Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
918
Views
0
Helpful
4
Replies

Routing & Network Design Help

bobIT
Level 1
Level 1

‎11-22-2018 04:54 PM - edited ‎03-05-2019 11:04 AM

Hey guys,

Based off the following design I have to:

ccna help.png

  • Isolate the Student Staff to one VLAN and the administration network to another VLAN at each site. (Site on the left is Melbourne, in the middle is Sydney and on the right is Brisbane)
  • The administration network at each location should be able to have access to the administration network at each of the other sites but no access to the student teacher VLAN's.

Im just so stuck on this part I dont know where to begin for my Access Lists and routing. I'm thinking of using EIGRP as my routing protocol because its so easy to confiugre.

 

Thanks for any help guys, it is much appreciated!

0 Helpful
4 Replies 4

Dennis Mink
VIP Alumni
VIP Alumni

‎11-22-2018 08:38 PM

depends on the task, 

 

EIGRP will work, so will OSPF,  I just never really consider EIGRP and use OSPF.

 

set up OSPF neighbourshipsbetween Melbourne and sydney and brisbane and sydney and propagate routes that way. once done and you can ping between all vlans, close it down with ACLs.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎11-22-2018 08:42 PM

depends on the task, 

 

EIGRP will work, so will OSPF,  I just never really consider EIGRP and use OSPF.

 

set up OSPF neighbourshipsbetween Melbourne and sydney and brisbane and sydney and propagate routes that way. once done and you can ping between all vlans, close it down with ACLs.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

fbabashahi
Spotlight

‎11-23-2018 04:06 AM

Hi , in design the need , scablity , hardwares are parts of matter , as i know ospf is more flexible and it works with other hardwares , and for administration access use different vlan instead of access list ,it is more secure and easier . in that case admin just can access to those addresses
Good luck
0 Helpful

e.ciollaro
Level 4
Level 4

‎11-25-2018 09:12 AM - edited ‎11-25-2018 10:09 AM

Well,

if this is a real scenario and you are not skilled is OSPF, I suggest to use EIGRP, OSPF is much more complex, could be harder to troubleshoot  and requires more design (defining areas and their types, assign DR and BD roles,...).

Regarding ACLs, I suggest to configure them specifying which source subnets could access another subnet and deny everting else, not denying specific subnets and permitting  everything else. This last way works as well but in a production environmental could be dangerous; for example if, in future, you will change or add a subnet to Admin environmental and forgot to update the ACL, host in this subnet  could access Student vlan's.     

Personally I don't like ACL for security, another way to segregate the two environments could VRF Lite but it requires a deeper study of the scenario particularly about the WAN technology.

 

Finally, if this scenario is for studying,  I suggest to try both OSFP and EIGRP ;-)

 

Bee

enrico.

 

PS: please rate if useful

0 Helpful
Top