[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 720
  • Last Modified:

Will this network design work

Hi All ,

I have to do a new network design for my company and I would like for other engineers to check over my work to see if there are any problems in my design.

How the network is to work.

VLAN 1 contains all servers (domain controllers, network monitoring etc) as well as wifi AP's
VLAN 2 need to be able to get to VLAN1 for services such as DNS,Printer Server,SQL server etc but VLAN 2 users are not to talk to VLAN 3 users
VLAN 3 need to be able to get to VLAN1 for services such as DNS,Printer Server,SQL server etc but VLAN3 users are not to talk to VLAN2 users

The cisco 2911 is to do the intervlan routing and be the Default Gateway to get out to the internet , An Ipsec VPN to america is setup on this router and will go via ISP 1

The PFsense will do load balncing between two ISPs as well as firewall .

For all users on VLANS 1,2,3 internet traffic is split where all internet traffic goes out ISP2 and any VPN traffic (10.1.0.0 network) goes out ISP1


Please see the network diagram , thanks in advance for anyone that replies.VLAN Network Design
0
Caltech-IT
Asked:
Caltech-IT
  • 3
  • 3
  • 2
  • +1
1 Solution
 
Don JohnstonInstructorCommented:
It'll work. But I wouldn't use VLAN 1. Take all the services you were going to put on VLAN 1 and use VLAN 4 instead.
0
 
Caltech-ITAuthor Commented:
Hi donjohnston,

thanks for the reply,

I agree that I should move all services out to vlan 1 because when a new switch is added by default when turned on all ports are in vlan1 .

I have never done vlans and I am a bit concerned on how the broadcasting and intervlan routing will work and if it will put to much load on the cisco interface 192.168.1.254

Thanks
0
 
learningtechnologiesCommented:
Are any of the switches vlan capable?

How much memory is in the 2911?

I would consider moving some of the vlan switching back to the switches because, depending on your office traffic, your concern about overloading the 2911 is something to be worried about.

I hope this helps.

/David C.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Caltech-ITAuthor Commented:
Hi David,

thanks for the reply, The cisco 2911 has 512Mb of RAM, the switches are Cisco SG200-26 which are layer 2 switches with VLANS support but it does not do InterVLAN routing , from my understanding you need a layer 3 device to do intervlan routing that why I want to use our existing Cisco 2911 Router.

Antony
0
 
Don JohnstonInstructorCommented:
from my understanding you need a layer 3 device to do intervlan routing

That is correct.


I have never done vlans and I am a bit concerned on how the broadcasting and intervlan routing will work and if it will put to much load on the cisco interface 192.168.1.254

Without knowing the volume of traffic, there's no way to say for certain. How many devices are you expecting per VLAN?
0
 
dallensworthCommented:
The 2911 is rated 35 Mb on the wan side which is your biggest limiting factor on bandwidth for that device.   2900's router specs here: http://www.cisco.com/en/US/prod/collateral/routers/ps5855/prod_brochure0900aecd8019dc1f.pdf

You could front that router with a L3 switch - 3550, 3560, 3750 etc..  fairly inexpensively and off load the InterVLAN routing.
0
 
Don JohnstonInstructorCommented:
The 2911 is rated 35 Mb on the wan side which is your biggest limiting factor on bandwidth for that device.

It's actually 75mbp/s. But only for serial WAN interfaces. Most people that need more speed than that for WAN connectivity get an ethernet handoff from their provider.
0
 
dallensworthCommented:
I was just going by cisco's chart so I might be reading it wrong.  I don't think the router ratings are based upon line speeds but rather upon amount of reasonably sustainable traffic processed by the router.  i.e. dropping it on an ethernet 100 mbp/s wan interface would not allow for that sustained speed just high packet drops.  The type of traffic your processing would affect this as well.

WAN interface speed chart
0
 
Caltech-ITAuthor Commented:
Thanks everyone for the feedback ,

I have changed the design to include a Core Switch Layer 3  (SG300-28P) so that we can do InterVlan routing there , This switch will be placed in the diagram where the middle switch is now and each edge switch Cisco SG200-26's will have a trunk going to the core switch .

I have also revised the VLAN numbering so that it goes like this
VLAN2 (Core of the network , switches servers etc)
VLAN3 VPN User
VLAN4 Non VPN Users

All I need to do now is the correct config and test it all on GNS3

Thanks
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now