Solved

RV042 and Network Design

Posted on 2013-01-29
4
594 Views
Last Modified: 2013-01-29
We have a kind of spoke and hub setup with a main site, and several smaller sites, some only 1 or 2 people small.  We do not have a network guru here of any kind.  We have a couple of programmers and a couple of guys that take care of everything from exchange, to toner, to vmware.  

For the larger sites we have vpn lines from TW of t-1 or greater.  For the smaller sites (12) we have cable or dsl connections.  As of now we have rv042's at the smaller sites, and various cisco routers at the larger sites (which some are ours some are TW's, it isn't consistent).  We are wanting to get our network to a more manageable level, and add in vlan's with qos for our ip phones.  We're looking at putting 1 layer 3 switch at each location, in order to handle the qos.  Edit: on the vlan's we're planning data, voice, servers, network hardware, wireless guest seperate, possibly credit card machines which are on our network and need to be moved off or vlan'd off;

My question then would be, will those rv042's which are vpn'd in to a cisco router at our hub, pass the vlan data to the hub ok?  If not, what would you recommend as a replacement.  To take that a step further, if you offer a replacement does it make sense to not get l3 switches at the smaller sites and just do the qos at the router level (or is that even possible).  Also, feel free to point out any flaws or ask any questions.
0
Comment
Question by:CoffeeBlack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
ddiazp earned 500 total points
ID: 38832542
L3 switches would be a waste for offices with so few people. The whole point of QoS is to prioritize voice traffic when there's enough traffic to actually require it to be classified. In addition, for the users with DSL, keep in mind their upload speed is very low - are you deploying your own call server on the main site? If so, you'd want to focus on compression more.

VLAN data does not get passed across VPNs. For easy manageability, you'd create the same VLANs on all sites but they still would not know about each other. They just get routed as usual.

What we do where I work is:

VLAN 500 on all sites for data (10.1.5.0/24 site A, 10.2.5.0 site B, 10.3.5.0 site C,..etc).
VLAN 600 on all sites for servers (10.1.6.0/24 site A, 10.2.6.0 site B, 10.3.6.0 site C,..etc).
VLAN 700 on all sites for voice (10.1.7.0/24 site A, 10.2.7.0 site B, 10.3.7.0 site C,..etc).

and so on. We have a couple of l3 switches stacked on the main site, and regular layer2 switches everywhere else (our smallest offices have 5-10 people).
0
 

Author Comment

by:CoffeeBlack
ID: 38832724
How do/would you deal with pci compliance (running credit cards) in places without vlans which are still going to be required to run over the same network?
0
 
LVL 10

Assisted Solution

by:ddiazp
ddiazp earned 500 total points
ID: 38832898
Our Database servers that do contain credit card information which are PCI compliant, are on their own VLAN on our main site and we have strict access-list rules on what can talk to these databases on the access switches they connect to, but we don't send this information to our other sites via VPN.

In your case, because you do need to transmit this information via VPN that runs traffic over public/external private networks, you need to make sure the encryption is strong enough (PCI compliance doesn't specifically how strong) - AES256 would be the minimum i think, and should use an established protocol like IPSec or SSL/TLS.

On your remote office you could indeed have 2 or more VLANs, and place your credit card devices /servers on a VLAN, and restrict VPN traffic based on that VLAN. When traffic gets to your head office, your firewall will not see any VLAN tag, but based on the destination IP, it will send it off to the credit card VLAN.
0
 

Author Closing Comment

by:CoffeeBlack
ID: 38832980
Thank you, that's exactly what I was looking for.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question