We help IT Professionals succeed at work.

Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

How should spanning tree be designed?

I have a wireless controller that is essentially a switch and that is connected to a core switch.  The port, from the wireless controller is set with spanning tree turned on.  The core switch is using Spanning tree )(2 fiber connections on each switch uplink port.

I want to use another port on the same wireless controller that will be connecting to other switches.  Should I disable spanning tree on the other ports or not?  If these other ports on the wireless controller have spanning tree disabled will that cause any loop?

I have never worked with spanning tree before and I am not sure what I should do?  But I do not want to bring the network down.  Again Spanning tree I enabled on the core switch ports that will connect to the wireless controller.  Should I have spanning tree enabled on the wireless controller ports or will disabling spanning tree on the wireless controller bring the network down?

One may reference:  https://www.experts-exchange.com/questions/29122858/Why-did-a-Spanning-Tree-enabled-switch-port-bring-another-switch-off-line.html?headerLink=workspace_answered_questions
I am looking to upgrade my router to a router that can handle a higher volume and faster, but the number is confusing me a little.

I currently have a Ubiquiti ER-X and looking at the ERPoe‑5, I compared all the specs [RAM, Storage size, 1518 byte packets] and the ERPoe‑5 is higher or same, except for 64 bytes packets which the EX-R the throughput and pps, same is with the CPU frequency on theses 2 the EX-R is higher [EX-R throughput 957 Mbps pps 1,400,000 and the ERPoe‑5 throughput 490 Mbps pps 730,000, CPU frequency ER-X 880 MHz ERPoe‑5 500 MHz both CPU core count 2]

Please help.
My contractor ran fiber cables between floors.  Today I noticed there's an interesting transition connection from thicker cable to the thinner one.  Taped over with while electrical tape.
I didn't have that fiber patch panel.  They install it all.  Taped like that on both end of terminations.

  Does anyone know if this is how its done normally and should I worry about it?  Thanks.
HI Experts.

I have this policy map on most of the switches at my organization.  

      set dscp ef
      police 128000 8000 exceed-action policed-dscp-transmit
      set dscp cs3
      police 32000 8000 exceed-action policed-dscp-transmit
      set dscp default
      police 10000000 8000 exceed-action policed-dscp-transmit

We are now replacing the existing phones with a new cloud base phone system and they sent me these requirement for QOS and the vendor gave me this policy to use on the switches

policy-map PM-ASW-IB-User
class CM-ASW-IB-RC-Voice-RTP
set ip dscp ef
police 512000 16000 exceed-action drop
class CM-ASW-IB-RC-Video-RTP
set ip dscp af41
police 768000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-GeneralSIP
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Meetings-Control
set ip dscp af31
police 32000 8000 exceed-action policed-dscp-transmit
class CM-ASW-IB-RC-Other
set ip dscp af21
class CM-ASW-IB-Cust-AF13
set ip dscp af13
class CM-ASW-IB-Cust-AF12
set ip dscp af12
class CM-ASW-IB-Cust-AF11
set ip dscp af11
class class-default
set ip dscp default

Apply on the ports :

interface range Gi1/0/9-20
! no mls qos trust device cisco-phone
! no auto qos voip cisco-phone
! no mls qos trust cos
! mls qos trust dscp
! priority-queue out
! …
Should I worry about humidity in server room?
The server room is in the design stage. It may have 2 open racks and 3 cabinets which mount servers, UPS, etc.  
The temperature will be well controlled by A/C system, which does not offer humidity control. Is this a big deal? I usually don't pay much attention to humidity in the past.
Hello Experts,

I am at a client site and he has a bluecoat packetshaper s200, the client has ordered a replacement hard disk and it has arrived, I would like to replace the hard drive on this device. I am hoping someone can guide me through the process,

I know that I have to open the box and remove the old drive and put the new drive. I need help in backing up the configuration file and IOS, One more thing I like to know is to determine which drive needs a replacement, I do have access to the gui but need the right steps to do that.

CAT6A or CAT6?

The client is building a 100K square feet new manufacturing facility that potentially may have 500+ network cable runs - data, voice, WiFi APs, security cameras, etc. This new facility will be ready to occupy in less than a year.
The cost of deploying CAT6A can be 2.5x or 3x more expensive than CAT6, which is about $20K~30K more.
Does the cost justify the future proof of 10GB?
If you were me, will you propose CAT6A or CAT6? And importantly, the reasoning to convince the client?


PS - all the network devices (Servers, PCs, network switches, etc) that will be moved to the new facility will be 1GB
Hello experts,

I am at a site and they use cisco WLC 5500 wireless controller and they have defined all the SSIDs , one of the SSID is the guest and I am checking the interface defined and it is clearly showing that it is on VLAN 50 the IP of the interface is given, plus the gateway which is same as the primary DHCP

I checked the core switch and there is VLAN 50 but just the vlan is defined but there is no SVI for vlan 50 and there are no DHCP services on the core, I checked the Microsoft servers and I do not see the scope for vlan 50. I am wondering how the clients are getting a dhcp IP when they access the guest SSID. I can not find this gateway or primary DHCP

This client also uses cisco ISE, I have access to the cisco ISE but it uses different IP and I do have access to it but I am not getting clarity on this network, Any suggestions on how to find this dhcp server or service will be great help.
hi guys

One of our directors has asked me some questions about what we could do in the future to reduce the need for I.T presence at one of our countries and instead have it so that the support is almost entirely run from the U.K instead.

The site at our other country has two separate sites. One is a warehouse, the other is an office. The total number of users at both sites together is around 100 users. There are firewalls at both sites. There are VPN's connecting both sites. Those sites are also connected to us in the U.K

I mean, one of the only ways to reduce the I.T presence in one place is by reducing the types of physical hardware/equipment which would constantly require physical presence, right? So things like switches, PC's dying on you, printers, file storage, SAN disks needing replacement, you name it all will require some level of physical intervention.

By heading towards Office 365 and Exchange online, would you say that helps slightly reduce the overhead?

Along with that, how about instead of having PC's that are powerful, have decent thin clients and have high enough bandwidth to give them connectivity to their own virtualised machine on like a cluster of Vmware/Hyper-V servers on a SAN that have been spun up for them. So that would then reduce the possibility of hardware/disk failures on site and instead have them run on virtual terminals. Are there performance issues with that? Are the costs in the longer term reduce and is the quality …
hi guys

I was looking into cloud switching, such as the tools being offered by Cisco Meraki. They keep saying that you can have your switches in the cloud. But I'm trying to understand how that would work.

Would that mean that in my organisation which consists of two stacks of x 7 switches, totalling 14 switches, that I would suddenly no longer need that anymore if I implemented Meraki's?

We have around 300 people in our office. All of those people have to be connected/patched to a port on the wall and those need to be patched into a switch.  I can't exactly get rid of those physical switches can I? So I'm not really understanding the whole cloud switching situation with Meraki's?

Or have I totally misunderstood the cloud switching scenario?

thanks for helping

I have a network with a Layer2 link back to a datacentre which provides our internet connection, we have no firewall onsite at present but looking to install one.

We have ordered an internet connection on premise.

We want to keep our Layer 2 connection and make use of it somehow.

We want to use the new internet connection on-premise and a firewall to route the internet. What's the best way to do this?
Hi Experts,

I am able to access the call manager in our organization, I have a phone device and I can see it under Device --> Phone but I want to know how an anolog phone with DID phone number  will connect to call manager using internal extension usually using the last 4 digits as internal ext,

If the product Type Tye says : Analog Phone , does that mean it is a analog phone.

I'm moving layer 3 routing from an old core switch to a new core stack we've just purchased.

The stack has been configured with trunks and has access to the network.

The old core will not be removed just the routing will be removed from it.

At the moment the old core has links to different sites

My question is when the routing has been moved over, will I need to move cables over from the old core to the new?

Dear Experts,

I am at a client location today and they have a local server that will be accessing different sites with various ports. The client has ASA firewall and Cisco Firepower my question is do I add the access rules in Firepower or directly in ASA?

I am always not sure and the client has no preference.

Please let me know from your experience how to tackle this .

Riverbed SteelHead configuration Issues - as Luns are degraded due space made full by multiple snapshots

I am new to Riverbed support
Here is Config i have
Appliance Details
Model:      EX1260 (EX1260VH_4)-Revision-A
SteelHead EX:      4.1.0 #8 x86_64
RiOS:      9.1.0-ex #8 x86_64
Storage Edge:      4.1.0 #8 x86_64

Would need experts help to fix below given errors..
ACTION REQUIRED: Free space on the cache disk is low. Please make sure your WAN link is up and the commit rate is more than the write rate. If free space falls further, Edge will begin deactivating LUNs. ;
IMMEDIATE ACTION REQUIRED: Deactivating LUNs: Free space on the cache disk is very low. High-traffic LUNs have been deactivated to prevent service disruption. Please make sure your WAN link is up and the commit rate is more than the write rate.

Link state -disabled
Optimization Service - Internal Error      Critical
Error committing a snap to SteelFusion Core due to: Resource temporarily unavailable-Degraded
SteelFusion Core
Connection between SteelFusion Edge and SteelFusion Core for one or more LUNs is down
Please see the SteelFusion Edge Storage page.
Uncommitted Edge Data      Degraded

Storage team increased space @LUN end which is not increased actually as not reaching to riverbed steelhead because they can see
ISCSI Server port for both riverbed appliances is down

Please help to make it up  so that space can be increased @datastore end too

Hello gents,

I am at a customer site and they have a server in the internal zone, the network has Cisco ASA firewall.

They have a developer and on the server he wants to open ports 7000-7200, Do I use the Cisco ASA to open these ports ? or is this done on the server only.

I am not sure how to address this I need clarity on such type of requests from clients,

Recenly we received call from our client said that network down and we visit onsite found that is looping .

She buy two unmanage switch try to connect by her self ,we found out she connect one of the cable back to the switch .

Actually they have are using HP 5130 as the core switch and all the access switch is HP/Aruba 2530.

I would like seek for expert advice ,what we can help them to avoid this problem occur again.
I'm currently using a /22 address space, 192.168.100.x with a flat network, everything in one vlan. I know that's not good, so I want to change it.   We will be moving to a new facility in about 6 months, a bigger building with 3 floors, currently we have 1 floor.  There will be different buildings, so I'm debating about having two separate internet circuits for each building, or if I should just have both buildings under one internet circuit. The 2nd building is a church, so I'm thinking it might be wiser to have two different physical networks, for security.

I've done some research online, but wanted to see what is best practice when creating vlans?  Do I create vlans by department, or by security boundaries, etc...  I'm still trying to figure that out.  Plus, I think it might be best to configure my existing network with all the vlans that I want to create for the new facility, so I don't want to try to completely reconfigure my network during the move, as it would be a nightmare, right?

I have about 90 computers (PCs and Macs), 80 VoIP phones, 28 servers, 13 APs,  15 network printers,  at least 75 or so smartphones/laptops/tablets on the network in any given day.
I currently

Any input would be greatly appreciated
What are the common patterns for distributed software architecture? Is there any list?
I have HP Procurve switch in my network. I have a network setup for a security camera that doesn't need to be accessible to the Internet. It seems that the camera continuously accesses the Internet for some reason. The packet has been a drop from the SonicWall since there is no rule setup for the network.  I would like to setup HP procurve switch to not forwad those request.  what is the command or rule to do that?  I have a core switch as a gateway of all network and the security camera is in VLAN.
Wonder your folks opinion.  How do you approach this questions from executives.  
 "what do you think is better 74Mb DSL or 60Mb cable?"  :)
We have some older model Siemens PLCs that I'm told have an IP address, but no gateway. Can anyone confirm if they have seen something like that?

Second and more important is my part in this challenge: If it is possible that a device has no gateway, how to get it to talk/route to a different subnet?

Edit: I see some Siemens documentation that talks about using subnets and supernets to get around the issue. So if it helps, my destination subnet is and my PLC is
IP address shortage on Class C network.
The company is in manufacturing business. They have Windows servers, office PCs, production PCs, network switches, internal WiFi, IP phones, machines, etc. They all consume IP addresses. Now they wanna add 40 more production PCs while there are only 20 free IP addresses.
What should be done in order to release more IPs on this network?
One thing we are considering is to create a separate network for all 20 IP phones which are used in the "sub-site". (Please see the attached diagram). We are not good at VLAN, but we can learn. Will VLAN help in this situation?  
Are there any other things we can do?
What needs to be done to replace Optimum router and modem with a modem router combo device?
Hello - what (if any) are the options for shaping traffic on an X-series firewall?  I have a customer with a Gig handoff Internet circuit, currently provisioning 150-Mbps. This is terminated on an old ISR, which is shaping the traffic via "bandwidth 150000" command to prevent carrier policing. We need to move this connection off of the ISR onto a ASA 5525-X.

From what I've found so, it appears there's no way to handle traffic shaping on the X-series firewalls. (I haven't looked into the new FTD appliances yet, so would be interested in feedback on those as well.) The 5525 is currently running 9.2 code, and the 9.2 configuration guide (https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall/asa-firewall-cli/conns-qos.html) indicates that traffic shaping is only supported on the 5505 (not the "multi-core models such as 5500-X"). I haven't checked newer release notes.

Is there a way to perform the same shaping function on an ASA 5525, with either the existing or newer code? If not, how are other customers handling sub-rated circuits to prevent policing and the potential resulting connection drops? Again, if the newer FTD appliances (2100's) can provide for this, that'd be helpful to know.

Thank you

Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.