Network Architecture Help

I am looking to develop an automation tool that can assist a NOC operation with WAN outage recovery without technician interaction. The automation tool will run in the lan environment (with no external access) and interact directly with the WAN interface. Please note this tool will not interact with any third party devices outside of the WAN environment. The test environment has Cisco Routers/Switches and uses Spectrum Monitoring. Looking for suggestions on use cases and example event flow to develop on.

3 Comments

CompTIA Security+

LVL 13

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

I'm looking for some help re-configuring my home network. Here is current setup:

Comcast cable comes into data enclosure in garage wall to a 2-way Splitter. One coax goes to Gateway in my office. Patch cable out of Gateway to a switch beside it which connects my desktop and network printer. Patch cable from this switch to the wall jack backfeeds back to the data enclosure in the garage. Patch panels in the data enclosure connect to small switch in the data enclosure to provide network to other jacks in house.

First, I'm planning to ditch the Comcast Gateway and go with my own modem and router. I want to add a Ubiquiti Cloud Key Gen 2 Plus and eventually a couple of security cameras as well. I'd like to centralize things a bit more instead of going to my office and then backfeed to the data enclosure before distributing to the rest of the house. Unfortunately, there isn't room in the data enclosure for the router, modem, etc. and even if there was, I'd be concerned about the temps. It can get pretty hot in the garage (90F+).

The room directly above the data enclosure in the garage is a storage room with heat and A/C. Perfect location for the network equipment. And it has a knee wall I can get behind and access the cables going down into the garage. But I'm not sure how best to proceed.

There are 17 Cat5e cables coming into that data enclosure in the garage, 7 from top (upstairs jacks) and 10 from bottom (downstairs jacks). There appears to be enough length on the …

3 Comments

Hi,

We have 2 x Aruba 8320s (Core Switches) We also have 11 x Aruba 2540 edge switches

Each switch has 2 x 10Gbe SFP modules which connect to the cores via fibre in a LAG.

The switches are split up in 5 separate racks across our building. We also have 1 x Meraki switch in each of the cabinets capable of have 10Gbe SFP modules.

My question is what is the best way to get the Meraki switches to communicate with our Cores? We want to utilise them.

1. Direct connection to the Cores (like the Aruba's)
2. Setup a trunk 10Gbe between the edge switches and Aruba's
3. Any other way?

Could you please advise?

Thanks

1 Comment

I discussed about Velocloud SDWAN w/ Aaron Tomosky in past and he provided a great deal of insights. This time my question is very brief:

Can VEP 4600 Device for Velocloud SWDAN accept a fiber handoff, our internet provider can only provide optical handoff.

Thanks;

8 Comments

Question by

Math Tec

2019-08-28Solved

Network Symbol

I was doing design of a network and I was wondering why the router symbol is circle (actually disc) and the switch symbol is near to be a square. . Any idea why?

Thanks

8 Comments

Dear All,

- Have two Access Points configured in Client mode with following Static IP addresses :
1) 192.168.28.1 / 255.255.0.0
2) 10.1.28.1 / 255.0.0.0

The Above Two clients should be connected to Access Point

- on the other hand Computer will connect to the same Access Point in order to download data and access the two Clients

Need to know Network Configuration (IP /Mask / Gateway) for Laptop & Access Point in order to access clients by laptop ?

Thank You

6 Comments

I'm having issues finding IP address design plans to implement in a newly deployed network. Running BGP at the Edge and OSPF as an IGP. Any assistance is greatly appreciated.

6 Comments

I am trying to develop some software for a company. This company has at IT department with active directory. I would like to talk with IT, about getting Active Directory Certificate services setup so I can be issues with a Internal Cert to sign my app.
What documentation does Microsoft release regarding if they recommend AD CS. Is there any documentation that says if a domain doesn’t have a AD CS its not complete or its not whole?
Im sort of looking for historical document too. I want to be able to demonstrate to management the importance of AD CS for signing encryption and use of TPM on our laptops.
Thank you in advance for your help.

3 Comments

LVL 28

Question by

Brian B

2019-08-21Solved

Switches in an Outdoor Enclosure

I have a situation where I need to figure out how to a cool a switch stack that is installed in an outdoor cabinet. There are two Cisco 3850s in a steel cabinet mounted on a post. They have been throwing temperature alarms, so looking for suggestion on what can be done to keep them cool. Past experience has shown they can keep themselves warm enough in the winter, but still need to allow for the dusty environment and keeping out snow/moisture.

There are already holes in the bottom where the network cables and power run in/out, so maybe could leverage those somehow? I'm looking for may some sort of weatherproof venting that we could bolt on.

10 Comments

Our customer is connected to internet via a static route to ISP, now they want to advertise a subnet to internet, is it possible to do that, please help.

25 Comments

Exploring SharePoint 2016

LVL 13

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

I have an old network diagram that has a .DSD extension. Anyone know of a reliable program I can use to open it?

3 Comments

We are migrating a school district from a Cisco ASA FW (LAN) to a Fortigate Vdom on our WAN. My normal process would be to create unique vlans that would not overlap on our WAN and reconfigure all LAN switches at the school to use those vlans instead of the normal vlan 1, along with any other vlans that would cause an id conflict. Another method we have used in the past is vlan translation: assigning a single vlan to their LAN switch port and connecting it to our WAN switch on the desired translated vlan. I.E. vlan 1 connected to a vlan 150 port, vlan 10 connected to valn 151 port, vlan 21 connected to vlan 152 port on the WAN switch. Because of some logistics, I am considering the vlan translation approach and would like confirmation my approach is correct or advice on how to configure properly.

The school is using a Cisco Catalyst 4500 switch that will connect to an Aruba 3800 switch.

I am familiar with the Aruba switches more than Cisco. Would I simply trunk (Cisco trunk) a single port to pass the desired vlan to the Aruba switch and on the Aruba switch set the connecting port to tag the translated vlan?

I.E. Cisco:
interface GigabitEthernet1/13
switchport trunk allowed vlan 1
switchport mode trunk
no logging event link-status

interface GigabitEthernet1/14
switchport trunk allowed vlan 10
switchport mode trunk
no logging event link-status

interface GigabitEthernet1/15
switchport trunk allowed vlan 21
switchport mode trunk
no logging …

4 Comments

Dear Experts
We have data center in head office where the web based applications are hosted and now we are setting up branch office at remote location but wired MPLS connection is not feasible at branch office hence the only option we have is to go for RF (antenna with line of sight) MPLS network, to establish the connection between head office and branch office site location. The topology I am planning is hub and spoke connectivity between two locations and managed mpls network.
I am planning for link redundancy with one more MPLS setup from a different ISP however they too offer with RF and same hub and spoke connection between head office and remote branch office spoke location, please suggest is this best network design as the up-time between 2 locations connectivity is critical for us.
1.Please suggest is the above network is good to go or please recommend best practice.
2.If we have to go with 2 ISP’s MPLS vpn connectivity, then what type of gateway device we have to procure to achieve automatic link fail over/link redundancy i,e if any one link goes down automatically other link should serve us to continue our work, please suggest the network design and the gateway device that we have to procure. Thanks in advance.

15 Comments

I would like to have exchange 2013 and Sql server 2014 and DFS as file server n clustered mode on esx servers
I would like to know what are necessary steps for that
Do I have to build esx server cluster and then exchange server cluster or anything will be clustered by default after that or how the design looks ?
Please expalin for me the steps required in details in terms design of network ,hardware, lans clustering ,services for each of SQL Server 2014 , File server,exchange 2013?

7 Comments

We have site A connected to site B with a pair of fiber. The fiber is muxed with CWDM at each site. We also have site C and site D with the same setup (muxed between the sites with CWDM). Now we like to extend one of the wavelength (1511nm) from site A to site D. Is there going to be any issue if we mux it twice (i.e. between site A and B and then between site C and D)? It looks something like below. I would like to know if it's an acceptable solution

Site A Site B Site C Site D
1511nm-----CWDM-------mux-------CWDM-----1511nm------CWDM-------mux-------CWDM-----1511nm

Thank you,

5 Comments

I need a switch for an installation that has 48 Ethernet runs, which include about 7-8 Ubiquity Access points.
Not all the jacks will have something plugged in. They planned for a 48 port Patch Panel.

I see that NetGear (which I have been happy with in years past) has a 48 port switch

NETGEAR 52-Port Gigabit Ethernet Smart Managed Pro PoE Switch (GS752TP) - with 48 x PoE+ @ 380W, 4 x 1G SFP, Desktop/Rackmount, and ProSAFE Lifetime Protection

Will this work well with the Ubiquity access points? Is there a different brand that I should consider?

If I am connecting without PoE, will the switch provide a GigaBit connection?

Thanks.

4 Comments

Dear Experts
We are planning to procure Cisco Firepower 1010 NGFW Appliance for UTM, link fail over ( 2 ISP's) and vpn and our bandwidth with each ISP is 25mbps and total users behind firewall is 12 users and outside people access business application web based and vpn are 10 users and and concurrent 15 users. also MPLS connectivity to one of our site.
Please suggest is this product recommended. thanks in advance.

1 Comment

hi guys

I need to install an appliance which will look at all of the network traffic on our network. As there are multiple VLAN's and networks, I need them all to be mirrored to just one port.

Are you able to help me with how to do that?

Thanks for helping
Yash

2 Comments

how to disable lacp on port (f.x) 21 on procurve 2810 from command line

5 Comments

OWASP: Forgery and Phishing

LVL 13

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Question by

Math Tec

2019-06-03Solved

Cisco ISE License

Hi,

We intend to order Cisco ISE to our company. Really, I have no idea what type of license we need and I hope some can help me. Number of devices that are connect to network (PC, Laptop, network printer, network scanner, Mobile phone,...etc) are 800 wired connection and 600 wireless connection (Laptop and mobile).

What type of Cisco Identity Services Engine Appliances is needed?
What Type of License needed?

Can anyone help me? Also, Do anyone know the approximate quota for this? We intend to buy the subscription for 5 years.

Thanks

1 Comment

I'm looking for input for a customer looking to refine their NTP design, which is currently a bit “all over the place”, and causing issues.

They are a 100% Cisco shop (routing, switching, firewall and voice), and all of their NTP currently rolls up to ntp.pool.org. Their Windows DCs and ESXi hosts point directly to ntp.pool.org, and everything else rolls up to the DCs in a few layers/stratums. They are also a Cisco voice environment (Cisco Communications Manager, etc.) and all of these servers point to the Windows DCs (stratum 3), which is not recommended by Cisco design/SRND docs due to potential issues in synchronizing with MS NTP services.

I think there are possibly a couple quick hits, in maybe reconfiguring the Cisco voice stuff to point to their core Cisco switches. That said, they’ve expressed interest in having their own reference servers/hardware, (maybe with backup to ntp.pool.org) so I’m needing input on ways to provide for that. They have three locations, so a reference source at each would provide the 3x redundancy to anchor time.

So, my specific questions:

• Could I get some input regarding options for reference NTP servers? These could be 3rd-party appliances with GPS, maybe a cellular/CDMA card to go into a Cisco router, etc.?
• Is the stratum of an NTP device dictated purely by the stratum of the device it obtains time from? Meaning, if I have a GPS device at stratum 0, would any other device pointed at that automatically be considered …

5 Comments

The client is setting up a mesh system in a large house (Bed and Breakfast), and needs to select which one to use. They have run Cat6 to 3 spots on each of 4 floors.

They are aware of:
Linksys Velop
TP-Link Deco M9 plus Mesh
Netgear Orbi High-Performance AC3000

I have used Eero, which I'm happy with, and would like to recommend that.

Is Eero equal if not better than the others?

Is there another brand that I should be using?

Thanks

8 Comments

Dear Guru's

Good day to you all .

As a novice , could you please help me of the following scenario on how it can be achieved .

A client has approached me to evaluate their Network and Systems ,
1. What is in the network ?
2. Speed Utilization
3. Current OS running etc
3.Recommendation Upgrades if any .

I would like to know, instead of checking manually , is there any free tool or open source like Zabbix , where i get the information extracted .

Any ides please

Regards
Aaron

Network Architecture

1 Comment

hi,

I am planning a architecture and that includes a cross site and HA design with MariaDB.

I will use GALERA ARBITRATOR + maxscale + mariaDB, how it fit into the diagram below ?

20 Comments

ABR in Stub area not blocking External Routes

In the topology above I have configured R2 area 1 as stub the same for R3
R3 is blocking External Routes E2 and injecting IA default routes, but R2 is still allowing E2 [External routes]

R2#sh run | sec ospf
router ospf 1
 area 1 stub
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.23.0 0.0.0.255 area 1
R2#

Open in new window

R3#sh run | sec ospf
router ospf 1
 area 1 stub
 network 192.168.23.0 0.0.0.255 area 1
R3#

Open in new window

R2#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      7.0.0.0/32 is subnetted, 1 subnets
O E2     7.7.7.7 [110/20] via 192.168.12.1, 00:41:55, Ethernet0/0
      9.0.0.0/32 is subnetted, 1 subnets
O E2     9.9.9.9 [110/20] via 192.168.12.1, 00:41:55, Ethernet0/0
      11.0.0.0/32 is subnetted, 1 subnets
O E2     11.11.11.11 [110/20] via 192.168.12.1, 00:41:55, Ethernet0/0
O

Open in new window

…

4 Comments

Network Architecture

Related Topics

Network Architecture

Related Topics