Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

We have a main Cisco 3750 Switch. From that switch fiber connections run from the trunk ports to different stacks, essentially all other stacks connect back to this switch. We want to add a backup to this switch in case of hardware failure. Question how do we add it.
1. Do we add it as a second switch in Slave role or is there another way adding it.
2. Also if the first switch does go down, how do we prepare the second switch so that the trunk port are ready to accept the fiber cables
0
Cloud Class® Course: SQL Server Core 2016
LVL 12
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

From a best practice standpoint which is better, ASA on the edge or a router on the edge of your network?


off of the top of my head ASA on the seem like a better design, however, I have seen some networks in the passed with Router(Edge) then ASA.
0
As you can see from the attached diagram, site2 communicates with site1 via the pt-to-pt link as the primary. The MPLS is the backup link.

To get to the public server 1.1.1.1, site2 10.10.10.3.13 is going through site1. core1 redistribute static via EIGRP. and site2 learns the DG via EIGRP.

What I'd like to do is to reroute the DG  of site2 to FW2 when 10.100.3.13 or 10.100.3.14 fails. How would I go by accomplish this? Thanks

Capture.JPG
0
Hello Experts-
We have subscribed to MPLS IPVPN via Service Provide to connect our branch offices with HQ.
We have been given /30 subnet at HQ and each offices and running BGP between CE Router and ISP. We suppose to send the routes to ISP and then take will foreward via MPLS Cloud.

We want to install firewall at the HQ between MPLS Router and L3 Switch.

I am just concerned what routing protocol I should between MPLS Router and L3 Switch at HQ so that all HQ hosts can reach to branch offices.. Shall I used IGP or Static Routes ?
How to inject the routes from MPLS routes to firewall ? Is it advisable to run a routing protocol between them
How I can achieve redudancy if a router or firewall fails in HQ Office.

I am attaching a basic design.
Any suggestions and comments are welcome.
0
Hardware:
- (1) Cisco SG250 26P PoE switch
- (2) Ruckus WiFi ZoneFlex R610 access points (using their Unleashed setup)

I'm about to create/implement my first VLAN's, I'm pretty stoked I finally get to play with VLAN's. I've been doing IT/networking since 1991 but never did VLAN's. I've configured Sonicwall firewalls from scratch but this is my first Cisco device I get to admin; thankfully it has a GUI. I've already researched the heck out of VLAN's, trunk ports, tagging, & more, & I feel I'm ready to do it. I have the freedom to create this new network as if it were the original network built for this office. Almost all the employees are out of town for next week so it's an ideal time to build a new network. There are no Windows servers or any network services on this WiFi network; all that stuff is on the "corporate" network. This WiFi network I'm replacing/upgrading is what could be referred to as a "rogue" network that this department installed themselves just so they'd have faster Internet.

I'm creating VLAN's so our business can separate the Guest WiFi traffic to its own VLAN but also allow some inter-VLAN routing to allow our screen-sharing solution (Airtame) that guests will be using to talk to our big screens in the conf rooms, which will remain on our internal/business VLAN.

We currently have a Netgear Orbi Pro WiFi network setup but that's not quite robust/sophisticated enough for what we need to do. I'm keeping this existing Orbi WiFi network hardware …
0
I have 2 5Ks running with VPC. They have been running fine for quite some time until today. One of the the 5Ks is not responding. I could not console in and the other 5K does not see it as a peer. I am planning to power it off and on. Will it get all the config and join the VPC when it gets back online? Thanks
0
Would it be a lot of data loss from SM to MM?
We have fiber from ISP [10Gb] is 9/125 SM going from SC to LC then into our LC 50/125 MM then into SM switch network module with SFP.

Would I have a lot of issues with that setup?

 I also read some people are using mode conditioning cables.  Will that help a lot?
https://community.fs.com/blog/mode-conditioning-patch-cord-utilized-in-gigabit-ethernet-applications.html
0
What would a good "Gap Analysis" look like? I had a recruiter call and they needed someone with a bunch of networking experience.
But the 10 month long gig was to travel to their various offices and data centers around the world and do a "gap analysis". It sounds
intriguing enough. I just wondered if anyone had an example document or general thoughts as to what the output of such a
project/assignment would look like in the end. ??
0
configuring vlans on HP 5406zl
I'd appreciate some advice on configuring a data and voice vlan on a HP 5406zl, the current config is attached.
currently the whole switch is configured on the default vlan, however I want to add a voice vlan for a up coming voip phone system replacing the old analogue pabx.
the goal is to connect the pc's through the phones, phones on Vlan30 and Data on Vlan1.
I have added the vlan30 , however in need of some advice on the tagging and untagging of ports and the routing to enable the vlans to communicate with each other.
this switch also acts as the core switch and has IP routing enabled, it has 6 poe modules (ports A1- F24)
A1 to F22require both vlans , F23/F24 will be used to connect to switches on another floor and need to pass both vlans through. F17 is the link to the FW
appreciate some guidance on this as HP is not mother tongue, when switching.
current-HP-L3-core.txt
0
The goal is to connect the Main & Seed Office That have a city street and a railroad between them.  via the point to point wireless to be able to share the higher speed
Of the Charter cable along with giving the Seed office access to the NAS.
But I need to have a failsafe if the wireless goes down for any reason that the Main office
Would not lose their internet connection all together. Just fall back to the 10 m Fiber
What do you think the best route would be for this setup.
Running  any cable from the feed mill to the seed office is not an option with the railroad tracks
And a city street in the way.
Thanks in advance.
0
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
Trying to connect Netgear WNDA3400 to act as a wireless access point behind a SonicWALL SOHO. I read post from other users about same issue. I tried but no success. Can anyone help me figure this out?
0
Got called in to look at a very strange network the other day...  They were running a business off a (A) Linksys E2500 home wireless router.  Now off of this router is one cable going to a (B) Mako dual wan appliance, which then goes to a (C) Cybera appliance which hosts a VPN connection as well as a (D) Cisco RV042 router.  Now the other cable off the original router goes to another (E) E2500 Linksys router which only has a laptop and provides wireless to a printer and cell phones for employees.  

Now router (A) is controlling PPPoE from a bridged DSL modem.  Router (A) IP is 192.168.1.1 and servicing everything via DHCP (This will change in near future).  Router (E) acting as an access point is also LAN IP of 192.168.1.1 and handing out DHCP.  The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network.  The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return.  I believe either the laptop router (E) is creating the problem.  Router (A) is experiencing over 2,000ms latency and over 5% packet loss.  So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation.  This router is set to 192.168.0.1 and has around 25ms latency with less than 2% packets loss and everything works great!  We are keeping an eye on this for a week or so, before any more changes are made.

Eventually the Mako should be the router and…
0
I need help in configuring HA/load balance from Site A to Site B. Site A is the PRODUCTION and Site B is the BACKUP SITE. We have lease two Private line with two different providers running different speed. I need to configure Load Balance from Site A to Site B and vice-versa if possible, but i am more concert Site A to Site B.
We have Cisco 3850 on Site A, and two interfaces  connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.  
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below.  I greatly appreciate with the right directions.
Thanks a lot.
WAN
0
Qnap NAS TS-1635 connection to server

i just bought a QNAP, i would like to connect it to my server is it better to

1 - add the NAS as a network store and add that way
2 - buy SFP connector and use fiber to connect it to my server with a Fiber card
0
Good afternoon All

I am looking for community help to get me started on a Dell PowerConnect X4012 (2switch stack) configuration for 3 Dell XC servers with Nutanix on them.  I also have a TOR switch stack of 2 x Dell 3024 switches.  I have found in the past best practice documents for configuring Dell kit for VMware but I can't find anything conclusive for the above.

What vlans am I going to require for Nutanix AHV HCI?  

Any help gratefully received.

Thanks
0
Any reference on configuring Fortigate Analysis into my existing Fortigate 100D environment ?

Thx
0
When you have a Wi-Fi, you might want to isolate the untrusted network from your network, since Wi-Fi is more vulnerable to attacks, as is a guest network. You will still be able to manage guest/Wi-Fi from your network. This is possible to do with an Edge router
0
I have SonicWALL Firewall/Router and 5 public IP address. I am going to have 1G Fios connection soon; however, the my soniwall won't give the 1G connection speed due to the DPI.
I would like to create second network that outside of firewall and wondering if I can split by public IP address with separate router.  Do you have any solution for this?
0
Free Tool: Site Down Detector
LVL 12
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi all, looking for some assistance with a SQL cluster issue, would appreciate any assistance available.
xxxSQL07 is the name of the SQL cluster (windows cluster name xxxSQLCLU02) made up of two nodes; xxxsql03 and xxxsql04.
All works, able to connect using SQL studio using Windows Authentication (tried multiple accounts, including the service account that all SQL runs on on this domain).
The problem has presented itself as we've recently created a reporting server (xxxrpt02). The local publication has been configured linking to the only database on xxxSQL07 and wizard completed with no errors. From SQL studio on xxxRPT02, when trying to add a local subscription I receive the error message, "The target principle name is incorrect. Cannot generate SSPI context. (Microsoft SQL Server)". I've tested the reporting server by connecting to a local subscription on another SQL cluster which works, I also tested the faulty domain cluster from the other working reporting server and received the same error.
This error occurs whenever I try to connect SQL studio to this SQL cluster. I've also tried connecting to the name of the windows cluster but that didn't work.
In an attempt to fix this issue I took the xxxSQLCLU02 offline from failover manager and performed a repair in an attempt to get this connecting in to Active Directory correctly.
The SQL cluster name is pinging and the IP is resolving when pinging -a.

I've done some digging around and am erring toward this issue being…
0
I have 3 WS-C3550-48-SMI and they are connected to each other via 1000BaseCX Gigastack. But they are only half-duplex. My users are experiencing slow response. Could it be because of those trunks with half-duplex?


sh int status
Port      Name                      Status           Vlan       Duplex      Speed      Type
Gi0/1     Switch A & C       connected    trunk      a-half        a-1000      1000BaseCX Gigastack
0
Q1:
Is there a product to centrally manange hundreds of Cisco routers/switches ACLs ?
Can TACACS+ do this.

By management, need to be able to see how many hits on a specific rule in ACL,
add/remove/amend ACLs without logging into each router/switch.

Q2:
It's been ages: an ACL needs to be completely removed, amended & then reapplied
back on the interface : is there something easier like the way Firewall rules can
be changed on-the-fly?
0
We have 30+ small office branches that connects to our Data Centre via WAN routers
& these WAN routers connect to a core switch in DC.  

Each branch has 2 flat Class C subnets : one for wired LAN & one to our corporate
Wifi LAN.   We don't expect more than 100 PCs/devices in each branch.  All devices
& PCs at each branch are connected to L2 switches (including the branch WAN router).

There are PCs & devices (Cashiers, cameras, small robots/automation, scanners and mini
databases) in the branches that run applications that do not need to communicate to
servers in the DC other than to AV EPO, SCCM patching, central encryption management
servers, HIPS (endpoint IPS) console & the likes  but backups are taken by NAS located at
branches.

However, there are some semi critical mini servers & databases which we deem ought to
be segregated from the rest of the organization to prevent DoS  though PCs for emails
& Internet access will need to go back to the DC.

Q1:
What are among the best practices for such branches network traffic?
Hub & spoke design?   Layered security?  Micro-segmentation within each branch?

Q2:
Do we treat each branch's network to be of lower, equal or higher trust levels than
DMZ, applications servers zone or backend servers zones (typical network trust
zones)?

Q3:
For traffic filtering / microsegmentation, is it best practice to configure
a) ACLs at each branches' WAN routers (as switches at branches are Layer 2 &
    at most …
0
We are a small size of company. We have a lab too.
We want to segregate lab from the one common network . Idea is, all devices from this V-LAN network can utilize from the previous network but no one can see lab network from the previous network. How to accomplish this?
What are the requirements ? Please help me in designing the network
0
 
LVL 17

Administrative Comment

by:Andrew Leniart
Hello abcd ab01,

What you have done here is made a "Post" which is used to share information you think would be of interest to the Experts Exchange community.

In order to get help with a technical problem from the experts, please use the "Ask a Question" feature of Experts Exchange.

It's the big blue button at the top of your browser when you are logged in to this forum.

I hope that's helpful.

Regards,
Andrew Leniart
EE Topic Advisor
0
i need to secure Exchange 2016 OWA via a reverse proxy. Is there anyone doing this and what appliance are you using/recommend
0

Network Architecture

12K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.