Hi,

I need  add Cisco 2960 and 3560 switch in GNS3 for practice, kindly suggest how it can be possible

If your data center is in the same data center as an AWS Availability Zone data center - would it be
possible to create a Direct Connect just by patching from your gear to theirs? That is - is there a
way you could avoid some of expense of a carrier getting packets to/from AWS by virtue of being
physically located in one of their data centers?

Hi, there's an Edgemark router connected to a Cisco small business switch.  I'm curious what's the benefit of connecting the to the G1 interface over the standard 1 - 24 switch ports.  Also, is there any down (network degrade?) side to hanging additional network devices off the typical 3 or 4 LAN ports on the router when it's a flat network?

If you use a VIF - I understand you can attract all your S3 traffic over the Direct Connect circuit instead of going to the public internet. Is the full set of addresses to be used for S3 published anywhere so that we could create the right set of BGP filters to make sure that only the desired S3 traffic gets attracted to the Direct Connected instead of just going to the Internet?

Currently the path from our internal hosts to S3 storage is via the Internet to Amazon public IP. The goal is to get that traffic to go over our Direct connect circuits. I believe the method is using VIF and then those addresses get advertised via BGP over the DX. I want to filter those routes so unintended traffic doesn't go over the direct connects.

From a best practice standpoint which is better, ASA on the edge or a router on the edge of your network?


off of the top of my head ASA on the seem like a better design, however, I have seen some networks in the passed with Router(Edge) then ASA.

Hello Experts-
We have subscribed to MPLS IPVPN via Service Provide to connect our branch offices with HQ.
We have been given /30 subnet at HQ and each offices and running BGP between CE Router and ISP. We suppose to send the routes to ISP and then take will foreward via MPLS Cloud.

We want to install firewall at the HQ between MPLS Router and L3 Switch.

I am just concerned what routing protocol I should between MPLS Router and L3 Switch at HQ so that all HQ hosts can reach to branch offices.. Shall I used IGP or Static Routes ?
How to inject the routes from MPLS routes to firewall ? Is it advisable to run a routing protocol between them
How I can achieve redudancy if a router or firewall fails in HQ Office.

I am attaching a basic design.
Any suggestions and comments are welcome.

I have 2 5Ks running with VPC. They have been running fine for quite some time until today. One of the the 5Ks is not responding. I could not console in and the other 5K does not see it as a peer. I am planning to power it off and on. Will it get all the config and join the VPC when it gets back online? Thanks

What would a good "Gap Analysis" look like? I had a recruiter call and they needed someone with a bunch of networking experience.
But the 10 month long gig was to travel to their various offices and data centers around the world and do a "gap analysis". It sounds
intriguing enough. I just wondered if anyone had an example document or general thoughts as to what the output of such a
project/assignment would look like in the end. ??

Trying to connect Netgear WNDA3400 to act as a wireless access point behind a SonicWALL SOHO. I read post from other users about same issue. I tried but no success. Can anyone help me figure this out?

I need help in configuring HA/load balance from Site A to Site B. Site A is the PRODUCTION and Site B is the BACKUP SITE. We have lease two Private line with two different providers running different speed. I need to configure Load Balance from Site A to Site B and vice-versa if possible, but i am more concert Site A to Site B.
We have Cisco 3850 on Site A, and two interfaces  connected to each ISP. Site B, we have Cisco 3750, and two interfaces connected to each ISP as illustrated.
ISP #1 is live with IP 10.10.10/32 passing all traffic between two site as of now. Type of traffic is IP, UDP, TCP, HTTPS, and FTP.
I need help configuring ISP#2 . I need to use both private line at the same time for load balancing using these two switches, and automatically fail-over if one line is down.  
I heard of Ether-channel, IP Based Policy, and Network load balancing. I need help with commands and scenario in the illustration below.  I greatly appreciate with the right directions.
Thanks a lot.

Qnap NAS TS-1635 connection to server

i just bought a QNAP, i would like to connect it to my server is it better to

1 - add the NAS as a network store and add that way
2 - buy SFP connector and use fiber to connect it to my server with a Fiber card

I have SonicWALL Firewall/Router and 5 public IP address. I am going to have 1G Fios connection soon; however, the my soniwall won't give the 1G connection speed due to the DPI.
I would like to create second network that outside of firewall and wondering if I can split by public IP address with separate router.  Do you have any solution for this?

We have 30+ small office branches that connects to our Data Centre via WAN routers
& these WAN routers connect to a core switch in DC.  

Each branch has 2 flat Class C subnets : one for wired LAN & one to our corporate
Wifi LAN.   We don't expect more than 100 PCs/devices in each branch.  All devices
& PCs at each branch are connected to L2 switches (including the branch WAN router).

There are PCs & devices (Cashiers, cameras, small robots/automation, scanners and mini
databases) in the branches that run applications that do not need to communicate to
servers in the DC other than to AV EPO, SCCM patching, central encryption management
servers, HIPS (endpoint IPS) console & the likes  but backups are taken by NAS located at
branches.

However, there are some semi critical mini servers & databases which we deem ought to
be segregated from the rest of the organization to prevent DoS  though PCs for emails
& Internet access will need to go back to the DC.

Q1:
What are among the best practices for such branches network traffic?
Hub & spoke design?   Layered security?  Micro-segmentation within each branch?

Q2:
Do we treat each branch's network to be of lower, equal or higher trust levels than
DMZ, applications servers zone or backend servers zones (typical network trust
zones)?

Q3:
For traffic filtering / microsegmentation, is it best practice to configure
a) ACLs at each branches' WAN routers (as switches at branches are Layer 2 &
    at most …