[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Share tech news, updates, or what's on your mind.

Sign up to Post


Any idea how to improve the network design to ensure the network performance , link redundancy (RSTP) and compatibility on layer 2 to layer 3 are working fine on  video management system?


CompTIA Network+
LVL 12
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Hi, need help on network devices. See attached drawn diagram for yr kind advice.

Having Cisco Core Layer 3 switch 5000 Series onward

Having Dahua Access PFS4228-24P-370 24-Port PoE Switch => https://www.dahuasecurity.com/products/productDetail/7041

Not sure whether is compatible to configure RSTP / STP with Trunk Port on Cisco Core Layer 3 to talk to Dahua POE managed switch


MAN Network setup.

I am tasked with setting up a MAN network.  We currently have 5 offices; 3 on East Coast and 2 on the WC.  

We are getting Comcast ENS 500mg circuits at these locations.  The plan is to have the 3 East coast offices come back to the HQ office in NY and the 2 West Coast offices to go to the office in Seattle with Seattle being the failover option if HQ goes down somehow.

We currently have a range of ASA5506/5525/5545 at the office locations that handoff to the switches.  It is a pretty flat network with the users on a /24 subnet and any VLANs at HQ are done on the 5545 handed down.  Would ASAs be best for a MAN network, will they do the job or is a router needed.

Currently I have these office's on a IPSEC VPN tunnel back to HQ.  Passing just their /24 subnet to HQ and we send out the required subnet(s) back to them for needed access.

Remote office - ASA5506/ASA5525 (depending on office) ISP connected to them then inside interface to L2 switch.

HQ - Layer 3 switch handoff to ASA -- multiple stack switches behind it.HQ DiagramProposed_Topology.vsdx
I have a wireless guest network and I'd like to test to make sure that it cannot get into my internal network. Excluding ping sweep utility, what other tools can I use to do some sort of penetration testing? Thanks
We’re building out a design for a new building, which will consist of approximately 400 endpoints across two data closets. All storage and compute resources will be local in one of these closets, and will consist of VMware (likely on Cisco UCS), some form of storage, and also a backup appliance (likely Veeam). What’s relevant is that we’ll need to support (10) 10-Gbps connections for these three components.
We’re positioning Cisco Catalyst 9K chassis for the network connectivity. My question is whether we’d patch all of the above compute/storage/backup resources directly into the local Cat 9K (line rate 10-G modules or via the built-in 10-G ports on the supervisors), or if it’d be recommended to place another layer of dedicated 10-G switches below the Cat 9K just to handle these resources.

So, option A) below (separate layer) vs. option B) (unified to a common core/chassis)

Option A Option B
The question stems from another recent situation where we found unexpected (and crippling) issues, possibly based on oversubscription, buffering or both, when compute/storage resources were patched directly into Catalyst switching. Option B) above would be to position a couple dedicated Nexus 3K’s (or something similar), which would provide larger buffer memory. This would be a significant cost increase, so I’m obviously hoping I’m overthinking this and the single Catalyst 9K chassis can serve the unified campus (users) and compute (servers/storage) …
Dear Experts ,

We  are  beside upgrading  our Data Center infrastructure ,,

Presently   we  have  the  Network Topology  shown in  the PIC  below ..


We are planning to replace the Nexus 5000 k with   Cisco Nexus 93180YC-EX


and  we  want  to transfer and migrate  all  Firewalls and  routers   to The new pair of

the Nexus 93180  ,,  we  want to  dedicate The Nexus 7010  for only  Routing at the Highest possible  speed

the new Nexus 93180YC-EX  pair  will  be  connected  to  all   Cisco catalyst remote branches switches ..

we have two  questions :-

First :-  is it  possible  to  use the 93180YC-EX  in the aggregation Layer , Not in collapsed Aggregation  Access layer   ,,  we want to separate aggregation and access layer and we  want  to  implement cisco 3 layers design model –
Where a pair of Nexus 7010 reside in the core and  pair of  Nexus 93180yc-EX reside in aggregation then Cisco catalyst switched  reside on access layer .

 If   the  mentioned case is  applicable  then please provide us with  sample cases and designs

Second :-

Regarding the upgrade plan
Is it  possible  to  transfer all firewall  -  security  policies and inter-vlan routing  to  the pair of  93180YC-EX   instead of the N7K ?
Enclosing a diagram of the network I am configuring.

Workstations can communicate between VLANs when the gateway on the workstation is set to or respectively. However, workstations cannot see the internet. If I configure workstations with gateway of or, then they can see the internet but there is no inter-VLAN communication. I want to achieve both scenarios - inter-VLAN and internet. However, VLAN must go out through its respective firewall and not just seek any path to the internet.

Does anyone have any idea on how I can get this working as mentioned above? I need to get this done urgently and this is my first Juniper configuration (used to Cisco)

We have two Cisco ASA 5505 units in an active/standby configuration. Our network is primarily made up of servers that are serving web sites and other products and services, as well as remote access, rather than desktops and other end user PC's.

We have a couple of blocks of routable public IP addresses from our Internet provider that we use for assignment to various servers within the network. The ASA has a relatively complex set of ACL and NAT/PAT rules to support all of this and get traffic to its proper destination.

Our ASA is logging the following messages thousands and thousands of times per day:

<162>Sep 29 2018 16:58:02: %ASA-2-106016: Deny IP spoof from (x.x.x.x) to y.y.y.y on interface outside

The first IP address listed (x.x.x.x) is the public IP address of the outside interface of the ASA unit itself. The second IP address (y.y.y.y) is another public IP address that is in the block of addresses assigned to us by our ISP and that we are using for one server or another. The second IP address varies among our different public IP addresses each time the message is logged; the first address is always the public address of our ASA unit.

Why would we be logging thousands of messages such as this showing our own ASA's IP address as the source? Does this indicate actual traffic that is attempting to spoof IP addresses and cause problems, or is this more indicative of a misconfiguration somewhere on our network?

Any assistance would be most …
I need to do an Enterprise Architecture maturity assessment using TOGAF framework. Can anyone who has done something similar give me guidance on best way to approach this.
Over all approach
Red flag points
Action points

Thank you for your help.

I have 1 aruba 2930F 48G 4SFP+, 2 24G POE+ 4SFP+ switches. How should I stack them?
Learn SQL Server Core 2016
LVL 12
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

I'm attempting to connect some switches in my IDF locations to my MDF switch via SFP.

The fiber connecting each IDF to the MDF is multimode, OM3. It connects to a LANscape housing in each location. From the housing, I'm trying to connect a fiber patch cable to the SPF module on the switch.

I managed to get ONE switch working in ONE IDF by using an aqua OM3 patch cable connected to a Ubiquiti module. The only way I could get that connection to work was with a multimode fiber converter in the MDF connected to a port on the switch. SPF would not work. I've tried various SFP modules, including an SPF+ 10G multimode, a Trendnet 1.25G multimode, a generic 1.25G multimode module, and even a couple single mode SFPs, just in case. I've tried aqua OM3 patch cables, orange OM1 patch cables, various LC to SC adapters, and some yellow single mode patch cables, again, just in case. I've tried just about every single combination of the above in some fashion.

On a second switch in a second IDF, even with a fiber converter in the MDF, I can't get a link. If I remove the converter from the first connection in the first IDF, I can't get a link with any combination of the above.

I am about to go insane with this problem. This should be straightforward and easy, but it's driving me nuts.

The contractor installing the actual fiber backbone has told me it's multimode fiber, OM3, 50 microns. I suppose that might be incorrect information, but I have had no issues or inconsistencies …
A ubiquiti Fiber switch connected to a Meraki MS 42 is showing VLAN mismatch errors.  

from the Ubuquit, two fiber ports are aggregated to two 10G fiber ports on the meraki.  Meraki says there is a VLAN mismatch.  I cant see the discrepency.  Any thoughts?  Have rebooted Unifi Controller, fiber switch, meraki etc.

We have purchase the new Aruba 2530F and our HQ instruct us to create the SVI’s in the switch and perform the intervlan on this switch. I have some doubt regrading this configuration and hope that expert can advise me.
1.      For all the printer we should use which vlans
2.      From the switch I can see that have option for us to check primary and management in vlan interface, let said in this information provide by HQ should I enable “management” in  VLANS 4
3.      What is native VLANS
4.      We try to enable the management in VLANS 4 ,we lost access or web console but we still have connectivity ?
5.     we should connect all the configure all the management port in VLANS 4 ?

help with setting up VLAN on a few switches for phone and data equipment.

i have a series of managed switches that are uplinked together.  I would like to set up a VLAN 100 for a dedicated router that is on port 48 of one switch. This router will listen to requests from phones that are plugged into any other random ports on the switch.  This switch is a ubiquiti unit that allows me to set port 48 to listen to vlan 100 traffic only.

The phones are set to 802.1Q with a vlan of 100.  there are other computers and servers on the switch that are on a 192.168.0.x subnet.  The server is handing out DHCP as well as the router on port 48.  The idea is to isolate the traffic for the phones to ONLY communicate with the DHCP server on port 48.  

Right now, this setting is working. However my question to you, is since the phones are all plugged into random ports 1-47 and set to vlan100  and these ports are set to listen to both default lan traffic as well as vlan100...am i simply congesting the switch with added default and vlan traffic vs setting the actual ports that the phones are plugged into to ONLY vlan 100?

Also, if i plug in another switch,, do i need to set the uplink from one switch to another switch with a vlan100 for them to comminicate or will they pass the phones traffic that is tagged 802.1Q VLAN 100 traffic to the other where the port 48 will ultimately listen and grab it? Thank you!

I have a Cisco network running 10/100/1000Mbps. Should I planning on upgrading it to 10Gbps, 40 Gbps, or 100Gbps? What would be involved? New switches, cabling? I would appreciate input from anyone who's also doing the same or planning on doing the same. I would like to know what devices, cables etc you are thinking of, your plan of attack and approximate costs.

Thank you so much in advance.
How to combine two subnets?
AM  Volunteer IT for church.  Have one wired network, one server (W12 running DHCP) on 192.168.0 subnet mask with printer/copiers wired workstations connected thru POE switches to Zxyel Firewall/switch to Comcast.  File sharing and SQL databases on server.  Zyxel also splits off to VIOP phone system. Originally had some Dlink routers acting as Access points for wireless (worked, but campus not fully covered).

Independently, another volunteer got approval to purchase campus wide wireless.  Third party installed Ruckus wireless POE units (10, one a controller) on subnet 10.59.0 subnet mask running separate DHCP for wireless side (one workstation is also connected to this subnet).  All Dlink routers were removed. Supposedly inherent to the Ruckus system is health checking and repair/restoration of the Ruckus access points without human intervention.  I have no manuals or training on the Ruckus wireless system.

Needless to say, workstations (wired or wireless) on one subnet cannot see across the subnets. i.e. file explorer does not show machines on other subnet and visa versa.  Found that if I enabled WINS on the 10.59.0 systems, I could then address the server by manually entering servername i.e. \\servername\sharename.  Believe there are issues of getting to SQL databased from a wireless workstation as this week had to connect a wireless laptop via ethernet to setup an application using a SQL database.  There was a…
How can you prevent a malicious actor from repeatedly locking your AD account simply by entering a wrong password three times on the company VPN webpage?
We have total 7 scope configured in DHCP out of which 3 is showing blue exclamatory mark, when I click on display statistics for these 3 scopes all value is showing zero only. Event logs showing error messages like "DHCP client request from C42F909FAB66 was dropped since the applicable IP address ranges in scope/superscope VLAN40 are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses." for all these 3 scopes only. However all these scopes are not more that 50% occupied.

DHCP lease is 10 hours for all scopes except scope for mobile user.

In DHCP properties DNS Tab
""Dynamically update DNS record only if requested by the DHCP clients"" is checked.
""Discard A and PTR records when lease is deleted"" is also checked.

Assign IP addresses dynamically to clients of: is DHCP

In DNS Scavenge stale resource records are set as No-refresh interval 3 days and Refresh interval 4 days for all the zones and scavenging Period is 1 Day.

I performed the reconciliation and restarted the DHCP services in both DC and is ADC. Also I checked by restarting our ADC as it was also showing the same thing but it also doesn't work however I have not cheeked  by restarting our DC yet.

Please suggest if anyone having the solution for this.
Can you recommend an ISP for our small remote Sales office at New York City? We need 10-20M bandwidth with a backup line. The ideal ISP can provide a separate backup line -- meaning once the main line is failed the WAN connection would switch straight over to this backup line. And the backup line is included in the cost of main line.
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

How to restore back the delete shared Mallbox by powershell.

I would like to know if it is possible to effectively use voip with private vlan edges, and how.

I have private vlan edges configured, essentially with the switchport protected, switchport block unicast and switchport block multicast, on all my user's workstation ports on the distribution switches. This is to prevent lateral movement in case of compromise. I would like to configure the ports for VoIP in the usual chained jack-to-phone-to-computer format. These catalyst switches are connected to the core catalyst switch via fiber.

I understand that all traffic on a switchport protected interface will be sent to the uplink and that this includes all voice and data traffic from that particular interface. But, I would prefer not to have to disable protected ports to allow phone to phone voice traffic.

Please help.
I'm working with a customer who has a camera system and it's configured for remote viewing. Unfortunately, this is causing the customer (a retail store) to fail their PCI compliance scan due to open ports.

My suggestion was to purchase a second static IP from their WAN vendor (Verizon FiOS) and use 2 routers: one for their POS system (an existing SonicWall) and a new router for their WiFi and camera access. So the system would look like this:

Verizon FiOS ONT Box
HP 1810-8g Switch
SonicWall Netgear

The problem is that when I connect the SonicWall through the HP switch, the WAN port won't connect. When I set a laptop to the same static IP and plug in it to the same switch port on the HP, it connects fine and is able to pass data. As soon as I connect the SonicWall directly to the FiOS ONT, it works fine.

Here are a few more specifics:

SonicWall MTU: 1492
HP MTU: Default (1500?)
HP Switch: No VLANs set; LLDP disabled; jumbo frames off; port mirroring off; flow control off; green features off; loop protection off; advanced security off; no trunks configured; management port set to Port 8 on an unused subnet

Any help would be great. Thanks.

Can you please advise why IP of server is changing like

Pinging with 32 bytes of data:
Reply from Destination host unreachable.
Reply from Destination host unreachable.

Open in new window

Multiple sites need to share data with file locking.  (this rules out DFS)
We currently use Globalscape WAFS, but the product is EOL.

I am looking for a solution to mirror my data in near real time (depends on speed of wan links) and maintain file locks remotely.
Ideally, the solution would NOT use SMB for data transfers as the chatty protocol doesn't do well on our 30ms latency wan links.
We currently have two Nexus 93180YC-EX and two Nexus N2K-C2248TP-E-1GE in our environment. From all the articles that I've read so far, the Nexus 9K will only support topology 1, but doesn't support topology 2 (see attachments), is that correct? Any input will be greatly appreciated.

Network Architecture





Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.