Re: Help with LAN Design

jgarcia44 · ‎05-15-2013

In the above layout, we have the ASA 5520 connected via fiber to a 3560, then hanging off the 3560 is a 2801 Router. From the router are 2 "outside" devices; a county PIX firewall and a State CLETS DOJ 2800 Router - both of which are NOT managed by us. We just send traffic to them. Prior to my arrival a "glu-net" scheme was put in place with the addition of the 192.168.50.X network. I would like to find a way to re-architect this network design to accomplish 2 goals.

1. If feasible, place the router before the switch. ASA 5520 > 2801 Router > 3560Switch

2. Remove, or consolidate this "glu-net" and try to utilize a single /24 IP range like 192.168.54.1-192.168.54.255

Is anyone willing to give me some advice on this inherited, overly-complex network design? I can provide all configs and will do my best to answer your questions immediately.

Thanks in advance!

Joey

jgarcia44 · ‎05-20-2013

Would anyone care to give me some ideas here? Just looking for advice/suggestions.

Thanks,

Joey

Alessio Andreoli · ‎05-21-2013

Hi Joey,
Would you post a diagram for us? It is not really clear which changes you would like to do and why and which the requirements are.

A general scheme would be FW-->RTR-->SW with all the routing policies decided on the router of course.

You should describe which services you need to implement and why you would not opt for a simple OSPF domain covering the entire LAN L3 switches up to the RTR WAN side...

Take care
Alessio

PS:adding networks is the very last of your issues!!!!!

Sent from Cisco Technical Support iPad App

jgarcia44 · ‎05-22-2013

Hi Alessio - here is the network diagram that shows how I'd like to have our network redesigned. As you can see, there are 4 interfaces coming off of my ASA 5520. One for City Hall, one for our DMZ, one for the Outside, and finally one for the Police department. My ASA "Police" interface is IP'd with 192.168.50.1 and that is connected to a 2960 with a normal CAT6 cable. Then from the Gigabit interface on the 2960 it goes to another building where it then connectst over fiber to a 3560. The 2801 then connects to the 3560 and in my opinion is not placed in the correct way, after the L3 Switch. So what we have is a FW > L3 Switch > L3 Router. I'd like to do exactly as you mentioned above, FW > Router > SW (the only exception being that the 2960 needs to stay put due to physical and equipment limitations. The 3560 has a corresponding interface configured with 192.168.50.2. Then there is another interface on the 3560 configured with 192.168.50.129 that is connected to the 2801 192.168.50.130. I think the layout is overly complex and I'd like to simplify it. There are static IP routes defined throughout, no true routing protocol is in use. The static routes are 192.168.54.0 and 192.168.53.0 and there are growth limitations as well because we have every device on a single /24 network.

Please tell me how you would architect this network. I have to take into consideration that we also support 2 additional routers (not managed by us) where we query both state and county level resources. Those are depicted by the 2 clouds at the bottom-right area of the picture.

Hopefully that was informative enough. Thank you!!

Joey

Dennis Mink · ‎06-13-2013

looks like you pretty much got it worked out.

the two clouds bottom/right, do these subnets need to be distributed through out the network or are they only accessible from the Police Station. in other words have you got routing worked out?

=============================
Please remember to rate useful posts, by clicking on the stars below.

=============================

Please remember to rate useful posts, by clicking on the stars below.