Does the configuration my ISP provided make sense? If so, how should I configure my Cisco switches t

Discussion in 'Cisco' started by calgden, Jan 14, 2007.

  1. calgden

    calgden Guest

    Hi all,

    I am quite new to the world of Networking and have just started a
    new job which is smack dab in the middle of a major project. The goal
    of this project is to migrate all physical server hardware to VmWare
    virtual servers as well as migrate those new virtual servers to a
    secure locations hosted by another company (Our ISP). My understanding
    is that the future network is being provisioned based on the
    requirement that we are able to failover to our head office in the case
    of a major failure at either the remote host site or the connection
    between the two buildings. Basically, the requirement that was stated
    was that we shouldn't have to change the IP address of the servers when
    we failover the servers (All virtual server images and data stored on
    SAN and mirrored across to other building)

    I have the questions, based on this info (Thanks in advance)
    1. Does this configuration make sense ( I suppose it may be
    too late to change the contract with the ISP
    but I would like your opinions anyway.
    Positives/Negatives) The reason I ask is that even with my
    knowledge, something sounds fishy. Did we really have to
    go with a bridged solution? Couldn't we
    have created the same VLAN's (Utilizing the same subnets
    on each side), and had routers NAT
    the traffic between the sites??

    2. How should I configure the local and remote core switches
    to not only allow for traffic to flow
    between the buildings but also allow for all outgoing
    Internet traffic to flow through the local ISP
    connection at each office. I would like to configure it
    to keep traffic from traversing the pipe between
    the offices wherever possible. (For example, can I have
    the core switch at each location act as
    the default gateway for the same VLAN/Subnet so that
    traffic doesn't traverse the connection
    just to find the route to another VLAN on the switch in
    the same office?

    FYI:
    Existing Configuration at our head office:

    Cisco 4510r - Acts as gateway for all current VLANS except DMZ -
    Server, Workstation, VOIP etc
    - Trunked connection to a switch on each floor (Cisco
    3560)
    - Trunked connection to existing Firewall (Netscreen
    50) which is our access to the internet
    - All servers connected to GB ports

    NetScreen 50 - Has one port connecting to the ISP Router to Internet
    - Has one port connecting to 4510 trunk port (For
    all VLANS except DMZ)
    - Has one port connecting to our 4510 (DMZ VLAN)
    It is the DMZ VLAN's gateway

    Cisco 3560 - All workstations and phones on each floor connected to
    these devices

    Future Configuration at our head office:

    Cisco 4510r - Acts as gateway for all current VLANS except DMZ -
    Server, Workstation, VOIP etc
    - Trunked connection to a switch on each floor (Cisco
    3560)
    - Trunked connection to existing Firewall (Netscreen
    50) which should be this offices access to
    the internet.
    - Trunked connection to ISP Switch for Bridge service
    between buildings

    NetScreen 50 - Has one port connecting to the ISP Router (ISP Managed
    Device) to Internet
    - Has one port connecting to 4510 trunk port (For
    all VLANS except DMZ)
    - Has one port connecting to our 4510 (DMZ VLAN)
    It is the DMZ VLAN's gateway
    - ISP Managed Device

    Cisco 3560 - All workstations and phones on each floor connected to
    these devices


    Future Configuration at the new remote server hosting facility:

    Cisco 3750 - Trunked connection to Firewall (Netscreen ??) which is
    the remote locations access
    to the internet. This will also be the incoming
    connection for all SMTP traffic
    - Trunked connection to the ISP managed switch for
    Bridged service between the buildings
    - All servers connected to this device

    NetScreen ?? - Has one port connecting to the ISP Router to Internet
    - Has one port connecting to 4510 trunk port (For
    all VLANS except DMZ)
    - Has one port connecting to our 4510 (DMZ VLAN)
    It is the DMZ VLAN's gateway


    Future Configuration for bridged services between sites:
    While I don't have exact configuration information, the ISP has
    explained that they have configured a bridged "service" allowing us to
    extend all VLAN's to the other location. The only other info that they
    have mentioned is that they are utilizing an ATM cloud.

    I apologize if I have provided too much info for the questions. Again,
    any assistance would be appreciated.
    calgden, Jan 14, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. william mook

    I got some equipment does it make sense to start an ISP?

    william mook, Oct 9, 2004, in forum: Computer Support
    Replies:
    21
    Views:
    762
    Piccolo
    Oct 11, 2004
  2. Replies:
    3
    Views:
    461
    Anne & Lynn Wheeler
    Mar 22, 2006
  3. paul gregory

    does this make sense, fsb question to ecs about my mainboard

    paul gregory, Oct 10, 2005, in forum: Computer Information
    Replies:
    1
    Views:
    367
    paul gregory
    Oct 15, 2005
  4. Replies:
    0
    Views:
    284
  5. Mr Undeniably Sluttish

    Does Free software make sense? URL provided.

    Mr Undeniably Sluttish, Dec 11, 2005, in forum: NZ Computing
    Replies:
    2
    Views:
    286
    thing2
    Dec 11, 2005
Loading...

Share This Page