[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have HP Procurve switch in my network. I have a network setup for a security camera that doesn't need to be accessible to the Internet. It seems that the camera continuously accesses the Internet for some reason. The packet has been a drop from the SonicWall since there is no rule setup for the network.  I would like to setup HP procurve switch to not forwad those request.  what is the command or rule to do that?  I have a core switch as a gateway of all network and the security camera is in VLAN.
Introduction to Web Design
LVL 12
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Wonder your folks opinion.  How do you approach this questions from executives.  
 "what do you think is better 74Mb DSL or 60Mb cable?"  :)

Any idea how to improve the network design to ensure the network performance , link redundancy (RSTP) and compatibility on layer 2 to layer 3 are working fine on  video management system?


Hi, need help on network devices. See attached drawn diagram for yr kind advice.

Having Cisco Core Layer 3 switch 5000 Series onward

Having Dahua Access PFS4228-24P-370 24-Port PoE Switch => https://www.dahuasecurity.com/products/productDetail/7041

Not sure whether is compatible to configure RSTP / STP with Trunk Port on Cisco Core Layer 3 to talk to Dahua POE managed switch


We have some older model Siemens PLCs that I'm told have an IP address, but no gateway. Can anyone confirm if they have seen something like that?

Second and more important is my part in this challenge: If it is possible that a device has no gateway, how to get it to talk/route to a different subnet?

Edit: I see some Siemens documentation that talks about using subnets and supernets to get around the issue. So if it helps, my destination subnet is and my PLC is
MAN Network setup.

I am tasked with setting up a MAN network.  We currently have 5 offices; 3 on East Coast and 2 on the WC.  

We are getting Comcast ENS 500mg circuits at these locations.  The plan is to have the 3 East coast offices come back to the HQ office in NY and the 2 West Coast offices to go to the office in Seattle with Seattle being the failover option if HQ goes down somehow.

We currently have a range of ASA5506/5525/5545 at the office locations that handoff to the switches.  It is a pretty flat network with the users on a /24 subnet and any VLANs at HQ are done on the 5545 handed down.  Would ASAs be best for a MAN network, will they do the job or is a router needed.

Currently I have these office's on a IPSEC VPN tunnel back to HQ.  Passing just their /24 subnet to HQ and we send out the required subnet(s) back to them for needed access.

Remote office - ASA5506/ASA5525 (depending on office) ISP connected to them then inside interface to L2 switch.

HQ - Layer 3 switch handoff to ASA -- multiple stack switches behind it.HQ DiagramProposed_Topology.vsdx
IP address shortage on Class C network.
The company is in manufacturing business. They have Windows servers, office PCs, production PCs, network switches, internal WiFi, IP phones, machines, etc. They all consume IP addresses. Now they wanna add 40 more production PCs while there are only 20 free IP addresses.
What should be done in order to release more IPs on this network?
One thing we are considering is to create a separate network for all 20 IP phones which are used in the "sub-site". (Please see the attached diagram). We are not good at VLAN, but we can learn. Will VLAN help in this situation?  
Are there any other things we can do?
What needs to be done to replace Optimum router and modem with a modem router combo device?
Hello - what (if any) are the options for shaping traffic on an X-series firewall?  I have a customer with a Gig handoff Internet circuit, currently provisioning 150-Mbps. This is terminated on an old ISR, which is shaping the traffic via "bandwidth 150000" command to prevent carrier policing. We need to move this connection off of the ISR onto a ASA 5525-X.

From what I've found so, it appears there's no way to handle traffic shaping on the X-series firewalls. (I haven't looked into the new FTD appliances yet, so would be interested in feedback on those as well.) The 5525 is currently running 9.2 code, and the 9.2 configuration guide (https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall/asa-firewall-cli/conns-qos.html) indicates that traffic shaping is only supported on the 5505 (not the "multi-core models such as 5500-X"). I haven't checked newer release notes.

Is there a way to perform the same shaping function on an ASA 5525, with either the existing or newer code? If not, how are other customers handling sub-rated circuits to prevent policing and the potential resulting connection drops? Again, if the newer FTD appliances (2100's) can provide for this, that'd be helpful to know.

Thank you
Please see the attached diagram.

I have configured and as VPC peers with a port-channel comprised of links A and B as their peer-link.

I want to configure a third switch, to be dual homed (using links C and D) and connect upstream to this VPC pair.

On the, I would configure the port channel with commands like:

switch63# int e1/31-32
switch63# switchport mode trunk
switch63# channel-group 1 mode active

What I would like to know is what command(s) do I run on either and/or to create a port-channel that spans both switches (so that the uplink from 63 is dual homed?)

I thought this was the most natural application of VPC but I cannot find any documentation for this scenario.

Thanks in advance for your help!
CompTIA Security+
LVL 12
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

I have a wireless guest network and I'd like to test to make sure that it cannot get into my internal network. Excluding ping sweep utility, what other tools can I use to do some sort of penetration testing? Thanks
I am at a new site and there are SVI interfaces in the core switch, which is fine but one thing I see is that the customer have the line

ip router ospf 21 area

Can I please have someone experience tell me if this is correct?
what does it mean, I looked at the ospf configuration and I have never seen any command in this syntax.

Thank you
We’re building out a design for a new building, which will consist of approximately 400 endpoints across two data closets. All storage and compute resources will be local in one of these closets, and will consist of VMware (likely on Cisco UCS), some form of storage, and also a backup appliance (likely Veeam). What’s relevant is that we’ll need to support (10) 10-Gbps connections for these three components.
We’re positioning Cisco Catalyst 9K chassis for the network connectivity. My question is whether we’d patch all of the above compute/storage/backup resources directly into the local Cat 9K (line rate 10-G modules or via the built-in 10-G ports on the supervisors), or if it’d be recommended to place another layer of dedicated 10-G switches below the Cat 9K just to handle these resources.

So, option A) below (separate layer) vs. option B) (unified to a common core/chassis)

Option A Option B
The question stems from another recent situation where we found unexpected (and crippling) issues, possibly based on oversubscription, buffering or both, when compute/storage resources were patched directly into Catalyst switching. Option B) above would be to position a couple dedicated Nexus 3K’s (or something similar), which would provide larger buffer memory. This would be a significant cost increase, so I’m obviously hoping I’m overthinking this and the single Catalyst 9K chassis can serve the unified campus (users) and compute (servers/storage) …
Meaning of Port number in Show spanning Tree

in the output of the command below  I see:

 Port        1 (Ethernet0/0)

I wonder what Port 1 means?  I thought the port is the same as interface.

Thank you

SW1#sh spanning-tree  vlan 20

  Spanning tree enabled protocol ieee
  Root ID    Priority    24596
             Address     aabb.cc00.0400
             Cost        200
             Port        1 (Ethernet0/0)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     aabb.cc00.0100
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Root FWD 100       128.1    Shr 
Et0/1               Altn BLK 100       128.2    Shr 


Open in new window

DR(designated router) is for sending source message to receiver. I am not sure DR is located between source and RP, or between RP to receiver? Anyone can give some idea? Thank you
MPLS Layer 2 and NAT

If I understand with MPLS Layer 2 , you can connect 2 sites of your networks and will seem just like you are on the same LAN network, except for speed.

Well, let say ISP gave us MPLS L2, and we connect one of our routers of our Site1 to one end of MPLS and another router of our Site2 to the other end of MPLS.
in this case, should the interface of a router connected to Site1 have to have IP address on the same subnet as the interface of the other router connected MPLS on Site2 ?

I mean : (Site1)R1---Interface1------>MPLS-<------Interface2--R2(SIte2)
Interface1 will be on the same subnet as Interface2 ?

Assuming it should.

Now to get all networks of Site1 and Site2 to communicate, do we need NAT translation configured on Router connected to MPLS on Site1 and Router connected to MPLS on Site2 ?

Thank you
Dear Experts ,

We  are  beside upgrading  our Data Center infrastructure ,,

Presently   we  have  the  Network Topology  shown in  the PIC  below ..


We are planning to replace the Nexus 5000 k with   Cisco Nexus 93180YC-EX


and  we  want  to transfer and migrate  all  Firewalls and  routers   to The new pair of

the Nexus 93180  ,,  we  want to  dedicate The Nexus 7010  for only  Routing at the Highest possible  speed

the new Nexus 93180YC-EX  pair  will  be  connected  to  all   Cisco catalyst remote branches switches ..

we have two  questions :-

First :-  is it  possible  to  use the 93180YC-EX  in the aggregation Layer , Not in collapsed Aggregation  Access layer   ,,  we want to separate aggregation and access layer and we  want  to  implement cisco 3 layers design model –
Where a pair of Nexus 7010 reside in the core and  pair of  Nexus 93180yc-EX reside in aggregation then Cisco catalyst switched  reside on access layer .

 If   the  mentioned case is  applicable  then please provide us with  sample cases and designs

Second :-

Regarding the upgrade plan
Is it  possible  to  transfer all firewall  -  security  policies and inter-vlan routing  to  the pair of  93180YC-EX   instead of the N7K ?
Is Root Bridge relevant when connecting to L3 Switches.

I would like to know when I have all my L2 switches connected to L3 (Distribution or Core) switches, if there is any concern about Root bridge election or even STP loop.
To my understanding as long as L2 switches are not connected directly between themselves there will be no Root Bridge election and there will be no STP loop to happen.
for instance in the Diagram below, all L2 switches are not connected directly between themselves, but connect to L3 switches.

Thank you

I have a data jack that is terminated; but, not properly labelled.  I am trying to use a tone generator to find the correct patch panel connection that I need to use and cross connect the ethernet correctly to the end point.


The problem is that this specific data jack is in a machine shop floor and when I activate the toner every patch panel connection is triggered in the room.  If I turn off the toner generator every patch panel is still sounding off in that room.

If I try the toner generator in different locations(other rooms) there is no problem.  The toner generator works as I expect it to.

What could be causing the toner tester to sound off in that 1 specific patch panel?  Could it be that the ethernet cables were not grounded correctly?
Bootstrap 4: Exploring New Features
LVL 12
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Enclosing a diagram of the network I am configuring.

Workstations can communicate between VLANs when the gateway on the workstation is set to or respectively. However, workstations cannot see the internet. If I configure workstations with gateway of or, then they can see the internet but there is no inter-VLAN communication. I want to achieve both scenarios - inter-VLAN and internet. However, VLAN must go out through its respective firewall and not just seek any path to the internet.

Does anyone have any idea on how I can get this working as mentioned above? I need to get this done urgently and this is my first Juniper configuration (used to Cisco)

We have two Cisco ASA 5505 units in an active/standby configuration. Our network is primarily made up of servers that are serving web sites and other products and services, as well as remote access, rather than desktops and other end user PC's.

We have a couple of blocks of routable public IP addresses from our Internet provider that we use for assignment to various servers within the network. The ASA has a relatively complex set of ACL and NAT/PAT rules to support all of this and get traffic to its proper destination.

Our ASA is logging the following messages thousands and thousands of times per day:

<162>Sep 29 2018 16:58:02: %ASA-2-106016: Deny IP spoof from (x.x.x.x) to y.y.y.y on interface outside

The first IP address listed (x.x.x.x) is the public IP address of the outside interface of the ASA unit itself. The second IP address (y.y.y.y) is another public IP address that is in the block of addresses assigned to us by our ISP and that we are using for one server or another. The second IP address varies among our different public IP addresses each time the message is logged; the first address is always the public address of our ASA unit.

Why would we be logging thousands of messages such as this showing our own ASA's IP address as the source? Does this indicate actual traffic that is attempting to spoof IP addresses and cause problems, or is this more indicative of a misconfiguration somewhere on our network?

Any assistance would be most …
in practice, where in the network (for shaping WAN/Internet traffic)  is best to connect packetshaper  in terms of security  and in terms of best network design?

Betw WAN router n external firewall, at DMZ external facing firewall or ?
Hi Experts,

we have to plan a big move to another building.
I have some questions about it.
Our datacenter is using RJ45 patch panels and cabling is done with CAT7

The new building has older technology installed and another patch system , called SYSTIMAX.
This SYSTIMAX patch system is new for all of us and the installed cables are all CAT6.

What kind of patch systems do you use in your datacenter ?
Do I have so many benefits with SYSTIMAX ?
I need to do an Enterprise Architecture maturity assessment using TOGAF framework. Can anyone who has done something similar give me guidance on best way to approach this.
Over all approach
Red flag points
Action points

Thank you for your help.

I have 1 aruba 2930F 48G 4SFP+, 2 24G POE+ 4SFP+ switches. How should I stack them?

Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.