Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

Currently we having issue to make outbound and inbound call.

We suspect firewall is blocking, how to resolve the issue in Cisco ip phones.
0
Veeam Disaster Recovery in Microsoft Azure
LVL 1
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

I am putting together some phone equipment and servers in a datacenter cabinet.  The datacenter is providing us a redundant router connection using HSRP.  The cabinet has two Ethernet cables: primary, secondary.

We need external routable addresses for each of the two border controllers for the phone system.  They have a WAN port and a LAN port so they can have an external (outside the firewall) connection and also have a local IP address in the same subnet as the servers in the cabinet.

We are trying not to purchase another $2000 Cisco switch for the setup to accept the 2 Ethernet connections.

We have a WatchGuard M370 firewall device with several ports that can be configured in many ways.

We have two layer 2 switches available in the cabinet for use outside and/or inside the firewall. It is a layer 3 device.

I need help in the configuration of this system.

One suggestion was to take the two datacenter network cables and plug them into a standard Layer 2 switch then patch that switch into an external interface on the firewall.  After so many attempts I am trying to remember but I think the path to the internet was broken when BOTH router cables were plugged into that switch.  I am going back to the datacenter tomorrow to try more things but I wanted to get some input from you guys first.  I have the datacenter IP sheet where they provide me the configuration info but didn't want to post live addresses on this site.  Basically they gave me a \29 subnet and …
0
Hi Guys

I'm looking to add in some static routes on my 2 core switches (both S4810's) which I've inherited.  I've got some existing routes which I need to mimic so I'm just looking for confirmation that I'm about to do it correctly.  Here is the entry(ies) id like to mimic on my system when I run sh ip route:-

  S    192.168.61.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.62.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.63.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.64.0/24    via 192.168.60.250, Vl 60            1/0        5w4d

So you can see I have multiple for a number of subnets which I need to go out of to a particular Vlan interface

I need to do the same with another subnet, lets say 192.168.1.0/24 out of the same Vlan interface

Im thinking of running the following in conf mode:-

ip route 192.168.1.0/24 vlan 60 permanent

Is this as simple as it looks?  Does this look correct to everyone?

Thanks
0
Hi Guys,

We have an IP block from the ISP
Thus a couple of public IP's assigned, example:
196.31.231.80
196.31.231.81
196.31.231.82

Our NAT policies on 196.31.231.80 over X1 interface is working well.

I've been trying to setup additional NAT policies on 196.31.231.81, but experiencing a connection issue.
Which brings me to the following questions:

1.  Is it necessary to setup a Virtual Interface for 196.31.231.82 on X1?
(255.255.255.0)
Or could the NAT rules simply refer to X1?

2.  I tried setting up a Virtual Interface on X1 for 196.31.231.82, but it complains about the same subnet used,
What should the subnet for the Virtual Interface be?
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
hello,  i want to use two different isp on sonicwall equipment, i want one isp as primary and the other as back up, i want it to switch automatically when the primary is down
0
In:
https://www.experts-exchange.com/questions/29078131/Peer-to-peer-network-names.html#a42433873

art lee said:
build a samba wins server on and old pc using Linux distro with a sambal gui
and make it the master browser

So, I researched the idea a bit and, it appears that if one were to introduce such a server, it could be connected to the network and take over name service.

Could it be turned off to return to the original "normal"?  That would seem to suggest a very low-risk approach in dealing with LAN single-subnet name service that would be reversible.

Could such a server be set up on a virtual machine?
I have thoughts of setting up a virtual machine on an existing Windows workstation for this purpose.
Seems like this would be the least intrusive approach to a critical system that's in production.

Your thoughts and suggestions would be appreciated.
0
Hi,

We are running an intranet in our organization...now we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
0
Hi Here is Opengear IM4216. I could not find relative document on it. Is it layer2 or layer3 device? What kind of device is it? Thank you
0
I'm pretty bad with IP design.   is there a 172.16 /12 network? If so,  how many subnets and hosts I can do?
planning how many offices,  larger and smaller I can put there.  
Thanks bunch.
0
[Webinar] Database Backup and Recovery
LVL 11
[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Where i work has a large number of DHCP scopes. must be approx 40-50 its been left that way for a good few years apparently

I have just joined in past 6 months and just getting round to look at it now

Any DHCP scope clean up plans? Whats the worst thing that can happen if some are removed that have VLAN connections (one thing we're worried about) so i plan on taking an inventory first

I know i can use powershell to look for free addresses per scope can i use this to see addresses that are taken, then i could compare using HP IMC to see whats actually being used

Any ideas appreciated domain functionality is 2008
1
Looking for software to document my network layout. Any options worth looking at?
0
Hello,

I am trying to research this question but not getting any concrete answers. I have multiple hub locations (none MPLS) connected to HQ via DMVPN. My bandwidth circuits at those external locations varies between 5Mb up to 100,Mb. My questions is, with SD-WAN, those sites with only 5Mb, will they see performance increase? Will I be able to manage this bandwidth? Or will I be cancelling the circuit with.. let's say Comcast and get a SD-WAN provider and thus leverage the speed? Also, if thats the case, will I be signing up for certain speed with the SD-WAN provider or no?
0
Working in environment with 34 switches mix of hp 5500 and 5120s over 3 locations

I suspect that the company who support our infrastructure just took the default priority for spanning tree design with switches

I intend to check each BID on each switch is there an argument for using default settings for stp would appreciate best practice on this and and also pointers on easiest way to correct it

I have login for each switch but also use HP IMC

Thanks,
0
Network Diagram
Proper Case

We intend to connect  to  a remote Cisco 4321 ISR router  via  The local PSTN network , and
We  try to configure the remote router to accept connections over the Auxiliary port

We want to use this strategy to  provide an alternative line for managing remote routers in case of
The wan connection failure  .

We are using  HyperTermianl  to  make dial-up connection  to  remote sites ,, and
We want to get  the access to  the Console of  The remote router .

PIC2 in attachments describe -  "what the final  result  should be in  the proper and successful remote connection " 

we are using Cisco 4321 ISR Router in site2  and  USRobotics 56K Faxmodem- Model 5630 in both sites , and we

are trying to get access to the CLI of remote router in site2

could you provide us with the All  The technical steps and  Configuration needed  to accomplish this task ?
0
I am trying to understand the effect of configuring  ip summary-address rip 0.0.0.0 0.0.0.0  on the Hub router in DMVPN Network.
per the  book, Spokes should see in their routing tables the RIP default Route 0.0.0.0, but it is not the case in my LAB

Hub#sh run 
Building configuration...

Current configuration : 1636 bytes
!
! Last configuration change at 12:59:12 UTC Sat Dec 30 2017
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Hub
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef    
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
! 
!         
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 !
!
interface Tunnel0
 ip address 172.16.123.1 255.255.255.0
 no ip redirects
 ip nhrp authentication DMVPN
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip summary-address rip 0.0.0.0 0.0.0.0
 tunnel source FastEthernet0/1
 tunnel mode gre multipoint
 !
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
!

Open in new window

0
We have a connection to the Internet and now we just added another Internet connection. We want to use the new Internet connection just for Office 365. I am not sure how to go about doing this as I have a default route from my core to the FW and then from the FW to the provider router. So currently all Internet connection, including O365, is pointed to the default route and there is nothing going out of the the new Internet connection.
We have a physical connection from the provider to the FW, then from the FW to the core switch.

Any thoughts? Thanks
0
I currently have a SonicWALL TZ 200 configured with WAN connections on 2 interfaces. I recently purchased a HughesNET satellite connection and I want hook this up to the SonicWALL (And add it to the failover/load balancing). However, once I received the Modem from HughesNET (HT2000) I learned that it does not have a "Bridge" mode built into the router. I cannot disrupt my current Subnet (needs to stay the same). Does anyone know if there a way to configure the interface for the modem/router combo into the SonicWALL so it will work properly?

Thanks in advance.
0
What steps would you take to move from a L2 flat 10.x network to a routable L3 network.  The gear is 15 yrs old and having the obvious issues that come with a flat network.
Thanks
0
Get your Disaster Recovery as a Service basics
LVL 1
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Need some help with configs at both ends.  I don't know if OSPF is necessary or not, since it
is not currently being used on the 8212 or Cisco 3560 that are currently connected by a Frontier Communications (WAN) Ethernet circuit.  Dark fiber will soon replace Frontier WAN.

The 5412 will soon be replacing the Cisco 3560 and one expert told me I should use OSPF to advertise all static routes on both HP switches.

Multiple VLANS (with the same IDs but different subnets) are currently defined on the Cisco 3560 and HP 8212 and communications have been fine for years w/o using OSPF. I could use some help with the configs of both switches and will pay for expert advice.
Thanks
Phil
0
Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
Hi Guys,

Last week I tried to upgrade our edge 3750X switch (two switches in a stack), from c3750e-universalk9-mz.152-2.E.bin to c3750e-universalk9-mz.152-4.E5.bin.

Previously I copied the new IOS to both flash: and flash2: from TFTP, ran command 'boot system switch all flash:c3750e-universalk9-mz.152-4.E5.bin, and then 'wr mem'.

Later I consoled into the master switch and reloaded. The master switch booted into the new image successfully, but the member switch got stuck in a booting loop. The new IOS was loading, and went nearly to the end, and the master switch could see the member at some point. Then the process started all over again, and it was endless!

I tried powering the member switch off, and then on again - still the same. Tried removing stacking cables, and restarting - still no joy. Then booted the member into SWITCH: prompt, and then into the previous IOS - still a loop! I didn't know what else I could try, so at the end I powered the offending switch off and left it as it was (as the master switch was providing all the services).

Please could you advise how to resolve this issue? Any advice would be appreciated.

Regards,

Lucia
0
I have a client that we support that just purchased a 10 person office across town and need them to connect to our office.  The 10 users will be connecting to our applications via remote desktop services (RDS server 2012 R2) at the main office.  I am looking for a router / firewall appliance that offers both site to site VPN and Client to site VPN.  My goal is to use a robust solution that offers support that I can easily setup and understand.  Some have recommended Sonicwall and Watchhguard, but their business strategy requires that I go through one of their partners - who may be in direct competition with what we do - provide IT support.  We simply want a solution that is under $1000 per appliance, easy to setup and logical and someone to help should we have questions.  We gave also looked at Barracuda networks as well.  But with any of these appliances, I need specific models to go with.

We will need the VPN for both the branch office we are connecting to as well as allow users from our current office to connect remotely from their homes.  So total # of VPN users could be 20 users.  Any guidance would be appreciated.
Don't get me wrong, I have 20 years IT experience and can configure most routers easily and have used Most in the past.  Just don't know the current offerings with subscription based / more robust VPN solutions.
0
I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.

It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites.

I have been told to program the Sonic-wall TZ215 to stop all traffic to sites outside the US.  We have never done this before.  Not sure how to setup the sonic-wall for that purpose.  I know this virus does not use the standard port 25 for smtp traffic it uses port 80 which i cannot block.  It is extremely difficult to find so i am trying to stop its connections at the firewall level to stop it communicating.  Any help would be greatly appreciated.
0
for a small business which conference system will you recommend?

what are the leading brands out there?
0

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.