Solved

Network Design HELP

Posted on 2014-10-24
6
223 Views
Last Modified: 2015-01-22
My Work NetworkThis is more of a call for someone to analyze this network and tell me if we can doing anything better.

Please see attached network diagram for reference to below questions.

We currently have a 5/5 bonded T1 connection from ISP and are being upgraded to a 20/20 Fiber connection.  Right now we have 2 IP's but they only gave us 1 drop from their equipment so we put a switch in front of our Sonicwall 2400 (DG) and assigned 2 WAN interfaces to the 2 different IP's.  My boss wasn't sure if we needed 2 IP's anymore because we no longer have a heavy VPN traffic coming in.

We have Bandwidth management setup on 1 of the IP's on the Sonicwall to give priority to those users and or hosts that need it.  We just added them as Address Objects and route them out the second WAN interface, then allocate a bigger chunk of the bandwidth to them.

We have a L3 Adtran Netvanta 1500 routing between our Voice and Data VLANs with 1 cable per phone and computer.  I'm not sure I have COS setup on the switch so I may need to do that for the voice vlan?

On the L2 Switch we have a server, NAS, and misc. like IP Cameras, Copiers, etc.

We have 1 SonicPoint AP coming off an Interface on the Sonicwall.

All in all we have a SERVER+NAS+VOIP system+ 30 users + 30 phones + 2 IP Cameras + 5 Network Printers + AP with another 30 devices =80-100 devices on the network at any given time.  This is broken up into 2 VLAN's and 3 subnets.
0
Comment
Question by:Vontech615
  • 3
  • 2
6 Comments
 
LVL 6

Assisted Solution

by:Tim Phillips
Tim Phillips earned 250 total points
ID: 40402644
Looking good to me.  By COS do you mean QoS?  If possible, you should enable QoS on the router and the switch to prioritize VoIP traffic over data.  Also, if you aren't using the second IP then I would disconnect it (less holes in your firewall).
0
 
LVL 12

Accepted Solution

by:
Faruk Onder Yerli earned 250 total points
ID: 40406250
Hi;

Let's analyze first LAN. you are using L3 switch to connect server(DMZ) switch. But L3 switch just gives you routing function. There will not be security between LAN and DMZ. Normally DMZ also direct connected to Firewall, if firewall has enough routing capacity. Copiers and printers are access devices. They will never be same network with servers . They can be same network with computers, even if you are sharing over server.

about WAN side. Sonicwall supports different IP blocks in same interface. You can define both network in same interface and you can erase wan side switch in your network.

about WLAN; you didn't define anything here. You have to separate WLAN SSID as DATA, VOICE and GUEST. VOICE WLAN should be hidden and MAC address filter for additional security. Guest WLAN will be isolated than LAN-WLAN,DMZ network. DATA network could be different IP range for increase L2 LAN efficiency.
0
 
LVL 1

Author Comment

by:Vontech615
ID: 40406442
Thanks for your reply!  I can utilize this info in the future.

This is a small network but we use the L3 switch to route between our Voice and Data VLANS.  We don't have a DMZ server or DMZ device of any kind on our network.  The Windows server does DHCP, DNS for only the Data VLAN.  

The reason we had the switch in front of the Sonicwall to begin with was because we wanted bandwidth management options on the 2 different interfaces.  With the new faster internet service coming we may do away with this all together.  I haven't looked into putting 2 different IP Blocks on the same WAN interface but I'm assuming NAT/Firewall would have to handle it because I don't see this option under Interface settings?  

If we decide to continue doing Bandwidth management I'll either have to continue using the switch or figure out a another method of controlling who gets what (maybe another VLAN to split up current DATA VLAN?)  Any thoughts on this?

The WLAN currently is another subnet (192.168.X.X) on the DATA VLAN but this is usually a maximum of 15-30 users at any time but mostly not a lot of traffic.  We don't currently have any guest wifi because we don't have much walk in traffic or outside traffic in general.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:Vontech615
ID: 40407072
@Tim Phillips yes I meant QoS.  The switch can do CoS and also map that to DSCP and I think voice is typically put in at 5 CoS  which is in the 40 range for DSCP markings.
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 40408241
Which type of bandwidth management are doing on front switch i couldn't get idea. You already making NAT over sonicwall, finally you are loosing  source IP. If we are talking about destination part, switch is is irrelevant there. In fact switch can do just L2 port bandwidth control. Finally it is absolutely unnecessary.  

I think below link will help you how you will add secondary IP on same interface.

http://www.experts-exchange.com/Networking/Network_Management/Network_Operations/Q_27519143.html
0
 
LVL 1

Author Comment

by:Vontech615
ID: 40419639
We used bandwidth management on the Sonicwall and per WAN interface. We have 2 WAN interfaces but do not have them setup for load balancing so in that case you can only add BWM on the primary interface.  We have this set for 3000 Kbps and  the secondary interface just takes what's leftover.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now