Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
3
Replies

Help on Network Design

james.brockman
Level 1
Level 1

‎03-25-2003 09:05 AM - edited ‎03-02-2019 06:08 AM

We are going to have a second T-1 installed using 2-2620 routers and 3 3550 switches and want to use both T-1's for 3 meg bandwidth. We would also like for 2 of the routers and 2 of the switches to back each other up. We have a checkpoint firewall that we plan to replace with 2 Pix and add an IDS and CSS later. Any help on what would be the best design?

Labels:
0 Helpful
3 Replies 3

konigl
Level 7
Level 7

‎03-26-2003 04:16 AM

Could you describe your situation a little more? Need more information to better understand your layout, in order to make an intelligent recommendation or two. For example:

Number of locations? (one site or two?)

Intended purpose of the 2xT1 link? (Internet connection between one office and an ISP, or dedicated point-to-point between two offices?)

How many and what kind(s) of 3550's? And how are they interconnected?)

Looking to do the two PIX's in a redundant configuration at one site? Or one for each of two sites, and a VPN linking them?

Things like that.

0 Helpful

james.brockman
Level 1
Level 1
In response to konigl

‎03-26-2003 05:52 AM

Thanks for you reply. I currently have a CCNA but I'm a little short on design and switches. I'm much more at home with routers.Currently we are at one location. The idea here is to make our intranet connection and servers redundant. This may mean we move half of our equipment to a building 500 feet away (fiber) or possably across town (T-3). With this in mind we would like to have full use (inbound and outbound) to the 3 meg pipe to our ISP. All 3 Switches are WS-C3550-24 one SMI the other two are EMI and are currently on order along with the second T-1. The two 2620 are in place one with a full T-1 the other is a backup T-1 for the first that will become a second T-1 in one week. We would like to put the two 3550 EMI's (For HSRP)behind each router one each and trunk to both routers in a vlan. Behind the switches is currently a checkpoint firewall soon to become two PIX redundant. Then the third switch (3550 SMI) I could send Viso dwg if that would help. With this said here are my first round of questions

1 Are we correct that we need EMI on switches SW1 and SW2 for HSRP and only SMI on SW3?

2 We are going to combine our T-1’s using the 3550 switches. Can these do load balancing and HSRP at the same time?

3 In the future we plan on getting 2 Cisco Pix 525’s , 2 CCS’s and an IDS. Is there anything we should do setup wise to the switches to help this?

4 Should the DMZ’s be put on SW3 and have V-Lans or should they go directly to the firewall?

5 How would you setup SW1 and SW2 to do load balancing for the routers?

6 Can 2 trunks 1 on SW1 and 1 on SW2 each going to a different routers load balance for the internal network?

Again thanks for replying.

0 Helpful

matthew.donahue
Level 1
Level 1
In response to james.brockman

‎03-26-2003 06:31 AM

I hope this helps you out some. Also, if you would like to send me a visio, I would be more than happy to take a look at it.

1 - You can run HSRP between the two routers and not need two switches. 2 switches would make for a more redundant connection, but all you need is 1 SMI switch connected to the 2 routers and configure them for HSRP.

2 - Do you truely want to load balance or do you want one T1 to be for backup purposes? Are the 2 T1's from the same ISP and autonomous system? If they are then you can just use static routes to do load balancing and have the ISP setup static routes to you. If not, BGP will need to be involved. Yes, the routers can do load balancing and HSRP at the same time.

4 - My personal preference is to always put the DMZ off a separate port on the Firewall.

5 - HSRP does not load balance, so you would have a couple of choices to make if you truely want to load balance from Internal network to routers. You could do load sharing instead of load balancing and setup multiple HSRP groups on the routers for each different VLAN you have and use a different priority on the routers for each group. This would cause the different VLANs to each use the specified router as the primary. Another choice would involve a 3rd router but would only require 1 switch. If this option is of interest than let me lnow and i can go into more detail.

I hope some of this helps. Also, like I said before, feel free to send me the visio and I will look at it and send me any questions you have.

Matthew Donahue, CCNP CCDP

mdonahue@jjwild.com

0 Helpful
Customers Also Viewed These Support Documents