Go Premium for a chance to win a PS4. Enter to Win

x

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post

switch model: Aruba 2920 48G POE+

Adding to a stack which already has 3 switches. Is it just a matter of reordering the stacking cables or is additional config required?
0
Configuration Guide and Best Practices
LVL 1
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Wondering if anyone is using version 8 Arubas yet.  We are still on ver 6 and heard ver. 8 is buggy.
Also ver.8 requires a Mobility Master (hardware or VM)  Ver 6 does not require that.
This is when using two or more controllers for load balancing and redundancy.   Aruba is not advising to start with 6 and upgrade to v8. The topology is very different and will require us to rebuild the network for the upgrade. They recommend V8 from the beginning.
Wonder how mature ver.8 is.

Any information or experience about on that?  Thanks.
0
I got into a discussion recently regarding a recommended switch design for a small customer looking to upgrade their core switching. The existing core is a 3-member stack, which we could consolidate into two switches, either in a stacked design (keeping the current design) non-stacked. The handful of access closets are all dual-homed back to the current core, which each link landing on a separate switch member (so, a single logical link w/ both physical links active). The existing switches are End of Support, and the easy replacement would be a couple stacked switches with redundant power (such as a couple Cisco Catalyst 3650s).

We were discussing this internally, and someone took the stance that it might be a better/recommended design to go with two independent (non-stacked) switches, connected via 1/10-Gig front-panel Ethernet, as "stacks aren't really built to provide redundancy." The argument was that a stack 1) has a single control plane, and if the master switch goes, there'll be an outage for all stack members/ports, and 2) upgrading a stack requires an outage due to having to copy/replace current images and reload.

I'll agree with 1), and somewhat w/ 2), although the resulting outages and how they could be scheduled/minimized would depend on the specific vendor/model architecture. Having said that, I've never really run into a headstrong opinion AGAINST a switch stack design, simply based on the risk of a single control plane. Yes, there'd be an outage for both…
0
Set-up issues


I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
0
Hi all, please am trying to login to cisco FEX from a switch, but not cleared how to go about it.

I have attached the FEX status on the switch below

If i login to the switch what command do i applied that will let me see all interfaces on the FEX.

Thanks for looking into this for me.
FEX-status.docx
0
I don't how to ask this question in a succinct way - if anyone knows the magic words to describe my issue I'd be grateful.

I have a small office network. Two laptops and a printer, all using wi-fi. The office has a Google WiFi mesh. There is a WD NAS attached to the router. The data is accessed out of the office on Android phones and Apple iPads. Most common applications are Microsoft Office. There is no data intense work (hence wifi being OK).

All data (250GB, growing slowly) is stored on the NAS - no data allowed on the laptops, just OS and applications.

The NAS is backed up nightly to iDrive cloud storage.

The most common way we access data remotely is via OneDrive, as it runs on Android and Apple and most apps (especially MS) will use OneDrive as a data source directly, even on Apple.

Problems.
OneDrive will not sync from a network drive (neither will Google Sync). But the data is on the network drive :-(

WD Cloud has mobile apps to access the NAS remotely, but few apps recognise that as a source for files. You have to 'download' a file to local mobile storage, then access it, then re-upload, which is painful. Much better to open a file direct from OneDrive and save back to it.

iDrive is the same as WD Cloud. It does have mobile apps, but again you have to 'download' a file to local mobile storage, then access it, then re-upload.

OneDrive is linked to an MS account. So multiple users can't access one OneDrive.

Ideal Situation
The…
0
I am trying to understand the purpose of the number that comes after the "/".
example:
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17

2 means match 2 bits of first octet 10

however whatever I put , the prefix list will care just about the ge 17

to clarify it I have this table before filtering:

R1(config)#do sh ip route 
      10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D        10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0

Open in new window


if I use : ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
router eigrp 1
 distribute-list prefix TEST in


R1(config)#do sh ip route

      10.0.0.0/8 is variably subnetted, 5 subnets, 5 masks
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0

Open in new window


so what 's the purpose of the number that comes after the slash sign "/", example:10.0.0.0/2

Thank you
0
Hi, I need to install the program on all the user's machines. it's a lot of users, how to do without install individually, one time install for every one.Any idea highly appriciated
0
Hello guys,

I´m trying to setup SSTP server on a mikrotik router for multiple multiple.

Is it somehow possible to determinate which SSTP server profile should be used based on Domain?

Example:
I have two domains exmple1.com and example2.com
when some user connects to SSTP server from domain exmaple1 use this SSTP profile when user connects from example2 use another profile.

Any ideas?

Thank you very much!

Regards

Jiri
0
I have a core switch connecting to 13 edge switches. It switxh will connect to the core directly.

The core has 15 vlans for the switches to access the vlans do I need to make all the ports on the core members of the same trunk?
0
Keep up with what's happening at Experts Exchange!
LVL 11
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Hi, I have a weblogic server running with different port numbers for HTTP and HTTPS. In our workstation we setup HTTP pointing to same port in the ISSPROXY.INI file. We could access from the local IIS URL to connect to the weblogic server; but when try to connect to secured server from IIS gets 2 different errors in the event viewer Event ID 1000 and Event ID 1001. below are the errors captured

EVENT ID 1000:

Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96
Faulting module name: iisproxy.dll, version: 0.0.0.0, time stamp: 0x59966438
Exception code: 0xc0000005
Fault offset: 0x0000000000030410
Faulting process id: 0x2514
Faulting application start time: 0x01d35a3fff6328df
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: \\?\C:\xxxxxx\XXXXXXXXX\lib\iisproxy.dll
Report Id: 3dddc54c-c633-11e7-812e-005056886b10
Faulting package full name:
Faulting package-relative application ID:


EVENT ID: 1001
----------------------

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: w3wp.exe
P2: 8.5.9600.16384
P3: 5215df96
P4: iisproxy.dll
P5: 0.0.0.0
P6: 59966438
P7: c0000005
P8: 0000000000030410
P9:
P10:

Attached files:

These files may be available here:



Our iisproxy.ini has the below information:
--------------------------------------------------------------

ISSPROXY.INI

WebLogicHost=ssl-server-name
0
Hi all,

Is there any specific minimum cable length for a connection between a patch panel and a switch? The cable would be CAT6 and I wish to use is 1ft.

Thanks!
0
I have hsrp for gateway redundancy for my fw1. wan1 and wan2 router have hsrp configured with the virtual hsrp 1.1.1.1. Currently. as you can see from the diagram, if sw1 fails, I have to manually move the cables to sw2. How would I make sw2 the backup for sw1? Thx

pic
0
Hello all, this is my 1st questions in this forum.  hopefully, I am in the correct place.  if not, my apologies.

Hoping to get some guidance on dual WAN links configuration... here goes...

I presently have 1 x 100mb fibre from Rogers as our main WAN link.  actually, I also have 100mb BELL MPLS as well, soon to be decommissioned.  Also have 2 x 3750 cisco - stacked.

We recently got another 100mb link to be used as our backup link if the primary fails.

Rogers primary - EIGRP
Bell - OSPF
Rogers Backup - will be EIGRP

presently have VLAN 340 carved out for PRIMARY link.  will use VLAN 350 for BACKUP.

like to get some guidance how to configure the 2nd link to be a failover link in case the PRIMARY goes down.

I am no way a routing expert...
what would be an acceptable configuration that I can apply?  Nothing fancy, just wanted to make backup link available as quickly as possible when primary goes down.

this is what I presently have in my PRIMARY EIGRP:
router eigrp 1
 network 10.30.0.7 0.0.0.0
 network 192.168.30.1 0.0.0.0
 network 192.168.31.1 0.0.0.0
 network 192.168.32.1 0.0.0.0
 network 192.168.33.1 0.0.0.0
 network 192.168.36.1 0.0.0.0
 network 192.168.37.1 0.0.0.0
 network 192.168.130.1 0.0.0.0
 redistribute ospf 1 metric 1500 20000 255 1 1500
 redistribute static
 passive-interface default
 no passive-interface Vlan340

the OSPF lines will go away eventually.


is it best to use VLAN or L3 interface?  does it matter or is …
0
Hi Guys,

I'm looking after a site that has one or two bandwidth problems.  Topology is as follows:

It has a couple of Cisco 2950 switches and a Cisco 3560 switch which is configured to have a few VLANs.  Due to the geographical location of the site, internet lines are poor.  We have two gateways (30mb an 16mb) on this site and I have configured PBR to give a certain amount of load balance.   The gateways themselves are just the standard Netgear/D-Link type routing devices.

We are finding at certain times the bandwidth is much slower than we would expect and suspect one of the vlans is the culprit.  I'm going to setup SPAN on the port of the gateway the VLAN is using, then sniff and monitor the traffic.  I'm pretty sure what I'll find.  

So my question is.  What is the best way to limit the ingress and egress traffic from a particular VLAN from the 3560 switch.  I'm not bother about traffic type, just want to limit ALL inbound and outbound traffic to a specific rate.

I'm not sure if it's possible or feasible.  Have seen lots of stuff about rate-limit and policing etc, but nothing definitive.  I'm trying to avoid changing the topology too much by perhaps sticking in a Cisco router or swapping out the Gateway boxes for something that can handle more of the Enterprise type options.

What do you think?  I'm I flogging a dead horse, or do I need to change the topology.

Thanks for your help guys
0
does anyone have a configuration template for Nexus 7K multicast over MPLS?
0
All experts, I have remote site with multiple vlans connected by site to site VPN.  there ip address range start 10.0.8.0 / 255.255.252.0 and some of department has 10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0.   How do i combine these networks and route them by simple route statement use on vpn?  I currently set to all vlan networks mapped and working but I would like to have simple statement such as following

10.0.0.0 255.255.0.0 to  10.0.28.0, 10.0.29.0, 10.0.30.0 / 255.255.255.0 and 10.0.8.0 / 255.255.252.0

I hope it makes sense. I believe supernet was how it configured it. I open to your advise Thank you!
0
Devices:
Google Home,
Aruba IAP-305 (RW)
NordVPN


I am trying to set up a VPN for my Google Home so it will register as being in the US. I am currently in Ireland and have purchased a subscription to NordVPN.  From what I understand, a VPN cannot be put on the actual Google Home device.

I currently make a lot of calls to the US. Google Home offers free calls in the US but is not available here in Ireland. This is one of the main things I want to get from my Google Home.

If the net result of the VPN makes Google Home look like its in the US, I do not want the rest of my tech devices to think they are in that location, i.e all of my other tech devices have locations in Ireland.

Regards,
Robbie
0
i have developed small application in oracle 10g forms 6i .it's working rightly but i want to acess that application from another client pc which reside on different network how it can be done .
plz help me.
0
Efficient way to get backups off site to Azure
LVL 1
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Hi There,

I have a requirement to forward all inbound and outbound for SMTP 25 (TLS)  email to Symantec message lab. This question is mixture of architecture and applying the right solution on F5.The requirement is to setup a VIP on F5.  My understanding is that the Traffic will be forwarded to our location, through our edge firewall (and NAT'd - public IP to private) to a private F5 VIP IP (with backend Exchange mail edge servers in a pool).  Additionally, we need to have our egress mail traffic (that is sourced from the edge pool members) reverse-proxy back through the same VIP IP address (currently used for ingress traffic).

We have internal and external F5s. Would the above scenario be best done on the LTM that's facing external? Also, do I need any iRules on F5?  Do you need specific natting on the F5s or just leave it as default.

Regards
Sam
0
Hi

I have a watchguard T30. Need to configure one of the Eth ports as a vlan port. The  need to connect the Eth port to a Huawei Layer 2 switch.

How do I configure the switch to allow for vlans?

Thank
0
I have three dell n2024 switches with two in a stack which I want to uplink to the router (main stack).

The other switch is on the user floor to serve internet access. The user switch and main stack connect via fibre using 10g sfl module in port 1 of each switch.

Can anyone help me with what config is needed?
0
Looking for better ideas than I already am working with:

What are the industry's best methods practiced to integrate 2 or more companies into a single cohesive infrastructure?
0
Hi All,

We got Linksys LGS552p switch, and TZ400 Firewall.
behind a "AT&T Modem"  , but we have external IP for the TZ 400.

I need to setup VLANS, 90 for workstations, 20 or servers and 50 for voice.

am I missing any hardware to route between the VLANS?
where should I start with first?


thanks
Jason
0
I'm looking for some input regarding some recent spine/leaf design proposals I've come across. While a "traditional" S/L design would be to connect the enterprise campus core via L3 connections to the DC leaf nodes, what's been proposed are designs where all LAN distribution would also connect to the leaves, the S/L becoming a unified/collapsed DC and campus core.

Traditional
Traditional spine/leaf
Proposed
Proposed spine/leaf (collapsed LAN/DC core)
I'm looking to vet potential concerns around this design (if any). If a customer is also looking to handle Layer 2 extension/overlay across the S/L fabric to support VM mobility (a la VXLAN), does this present a problem? Or, would we simply define the ports that connect to compute resources as VTEPs and NOT the links leading to the LAN switching?

Again, looking to see if others are running across (or even deploying) these collapsed designs, where the before/after net effect is the removal of the existing campus core switching layer (and thus, savings in hardware expense).

Thanks again
1

Network Architecture

11K

Solutions

11K

Contributors

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.