Solved

RV042 and Network Design

Posted on 2013-01-29
4
585 Views
Last Modified: 2013-01-29
We have a kind of spoke and hub setup with a main site, and several smaller sites, some only 1 or 2 people small.  We do not have a network guru here of any kind.  We have a couple of programmers and a couple of guys that take care of everything from exchange, to toner, to vmware.  

For the larger sites we have vpn lines from TW of t-1 or greater.  For the smaller sites (12) we have cable or dsl connections.  As of now we have rv042's at the smaller sites, and various cisco routers at the larger sites (which some are ours some are TW's, it isn't consistent).  We are wanting to get our network to a more manageable level, and add in vlan's with qos for our ip phones.  We're looking at putting 1 layer 3 switch at each location, in order to handle the qos.  Edit: on the vlan's we're planning data, voice, servers, network hardware, wireless guest seperate, possibly credit card machines which are on our network and need to be moved off or vlan'd off;

My question then would be, will those rv042's which are vpn'd in to a cisco router at our hub, pass the vlan data to the hub ok?  If not, what would you recommend as a replacement.  To take that a step further, if you offer a replacement does it make sense to not get l3 switches at the smaller sites and just do the qos at the router level (or is that even possible).  Also, feel free to point out any flaws or ask any questions.
0
Comment
Question by:CoffeeBlack
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
ddiazp earned 500 total points
ID: 38832542
L3 switches would be a waste for offices with so few people. The whole point of QoS is to prioritize voice traffic when there's enough traffic to actually require it to be classified. In addition, for the users with DSL, keep in mind their upload speed is very low - are you deploying your own call server on the main site? If so, you'd want to focus on compression more.

VLAN data does not get passed across VPNs. For easy manageability, you'd create the same VLANs on all sites but they still would not know about each other. They just get routed as usual.

What we do where I work is:

VLAN 500 on all sites for data (10.1.5.0/24 site A, 10.2.5.0 site B, 10.3.5.0 site C,..etc).
VLAN 600 on all sites for servers (10.1.6.0/24 site A, 10.2.6.0 site B, 10.3.6.0 site C,..etc).
VLAN 700 on all sites for voice (10.1.7.0/24 site A, 10.2.7.0 site B, 10.3.7.0 site C,..etc).

and so on. We have a couple of l3 switches stacked on the main site, and regular layer2 switches everywhere else (our smallest offices have 5-10 people).
0
 

Author Comment

by:CoffeeBlack
ID: 38832724
How do/would you deal with pci compliance (running credit cards) in places without vlans which are still going to be required to run over the same network?
0
 
LVL 10

Assisted Solution

by:ddiazp
ddiazp earned 500 total points
ID: 38832898
Our Database servers that do contain credit card information which are PCI compliant, are on their own VLAN on our main site and we have strict access-list rules on what can talk to these databases on the access switches they connect to, but we don't send this information to our other sites via VPN.

In your case, because you do need to transmit this information via VPN that runs traffic over public/external private networks, you need to make sure the encryption is strong enough (PCI compliance doesn't specifically how strong) - AES256 would be the minimum i think, and should use an established protocol like IPSec or SSL/TLS.

On your remote office you could indeed have 2 or more VLANs, and place your credit card devices /servers on a VLAN, and restrict VPN traffic based on that VLAN. When traffic gets to your head office, your firewall will not see any VLAN tag, but based on the destination IP, it will send it off to the credit card VLAN.
0
 

Author Closing Comment

by:CoffeeBlack
ID: 38832980
Thank you, that's exactly what I was looking for.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now