Re: Please comment this network<<--Tried 3 times, Post isnt showing up.

Discussion in 'Cisco' started by firemarsh, Jan 21, 2004.

  1. firemarsh

    firemarsh Guest

    I am going to try to comment on this, but you may have more information to send me pertaining to my responses, and as the information on your post is rather broad:

    1. On the issue of Scalability:

    -I am going to assume where all the 2950's are is considered "Site A"

    -The biggest things to consider in scalability are:

    -The growth within the vlan areas I.E. vlan 1, with 20 users what expansion is expected within the coming years. Ensure you initially create a subnet to handle future expansion. I.E. if you expect a growth of 100 devices requiring ip addresses, don¡¦t give the initial subnet only a 255.255.255.248 subnet (assuming a class C address) when that only allows for 30 addresses, and will cause you to go back and reconfigure the DHCP (if used) scopes. Consider future expansion of infrastructure, end user PC's, and Printers.

    -Port saturation. 2950's allow for a MAX of 48 ports, depending on the model. In areas in which you are planning 30 users, this only allows for 18 more direct connections. To truly feel the effects of bridging, you want to stay away from hubs as much as possible. You may want to consider a 2980, which can offer you twice as many ports, and the capabilities of a 4000 series switch, only without the removable blades.

    -Server Assets. I notice none of your vlan assignments are specific to servers. Ideally you will put them on their own vlan, and so ultimately on their own subnet.



    2. Reliability:

    This is a broad one, as it really depends on how well the network is initially configured, maintained, and monitored there after. As well as the conditions in which the equipment is going to be kept. Some key things to think about are:

    -Once again, the use of hubs can cause problems with network congestion by adding more devices into one broadcast domain. The whole Idea of access layer switching is to allow all users to feel the available bandwidth by separation of broadcast domains.

    -Physical media. Will you be using Fiber or copper in this infrastructure. I assume that with 2950's having GBIC ports available to be used, that you would use fiber. Keep in mind that while fiber is more reliable, it is the most expensive to fix.(monetary issues you mentioned)Gbic cards cost about 1,000 a piece if they go bad. Also consider the speed in which you receive access from your ISP, and from that decide the medium.

    3. Security:

    I assume you are concerned with the VPN's mainly. Use the Microsoft VPN capabilities with the highest encryption strength. Ensure the use of boundary protection facilities between the 1721 and the WAN. This includes both Firewall (PIX??) and access lists. Consider internal firewalls, software based on the LAN sides as well, possibly at the VLAN boundaries, or on the LAN side of your most critical servers. This gives you a "fall back" from your external, as well as protection from a possible disgruntled or fired employee's attack.

    Use access lists to define the abilities of the vlans to access site b/internet/etc and utilize a NOS based solution as well, such as login based privileges through your windows DC for access to server assets (very easily administered with a Win2k OR WinNT domain.)

    Hope this helps. Not trying to overwhelm you, but these are a few of the things I would look at if it were my network.


    --
    Roger Hilt
    Network Infrastructure Technician
    Langley, AFB VA
    "ErDNA" <> wrote in message news:bu3s4r$...
    Dear all,
    could you please comment this proposed network on the view of
    1. Scalability,
    2. Reliablility,
    3. Security?
    Thanks!

    Condition:
    We are limited in budget.
    VLAN 1 can access internet and site B
    VLAN 2 access internet only
    VLAN 3 and VLAN 4 can login to the server and access the resources of file server
    Site B is allowed to access all resource in VLAN 1 and login to the DC
    firemarsh, Jan 21, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Albert
    Replies:
    0
    Views:
    540
    Albert
    Jun 1, 2005
  2. Steven C \(Doktersteve\)

    If it isnt SLR, it isnt photography, but picture taking!

    Steven C \(Doktersteve\), Jan 12, 2004, in forum: Digital Photography
    Replies:
    33
    Views:
    854
  3. Moo

    Boot Times and Recycle Times

    Moo, Nov 19, 2004, in forum: Digital Photography
    Replies:
    3
    Views:
    357
    Bob Harrington
    Nov 20, 2004
  4. Jules W
    Replies:
    3
    Views:
    336
    Briscobar
    Aug 30, 2005
  5. Skybuck Flying

    Boot times vs Shutdown times

    Skybuck Flying, Sep 10, 2011, in forum: Windows 64bit
    Replies:
    15
    Views:
    1,367
    Skybuck Flying
    Sep 26, 2011
Loading...

Share This Page