Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
4
Replies

Best practice for large network LAN

kevin.dowling1
Level 1
Level 1

‎01-28-2020 09:55 AM

I've been put in charge of building the LAN for our monitoring and control system in the data center. Examples of devices being put into this network will include: PDUs in cabinets, Air handlers, JACEs, and UPS systems.

 

Here is my current thought process for the network:

Two 93108TC-EX switches as distro switches -> Catalyst 2960 access switches

 

There are two subnets, creating 1 vlan for each. 

 

This is my first project like this, and I would like some expert help in the matter. 

 

Is there better hardware to fit this use case? Is there any other configuration I can put in this network to help with performance? Am I completely off base thinking it will be this simple (if so, can you provide some reading to help me become more qualified for this project?) ? 

 

Labels:
0 Helpful
4 Replies 4

cmarva
Level 4
Level 4

‎01-28-2020 12:55 PM

in my experience, topology for devices like this is pretty simple, they usually have not been high bandwidth devices so what you suggest might be overkill depending on how large this will be.

 

the other thing with environmental devices, UPSs, PDUs, etc. is they are usually not very secure devices, so I'd suggest thinking about good segmentation and security (think the Target breach from a few years ago). If you keep things segmented in good fashion then implementing security, even if it is just acls, is much easier.

 

that's my $.02.

0 Helpful

kevin.dowling1
Level 1
Level 1
In response to cmarva

‎01-29-2020 11:17 AM

Your $0.02 cents means $100,000,000

 

Thanks for the reply. The reason for the new LAN is security based. This LAN will only be touched by edge servers. 

 

Is there a way to segment the Network further than the VLANs? Also, which switch would you consider for the distro switches?

 

0 Helpful

cmarva
Level 4
Level 4
In response to kevin.dowling1

‎01-30-2020 04:05 AM

well, that's a bit subjective, and you'd get many different answers especially from someone who has more of a security focus. But I guess the main thing is, how far down the rabbit hole do you want to go, and how full is the wallet?

 

I mean, you can use private vlans, you can use multiple vlans based on device type (IE- one vlan for power/UPS, one for HVAC, etc). If ASAs are in play, just routed mode, or L2 (transparent)? Single context or multi context?

 

There are many ways and many designs to get to where you want to go. I usually try to keep it as simple as possible while still meeting the security needs. You don't want to make things so complex that you can't manage it. So those are a few things to keep in mind.

0 Helpful

kevin.dowling1
Level 1
Level 1
In response to cmarva

‎02-04-2020 02:08 PM - edited ‎02-04-2020 02:14 PM

Budget isn't the biggest concern. I just need it to be under support and 1g interfaces

 

there will be no routing. Staying L2 on this one. Single context. 

 

The edge servers will have 2 ports one for this LAN and one for the outside network. The servers will be the only thing accessing the LAN. 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card