Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am putting together some phone equipment and servers in a datacenter cabinet.  The datacenter is providing us a redundant router connection using HSRP.  The cabinet has two Ethernet cables: primary, secondary.

We need external routable addresses for each of the two border controllers for the phone system.  They have a WAN port and a LAN port so they can have an external (outside the firewall) connection and also have a local IP address in the same subnet as the servers in the cabinet.

We are trying not to purchase another $2000 Cisco switch for the setup to accept the 2 Ethernet connections.

We have a WatchGuard M370 firewall device with several ports that can be configured in many ways.

We have two layer 2 switches available in the cabinet for use outside and/or inside the firewall. It is a layer 3 device.

I need help in the configuration of this system.

One suggestion was to take the two datacenter network cables and plug them into a standard Layer 2 switch then patch that switch into an external interface on the firewall.  After so many attempts I am trying to remember but I think the path to the internet was broken when BOTH router cables were plugged into that switch.  I am going back to the datacenter tomorrow to try more things but I wanted to get some input from you guys first.  I have the datacenter IP sheet where they provide me the configuration info but didn't want to post live addresses on this site.  Basically they gave me a \29 subnet and …
0
Granular recovery for Microsoft Exchange
LVL 1
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Hi Guys

I'm looking to add in some static routes on my 2 core switches (both S4810's) which I've inherited.  I've got some existing routes which I need to mimic so I'm just looking for confirmation that I'm about to do it correctly.  Here is the entry(ies) id like to mimic on my system when I run sh ip route:-

  S    192.168.61.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.62.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.63.0/24    via 192.168.60.250, Vl 60            1/0        5w4d
  S    192.168.64.0/24    via 192.168.60.250, Vl 60            1/0        5w4d

So you can see I have multiple for a number of subnets which I need to go out of to a particular Vlan interface

I need to do the same with another subnet, lets say 192.168.1.0/24 out of the same Vlan interface

Im thinking of running the following in conf mode:-

ip route 192.168.1.0/24 vlan 60 permanent

Is this as simple as it looks?  Does this look correct to everyone?

Thanks
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
hello,  i want to use two different isp on sonicwall equipment, i want one isp as primary and the other as back up, i want it to switch automatically when the primary is down
0
In:
https://www.experts-exchange.com/questions/29078131/Peer-to-peer-network-names.html#a42433873

art lee said:
build a samba wins server on and old pc using Linux distro with a sambal gui
and make it the master browser

So, I researched the idea a bit and, it appears that if one were to introduce such a server, it could be connected to the network and take over name service.

Could it be turned off to return to the original "normal"?  That would seem to suggest a very low-risk approach in dealing with LAN single-subnet name service that would be reversible.

Could such a server be set up on a virtual machine?
I have thoughts of setting up a virtual machine on an existing Windows workstation for this purpose.
Seems like this would be the least intrusive approach to a critical system that's in production.

Your thoughts and suggestions would be appreciated.
0
Hi,

We are running an intranet in our organization...now we are thinking to provide the access of our intranet to the users even through their mobile..How can we do this... and is this possible?

Thanks in advance,
Srikanth Nandyala.
0
I'm pretty bad with IP design.   is there a 172.16 /12 network? If so,  how many subnets and hosts I can do?
planning how many offices,  larger and smaller I can put there.  
Thanks bunch.
0
Network Diagram
Proper Case

We intend to connect  to  a remote Cisco 4321 ISR router  via  The local PSTN network , and
We  try to configure the remote router to accept connections over the Auxiliary port

We want to use this strategy to  provide an alternative line for managing remote routers in case of
The wan connection failure  .

We are using  HyperTermianl  to  make dial-up connection  to  remote sites ,, and
We want to get  the access to  the Console of  The remote router .

PIC2 in attachments describe -  "what the final  result  should be in  the proper and successful remote connection " 

we are using Cisco 4321 ISR Router in site2  and  USRobotics 56K Faxmodem- Model 5630 in both sites , and we

are trying to get access to the CLI of remote router in site2

could you provide us with the All  The technical steps and  Configuration needed  to accomplish this task ?
0
Need some help with configs at both ends.  I don't know if OSPF is necessary or not, since it
is not currently being used on the 8212 or Cisco 3560 that are currently connected by a Frontier Communications (WAN) Ethernet circuit.  Dark fiber will soon replace Frontier WAN.

The 5412 will soon be replacing the Cisco 3560 and one expert told me I should use OSPF to advertise all static routes on both HP switches.

Multiple VLANS (with the same IDs but different subnets) are currently defined on the Cisco 3560 and HP 8212 and communications have been fine for years w/o using OSPF. I could use some help with the configs of both switches and will pay for expert advice.
Thanks
Phil
0
Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi Guys,

Last week I tried to upgrade our edge 3750X switch (two switches in a stack), from c3750e-universalk9-mz.152-2.E.bin to c3750e-universalk9-mz.152-4.E5.bin.

Previously I copied the new IOS to both flash: and flash2: from TFTP, ran command 'boot system switch all flash:c3750e-universalk9-mz.152-4.E5.bin, and then 'wr mem'.

Later I consoled into the master switch and reloaded. The master switch booted into the new image successfully, but the member switch got stuck in a booting loop. The new IOS was loading, and went nearly to the end, and the master switch could see the member at some point. Then the process started all over again, and it was endless!

I tried powering the member switch off, and then on again - still the same. Tried removing stacking cables, and restarting - still no joy. Then booted the member into SWITCH: prompt, and then into the previous IOS - still a loop! I didn't know what else I could try, so at the end I powered the offending switch off and left it as it was (as the master switch was providing all the services).

Please could you advise how to resolve this issue? Any advice would be appreciated.

Regards,

Lucia
0
for a small business which conference system will you recommend?

what are the leading brands out there?
0
Trying to replace 3650 with a 3750 g. I have concerns over the IOS version and multi cast, I am concerned about some of the IOS commands not supported in the 3750.

Trying to understand the differences between 3750g running ios  Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE4, RELEASE SOFTWARE (fc1)

and

WS-C3650-24TD running cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.05SE RELEASE SOFTWARE (fc1)

There are differences with VRF and IP dense mode

Any insight would be helpful.
0
Hello EE,

This is just for my own information,

I have one firewall that has outside interface configured that is pointing to the ISP gateway. I have right now one interface configured as inside and plugged to layer 3 switch and it provides internet access to that LAN.

now I have another layer 3 switch that is configured to provide LAN access to bunch of users , I want to provide internet access to that site and I want to have the internet traffic go through the same firewall. Any thoughts on this?

Thanks,
0
Hi expert

I have found a picture on the internet and modified little bit. I would like to implement the same things on my AWS environment.

Is there anyone who can help me to create a template so that i can imported directly. I am having issue in designing the same diagram

I have attached the cloud formation diagram. Please follow the attach file
Network-Diagram.docx
0
I got into a discussion recently regarding a recommended switch design for a small customer looking to upgrade their core switching. The existing core is a 3-member stack, which we could consolidate into two switches, either in a stacked design (keeping the current design) non-stacked. The handful of access closets are all dual-homed back to the current core, which each link landing on a separate switch member (so, a single logical link w/ both physical links active). The existing switches are End of Support, and the easy replacement would be a couple stacked switches with redundant power (such as a couple Cisco Catalyst 3650s).

We were discussing this internally, and someone took the stance that it might be a better/recommended design to go with two independent (non-stacked) switches, connected via 1/10-Gig front-panel Ethernet, as "stacks aren't really built to provide redundancy." The argument was that a stack 1) has a single control plane, and if the master switch goes, there'll be an outage for all stack members/ports, and 2) upgrading a stack requires an outage due to having to copy/replace current images and reload.

I'll agree with 1), and somewhat w/ 2), although the resulting outages and how they could be scheduled/minimized would depend on the specific vendor/model architecture. Having said that, I've never really run into a headstrong opinion AGAINST a switch stack design, simply based on the risk of a single control plane. Yes, there'd be an outage for both…
0
Hi all, please am trying to login to cisco FEX from a switch, but not cleared how to go about it.

I have attached the FEX status on the switch below

If i login to the switch what command do i applied that will let me see all interfaces on the FEX.

Thanks for looking into this for me.
FEX-status.docx
0
I don't how to ask this question in a succinct way - if anyone knows the magic words to describe my issue I'd be grateful.

I have a small office network. Two laptops and a printer, all using wi-fi. The office has a Google WiFi mesh. There is a WD NAS attached to the router. The data is accessed out of the office on Android phones and Apple iPads. Most common applications are Microsoft Office. There is no data intense work (hence wifi being OK).

All data (250GB, growing slowly) is stored on the NAS - no data allowed on the laptops, just OS and applications.

The NAS is backed up nightly to iDrive cloud storage.

The most common way we access data remotely is via OneDrive, as it runs on Android and Apple and most apps (especially MS) will use OneDrive as a data source directly, even on Apple.

Problems.
OneDrive will not sync from a network drive (neither will Google Sync). But the data is on the network drive :-(

WD Cloud has mobile apps to access the NAS remotely, but few apps recognise that as a source for files. You have to 'download' a file to local mobile storage, then access it, then re-upload, which is painful. Much better to open a file direct from OneDrive and save back to it.

iDrive is the same as WD Cloud. It does have mobile apps, but again you have to 'download' a file to local mobile storage, then access it, then re-upload.

OneDrive is linked to an MS account. So multiple users can't access one OneDrive.

Ideal Situation
The…
0
Hi, I need to install the program on all the user's machines. it's a lot of users, how to do without install individually, one time install for every one.Any idea highly appriciated
0
Prepare for your VMware VCP6-DCV exam.
LVL 1
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

I have a core switch connecting to 13 edge switches. It switxh will connect to the core directly.

The core has 15 vlans for the switches to access the vlans do I need to make all the ports on the core members of the same trunk?
0
I have hsrp for gateway redundancy for my fw1. wan1 and wan2 router have hsrp configured with the virtual hsrp 1.1.1.1. Currently. as you can see from the diagram, if sw1 fails, I have to manually move the cables to sw2. How would I make sw2 the backup for sw1? Thx

pic
0
Hello all, this is my 1st questions in this forum.  hopefully, I am in the correct place.  if not, my apologies.

Hoping to get some guidance on dual WAN links configuration... here goes...

I presently have 1 x 100mb fibre from Rogers as our main WAN link.  actually, I also have 100mb BELL MPLS as well, soon to be decommissioned.  Also have 2 x 3750 cisco - stacked.

We recently got another 100mb link to be used as our backup link if the primary fails.

Rogers primary - EIGRP
Bell - OSPF
Rogers Backup - will be EIGRP

presently have VLAN 340 carved out for PRIMARY link.  will use VLAN 350 for BACKUP.

like to get some guidance how to configure the 2nd link to be a failover link in case the PRIMARY goes down.

I am no way a routing expert...
what would be an acceptable configuration that I can apply?  Nothing fancy, just wanted to make backup link available as quickly as possible when primary goes down.

this is what I presently have in my PRIMARY EIGRP:
router eigrp 1
 network 10.30.0.7 0.0.0.0
 network 192.168.30.1 0.0.0.0
 network 192.168.31.1 0.0.0.0
 network 192.168.32.1 0.0.0.0
 network 192.168.33.1 0.0.0.0
 network 192.168.36.1 0.0.0.0
 network 192.168.37.1 0.0.0.0
 network 192.168.130.1 0.0.0.0
 redistribute ospf 1 metric 1500 20000 255 1 1500
 redistribute static
 passive-interface default
 no passive-interface Vlan340

the OSPF lines will go away eventually.


is it best to use VLAN or L3 interface?  does it matter or is …
0
Hi Guys,

I'm looking after a site that has one or two bandwidth problems.  Topology is as follows:

It has a couple of Cisco 2950 switches and a Cisco 3560 switch which is configured to have a few VLANs.  Due to the geographical location of the site, internet lines are poor.  We have two gateways (30mb an 16mb) on this site and I have configured PBR to give a certain amount of load balance.   The gateways themselves are just the standard Netgear/D-Link type routing devices.

We are finding at certain times the bandwidth is much slower than we would expect and suspect one of the vlans is the culprit.  I'm going to setup SPAN on the port of the gateway the VLAN is using, then sniff and monitor the traffic.  I'm pretty sure what I'll find.  

So my question is.  What is the best way to limit the ingress and egress traffic from a particular VLAN from the 3560 switch.  I'm not bother about traffic type, just want to limit ALL inbound and outbound traffic to a specific rate.

I'm not sure if it's possible or feasible.  Have seen lots of stuff about rate-limit and policing etc, but nothing definitive.  I'm trying to avoid changing the topology too much by perhaps sticking in a Cisco router or swapping out the Gateway boxes for something that can handle more of the Enterprise type options.

What do you think?  I'm I flogging a dead horse, or do I need to change the topology.

Thanks for your help guys
0
does anyone have a configuration template for Nexus 7K multicast over MPLS?
0
All experts, I have remote site with multiple vlans connected by site to site VPN.  there ip address range start 10.0.8.0 / 255.255.252.0 and some of department has 10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0.   How do i combine these networks and route them by simple route statement use on vpn?  I currently set to all vlan networks mapped and working but I would like to have simple statement such as following

10.0.0.0 255.255.0.0 to  10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0 and 10.0.8.0 / 255.255.252.0

I hope it makes sense. I believe supernet was how it configured it. I open to your advise Thank you!
0

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.