03-06-2006 07:27 AM - edited 03-03-2019 02:08 AM
I am in the process of bringing in a dedicated T-1 and a dedicated internet connection into our facility. We have an existing network set up. I need to get the "best solution" for bringing in the dedicated T-1 and being able to set it up via a VLAN to keep it separate from my existing network, but share the fiber that interconnects the two facilities. Also, I am looking at the Cisco 2950 for bringing in the T-1 and VLAN. I have a Visio drawing of the proposed solution and would like a network expert to critique the proposal. Any help is appreciated.
03-06-2006 07:33 AM
IMHO in addition to using the vlan concept to separate traffic, you might want to seriously consider running the t1 through a rule based firewall for traffic coming in both (in / out) directions. Depending on the confidentiality of your data, it might even warrant the purchase of an IDS / IPS solution. A software firewall is a MUST in any case though!
HTH
Arvind
03-06-2006 08:51 AM
Arvind,
Thanks for your feedback. We are planning on using Fortigate firewalls in conjunction with windows XP firewall at the user's station.
03-06-2006 09:01 AM
If you would attach the visio drawing to your question, we would be able to come with some suggestions.
From your text I read "a dedicated T-1 and a dedicated internet connection"... do you mean two connections, or is it the same one?
How will your T-1 connection be terminated? If this is the internet-connection, will your ISP provide the access router or do you have to supply it? If not, how will it terminate, and what is and how will the internet-connection terminate?
Will you be using firewalls in your network? What kind of interfaces (and how many) does the firewall (if any) provide?
I'm sure it would be a lot easier for us to make suggestions with some more information (as a diagram would probably give).
Did it help? If so, please rate it.
03-06-2006 09:44 AM
03-08-2006 05:33 AM
Hi again,
First: The 2950 can ONLY terminate ethernet-connections. If you have a T-1, it must be terminated in a router with a T-1 interface (as the 1721 with WIC-1T would have). So, no you can't eliminate the 1721...
I find the drawing to be somewhat missing in detail as to how the SECOM T-1 circuit is terminated. Is it another router in place which is then connected to the 2950? Where is the internet-connection? What is this "Network" you are referring to? Your drawing has two T-1's, you are referring to a "T-1" and a "Network"..
Your design should be separated on L2 and L3. With a L3-design, you'll get a functional overview, and can also plot in dataflows to illustrate chokepoints and implications of unit failures.
With the L2-design (and L1) you'll get a wiring-scheme and you can also plot L2-redundancy, STP-settings and VLAN-distributions to assist in troubleshooting and future design-decisions (upgrades, downtime etc.).
Hope some constructive criticism doesn't hurt..
Did it help? If so, please rate it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide