Re: Please comment this network<<--Tried 3 times, Post isnt showing up.
I am going to try to comment on this, but you may have more information to send me pertaining to my responses, and as the information on your post is rather broad:
1. On the issue of Scalability:
-I am going to assume where all the 2950's are is considered "Site A"
-The biggest things to consider in scalability are:
-The growth within the vlan areas I.E. vlan 1, with 20 users what expansion is expected within the coming years. Ensure you initially create a subnet to handle future expansion. I.E. if you expect a growth of 100 devices requiring ip addresses, doníŽt give the initial subnet only a 255.255.255.248 subnet (assuming a class C address) when that only allows for 30 addresses, and will cause you to go back and reconfigure the DHCP (if used) scopes. Consider future expansion of infrastructure, end user PC's, and Printers.
-Port saturation. 2950's allow for a MAX of 48 ports, depending on the model. In areas in which you are planning 30 users, this only allows for 18 more direct connections. To truly feel the effects of bridging, you want to stay away from hubs as much as possible. You may want to consider a 2980, which can offer you twice as many ports, and the capabilities of a 4000 series switch, only without the removable blades.
-Server Assets. I notice none of your vlan assignments are specific to servers. Ideally you will put them on their own vlan, and so ultimately on their own subnet.
This is a broad one, as it really depends on how well the network is initially configured, maintained, and monitored there after. As well as the conditions in which the equipment is going to be kept. Some key things to think about are:
-Once again, the use of hubs can cause problems with network congestion by adding more devices into one broadcast domain. The whole Idea of access layer switching is to allow all users to feel the available bandwidth by separation of broadcast domains.
-Physical media. Will you be using Fiber or copper in this infrastructure. I assume that with 2950's having GBIC ports available to be used, that you would use fiber. Keep in mind that while fiber is more reliable, it is the most expensive to fix.(monetary issues you mentioned)Gbic cards cost about 1,000 a piece if they go bad. Also consider the speed in which you receive access from your ISP, and from that decide the medium.
I assume you are concerned with the VPN's mainly. Use the Microsoft VPN capabilities with the highest encryption strength. Ensure the use of boundary protection facilities between the 1721 and the WAN. This includes both Firewall (PIX??) and access lists. Consider internal firewalls, software based on the LAN sides as well, possibly at the VLAN boundaries, or on the LAN side of your most critical servers. This gives you a "fall back" from your external, as well as protection from a possible disgruntled or fired employee's attack.
Use access lists to define the abilities of the vlans to access site b/internet/etc and utilize a NOS based solution as well, such as login based privileges through your windows DC for access to server assets (very easily administered with a Win2k OR WinNT domain.)
Hope this helps. Not trying to overwhelm you, but these are a few of the things I would look at if it were my network.
Network Infrastructure Technician
Langley, AFB VA
"ErDNA" <email@example.com> wrote in message news:firstname.lastname@example.org...
could you please comment this proposed network on the view of
We are limited in budget.
VLAN 1 can access internet and site B
VLAN 2 access internet only
VLAN 3 and VLAN 4 can login to the server and access the resources of file server
Site B is allowed to access all resource in VLAN 1 and login to the DC
|All times are GMT. The time now is 03:28 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.