites. We're a UK based company but opening some US sites.We have a main UK office (Office A on the diagram) a call centre (Office B) and then two buildings on another site (Office C). The USA offices will be very small and only require a couple of computers, hence the small IP allocation. I have marked the IP addresses of the links on the diagram, I intend to use 3560 switches for all the switches marked and all links will be layer 3 to route multiple VLANs from each site to each site (where permitted). question is this: How do I achieve this in the switches? I'm thinking that OSPF is the way forward, is this right? I want to do as little configuration on the switches as possible to allow for dynamic updates of the network (i.e. I don't want to add static routes for everything).
I have gotten the assignment of constructing a fictional network for my school.. and i cannot quite agree with myself upon which equipment i should choose.. its supposed to be all cisco. i need to supply 5000 users all in all, but only 300 on this site. i need to know which connections would be the most reasonable to use and of course which routers "if any" and switches i need.. (+ additional modules if needed) i have tried to make a visio representation, but i just think something is way off.
I have a new project coming up that will require more IPs added to an already quite full class C network. My other issue stems from foolishly putting all hosts in the crowded C network onto the management VLAN. In turn, I have to make each port a trunk.Moving forward I'm wondering what's best for design.or if I should just attempt to change the subnet mask across the board.?
I am in the process of planning our new network. Our business is changing from hosting its own data centre, to moving it to a professional facility. We have 120 users, over 100 servers (physical and virtual) and three sites (main premise, data centre, dr site). The new network will connect all three. Our new WAN links are almost ordered. We will be making use of a managed MPLS IP VPN, with a 100M access rate at each site. I am currently focusing on the desing of the network at the main business premise. We have a significant investment in Cisco 2960 & 3750 switches and Fortinet firewall appliances. I plan to re-use these in the design.
Our current LAN is very flat and I want to segment the network. My plan is to create a number of VLANs, enable the Inter VLAN routing on the 3750 and then attach the 3750 to the Fortinet appliance which will provide stateful firewalling and traffic policin based on the VLAN (subnet) addresses. It is important that the traffic be routed as quickly as possible from this site to our prod and dr data centres.The 2960's act as the access layer, the 3750 as the distribution layer. The 2960's will connect via port channels (layer 2) to the 3750's and the VLAN interfaces will be configured on the 3750.
I was then planning on creating a VLAN on the 3750 to connect to the Fortigate appliance with a /29 address to limit the addresses used whilst also providing some flexibility for any future design changes.I want to implement a little security between the VLANs on the 3750 switches. I have a question about this coming up.I then plan to use the Fortigate appliance to do basic traffic policing based on source/destination addresses.
The WAN routers will connect to the Fortinet appliance on a Gigabit copper interface. The WAN routers will run HSRP between themselves and only one router will be active at any one time. The failover will be managed by the Fortigate and Cisco routers.I plan to define those addresses hosted at the other data centres and associate them with the interface associated with the WAN.I will then define the routing on the firewall for the two other data centres through summary routes for each of the sites. We will run static routing from the Cisco 3750 to the Fortigate and Fortigate to WAN router. We have no other networks/sites and won't have any others in the future.
I've been tasked with designing a network consisting of 3 separate broadcast domains with each one representing a separate business accross 3 separate floors. None of the companies should be able to communicate with each other.I've been told that the design should only represent the first 3 layers of the OSI model so I'm only looking at Cabling, Switching and Routing.
I don't expect you all to tell me exactly how I should do this, however I just need a starting point. My main issue is with routing. I'm aware that each port on a router represents a broadcast domain so if I use one router, 3 broadcast domains, does that means that none of the domains will be able to communicate with each other? Should I use more than one router or can i get away with one? Also just so you are aware I've been told not to use VLans and each broadcast domain must have its own ip address schema.
The following diagram is showing what I "Plan" on doing or "Hope" I can do. This is the most complicated deployment I have taken on in my profession, and Honestly it is very exciting, but had some questions.
1. The network between the ASA's and Routers, is that suppose to be a Private network or Public Network? I have to assume Public because I want my ASA's to take care of the NAT.
2. ASA's are runing single context Active/Standby so what way will the ASA push out going traffic?
3. The routers need to know about each other in a BGP configuration, correct? We accomplish this using iBGP so will that traffic need to be allowed through my firewall to allow the routers to share that information, or should these routers be talking to each other outside the firewalls?
Is this design possible? I am sure there are limitations as always, just trying to wrap my head around the flow of traffic and where to start.
Additional Details/Requirements -
BGP routers are 2921's that I have control of. Both routers have 4 port GigEtherswitches in them.
ASA's are Active/Passive and cannot be Active/Active due the limitations of the Active/Active Design (VPN limitations)
Both ISP's must be used for outbound traffic, I would like to be able to load balance, but can send some traffic one way and the rest of the traffic the other way based on Routes.
ISP's are not Symentrical, one is 50mbps and the other is 250mbps.
All NAT should take place at the ASA's
The routers that have gig etherswitches, can they run HSRP?
Should I be putting Layer 3 switches between the routers and the ASA's instead?
Where should I run my iBGP communication for the routers?
I'm looking for feedback and constructive criticism on our network redesign project for our company.We are currently on a 192.168.1.x/24 and running out of addresses. We are looking to move to the following design and implement VLANs as well for segregation and security. We are probably going to use a few SG300s for switches. [code]
One of our clients is replacing some of their aging network components with 4 Cisco 2960S switches. Unfortunately in this case, my skills of switch configuration are greater than my skills of network design. I have a really crude network diagram of their basic network layout (4 servers, 4 switches, and a number of endpoints).
How would you experts design the physical connections in such a way as to facilitate some redundancy?
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
I'm currently working on setting up 2 ASA 5510's with redundancy/failover. I'm not an expert when it comes to the ASA's so I'm not 100% sure if I can do what I need to.I have 2 inside networks that need to remain separate, a DMZ network,and an outside network. Since each network connects via ethernet to one of the 4 ethernet ports on the ASA 5510's, all 4 ethernet ports on the ASA 5510 will be in use. If I wanted to setup one firewall as Active and the other as standby, how would I go about doing that? Do I need a direct ethernet connection between the 2 firewalls to use something such as HSRP? Or would the Standby firewall be able to tell if the Active firewall is OK since they would both be connected on each of their interfaces to the same networks?
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
I am just browsing and looking for a solution to converge my multi-vendor switched network and bring some redundancy to it as recently we managed to get a redundant links. I have a need to change core switch to Cat3750G, which has Per-V LAN-RSTP+ on board, but tests have shown that it won't be compatible with some other proprietary per-V LAN RSTP solution other vendor's switches use currently.
So, I thought maybe standard-based MSTP design might do the trick. I've made some tests and got some weird and unstable switching result. I have two topology rings with a core switch in the center. Every ring has about 10 switches, so practically network diameter may vary from 5 switches (when spanning-tree converges in the center and I have a blocking port somewhere int the middle of the ring) to about 10-11 switches (if a I have link failure on any of ports right at the core switch). I disconnected one port from core switch to eliminate a possible switching loop while I will be configuring new MSTP design. Then I started enabling MSTP on all the switches staring from core Cat3750G to MSTP, one by one, placing all switches to the same MSTP region, and placing all V LAN's to default MSTI0(CIST) cause I don't need to organize any separate MSTP instances for every V LAN or for group of V LAN s. When I turned MSTP on on 7th or 8th switch in the chain (cause I had a physical chain when I disconnected one port out of redundant ring) I got all switches "flapping", storming and flooding the network with broadcasts. Even when I had one redundant port disabled.
I have no idea what I am doing wrong. I noticed that Cat3750G has an option that defines a possible network diameter which actually automatically changes some hello, max age etc. attributes according to diameter specified. When I defined a maximum network diameter of 7, if didn't change anything: I still have hello timer of 2 sec etc. I've been wondering if the maximum network diameter has something more than just a "variable" to fine tune hello timers etc? Maybe I won't be able to use MSTP in my network which might have diameter more that 7 switches. Or maybe it was a mistake of placing all the switches to the same region and all the v LAN s to the default MSTI0 (CIST) and I should configure one MSTI per V LAN or per some group of V LANs and subdivide my switches to few MSTP regions?
Two buildings on same farm property 660 feet apart. Cable internet to one building does not reach 660 feet to second building and the cable company will not put it in. Wireless between the buildings is not out of the question; but, I've never done anything this distance before and I am concerned that signal loss over 660 feet might degrade throughput.
So, what is a feasible way of getting the signal from the first building 660 feet to the second building?
i need to draw a picture of a network being divided into two buildings one with 100 connections and the other with 560 connections and also need to assign ip and subnets on them. how many routers do i need for this?what class of ip do i need to use?what are the subnets
I've recently lost my ability to access the internet at uni and as this is quite an inconvenience I am considering some alternatives, the most viable one I've managed to come up with hinges on the fact that I live in a building which is only a road and another building away from the main uni buildings (3 buildings on 2 city blocks), basically it looks like this: UNI BUILDING 1 | UNI BUILDING 2 |ROAD| UNI BUILDING 3 |ROAD| MY APARTMENT.So I'm thinking of building one of these: url.. or waiting for the r20000g (dual band) to come out and buying that.THEN the area I'm having a bit of trouble with: I need to get reception about 600-700m away through buildings, so I've been looking at Yagi antennas and such but can't seem to find any information on the following:
1. Will a high powered directional antenna go through a few buildings and still make it 1km (.6 miles)
2. How directional is a directional antenna? like if I point one in the general direction of the building how accurate do I have to be? (I have no problem buying 4-5 antennas if I need to)
3. Do I need a new Wi-Fi antenna for my laptops? it seems odd to me that a laptop would be able to transmit back 1km while I need a giant antenna to get to the laptop (I know its not this simple but it still seems odd)
I've been in a home office for the past 2 years with 30mb internet, but I will be getting an office soon downtown. The building I'm moving into has free wifi, what is my best option to connect to this with my desktop?
1. Using an ethernet cable from my desktop to my ASUS rt-56n router as a bridge to connect to the buildings wifi.
2. Buying a wireless adapter to connect to the buildings wifi.
My phone only gets 2 bars when connecting so I'd like to know which of the options above will give me a faster and more reliable connection.
I have two buildings on my property that I need to network together. One is my home about 3500 Sq. Ft. and the other is a garage about 3000 Sq. Ft. The two buildings are about 250 feet away from each other. Both are fed from the same utility pole that is half way between them. That means both are on the same transformer, but each has its own metered electrical service.Right now I am using 10 Mb. Home Phone Line network adapters. They work OK but data speeds are limited to about 5 Mb. of throughput and the adapters are no longer available. I also have WiFi at both locations but neither one will talk far enough to cover the other building.I also use X10 remote controls in my house. I have tested them from the house to the garage and they do not work at all over that distance
I have 2 of these in a Bridge between 2 buildings. Cisco support replaced them with 2 BRAND NEW units after 6 weeks of waiting, that do the same thing. Spent so many hours on these turds it is insane. the thing goes down with the wind, tinker with it and maybe you will be up for a few hours or days then back to down again. Thinking it has something to do with the firmware or a power saving thing. Works great when it is up though. I am still trying stuff to get it to work stable. To much money invested in them now to start from scratch but they wanted budget equipment in place and not Cisco Aironet.
I currently have WLC 5508 and a few campuses with LAP 1142, each with 2-3 vlan. Now one of our campuses have a building thas is a bit far away and needs network (wired). We can't get fiber or TP-cable there in a good way. So the plan is to get two 1262 or 3500 with AIR-ANT5160NP-R antennas and get a wireless link working between the campus and the building. And then connect one of the AP's to a switch in the other building to provide it with wired network.
The problem is that I can't find information on how to do it. Should both APs be in autonomus mode? I probably only need to have 1 VLAN in the other building but I am not sure yet. Is there a problem with transfering several VLAN over the WLAN-link?
I have 2 - 1410 bridges ( point to point) between two buildings approx 600' apart. They seem to be aligned well ( Signal -52dBm, SNR 41 ) and have been very reliable. However, I cannot seem to run more than 26Mbps thru them.is there any recommended tweaking that can increase my throughput ?
I am having a problem in connecting two Cisco 2960 Switches between two different buildings using Cisco WLC 2504 & 3 Wireless 1552S APs.
- One AP is directly connected to Switch - 1 where WLC is connected and serving as a RAP
- Another one is working as Mesh in the field.
- Third one is a Mesh Access Point wired to another Switch - 2. (Bridging is enabled)
All the APs, WLC & switches are in the same network 10.3.x.x subnet mask : 255.255.240.0?WLC is working with default management interface whereas switches are having VLAN1 configured as default VLAN.All the port for the switches are Trunk ports?Once i am trying to ping the RAP or any MAP from Switch - 1 I am sucessful but once i am pinging Switch - 2, its not replying. Similar is that case from Switch - 2 side.
My manager ordered some Cisco X2-10GB-LR in hopes of having a 10GB uplink between two buildings. We put those modules on the switch and we are getting link flap errors, then the ports goes into err-disabled state.
I was later told there is a couple of "hops" between the buildings, it could be a patch panel or a fiber switch, I do not know at this point. My guess is, we are getting link flap because the "hops" are only running at 1GB. Would this be a typical sympton of the link flap error message? and is there any way to test if there is switches inbetween our routers?
Is GET VPN be a better choice than DMVPN in order to support VoIP, Video over IP, Advanced QoS and Multicast? I think it should be the better choice based on what is described as the benefits and how it works but I just want an expert opinion.
Can separate groups be created using the same key serves? I need to protect two functionally separate WAN segments that terminate on the same DC core routers. However I want the separate WAN segments to have different encryption policies. Is this possible?
It is stated in the deployment guide for GET VPN that "Network Address Translation (NAT) is not supported by GETVPN. NAT must be performed before encryption or after decryption when GET is used." However the NAT capability is required on all the routers.
The 2900 series routers has embedded hardware encryption but according to the router perfomance guide, with a mix of traffic such as NAT, QoS and IPSec VPN they are unable to provide 100 mbps of throughput. Does the new ISM VPN modules would allow the routers to achieve 100 mbps of throughput with the services mentioned above?