[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


RV042 and Network Design

Posted on 2013-01-29
Medium Priority
Last Modified: 2013-01-29
We have a kind of spoke and hub setup with a main site, and several smaller sites, some only 1 or 2 people small.  We do not have a network guru here of any kind.  We have a couple of programmers and a couple of guys that take care of everything from exchange, to toner, to vmware.  

For the larger sites we have vpn lines from TW of t-1 or greater.  For the smaller sites (12) we have cable or dsl connections.  As of now we have rv042's at the smaller sites, and various cisco routers at the larger sites (which some are ours some are TW's, it isn't consistent).  We are wanting to get our network to a more manageable level, and add in vlan's with qos for our ip phones.  We're looking at putting 1 layer 3 switch at each location, in order to handle the qos.  Edit: on the vlan's we're planning data, voice, servers, network hardware, wireless guest seperate, possibly credit card machines which are on our network and need to be moved off or vlan'd off;

My question then would be, will those rv042's which are vpn'd in to a cisco router at our hub, pass the vlan data to the hub ok?  If not, what would you recommend as a replacement.  To take that a step further, if you offer a replacement does it make sense to not get l3 switches at the smaller sites and just do the qos at the router level (or is that even possible).  Also, feel free to point out any flaws or ask any questions.
Question by:CoffeeBlack
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 10

Accepted Solution

ddiazp earned 2000 total points
ID: 38832542
L3 switches would be a waste for offices with so few people. The whole point of QoS is to prioritize voice traffic when there's enough traffic to actually require it to be classified. In addition, for the users with DSL, keep in mind their upload speed is very low - are you deploying your own call server on the main site? If so, you'd want to focus on compression more.

VLAN data does not get passed across VPNs. For easy manageability, you'd create the same VLANs on all sites but they still would not know about each other. They just get routed as usual.

What we do where I work is:

VLAN 500 on all sites for data ( site A, site B, site C,..etc).
VLAN 600 on all sites for servers ( site A, site B, site C,..etc).
VLAN 700 on all sites for voice ( site A, site B, site C,..etc).

and so on. We have a couple of l3 switches stacked on the main site, and regular layer2 switches everywhere else (our smallest offices have 5-10 people).

Author Comment

ID: 38832724
How do/would you deal with pci compliance (running credit cards) in places without vlans which are still going to be required to run over the same network?
LVL 10

Assisted Solution

ddiazp earned 2000 total points
ID: 38832898
Our Database servers that do contain credit card information which are PCI compliant, are on their own VLAN on our main site and we have strict access-list rules on what can talk to these databases on the access switches they connect to, but we don't send this information to our other sites via VPN.

In your case, because you do need to transmit this information via VPN that runs traffic over public/external private networks, you need to make sure the encryption is strong enough (PCI compliance doesn't specifically how strong) - AES256 would be the minimum i think, and should use an established protocol like IPSec or SSL/TLS.

On your remote office you could indeed have 2 or more VLANs, and place your credit card devices /servers on a VLAN, and restrict VPN traffic based on that VLAN. When traffic gets to your head office, your firewall will not see any VLAN tag, but based on the destination IP, it will send it off to the credit card VLAN.

Author Closing Comment

ID: 38832980
Thank you, that's exactly what I was looking for.

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question