Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
2
Replies

Need help on network design

Kevin Cummins
Level 1
Level 1

‎02-18-2015 04:58 AM - edited ‎03-07-2019 10:43 PM

Hi guys.

Looking for some advice on a network design.

Please tell me what you think may or may not be wrong or missing.

 

Here are the details:

The user count is approximately 600 (desktops, laptops and Cisco IP phones) with two locations (office and data center) connected via 100Mbps guaranteed MAN line with site-to-site VPN as backup.
Servers will all be in the Data Center.

Edge routers to be used as site-to-site VPN connection point between office and data center.
Edge router at data center also to be used to connect to 4 other remote sites.
Edge networks (router and ASA) will be used to provide internet access to equipment at their respective locations. (No routing across MAN for internet access)

Cisco 4510 to be used as user switches.
Supervisor engines will be connected via 10G fiber to core switches.
There will be 2x 10G connection for each supervisor module.

Core switches are 4500x to be stacked via VSS using 10G Twinax cables.
Core switch will also have 1G copper sfp to connect to MAN line hand-off.

There will also be a physically (for the most part) segregated network using 3750x 
switches that connect back to the core. We will use 1G Fiber connections.


Here is the current kit list:

Office Network Edge
1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)

Office Network Core
2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
2x 1GB Fiber SFP module per 4500X switch to connect to 3750x  (GLC-SX-MMD)
2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
8x 10GB Fiber SFP+ module to connect to 4510 Sup Engines (SFP-10G-SR))
1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
1x 1GB Copper SFP to connect to ASA firewal (GLC-T)

Distribution
4x Catalyst 4510R+E Switches (WS-C4510R+E) w/ IP Base License
2x Supervisor 8-E per 4510 switch (WS-X45-SUP8-E)
8x 48-port PoE module per 4510 switch (WS-X4748-UPOE+E)
4x 10G Fiber SFP+ module per 4510 switch (SFP-10G-SR)
1x 2GB SD Memory card per Supervisor Engine (SD-X45-2GB-E)

Office Network Segregated
4x 3750X 48-port PoE Switches (WS-C3750X-48P-L) LAN Base License
1x 1G Fiber SFP module per 3750x switch (GLC-SX-MMD)
1x Slot module per 3750x to connect 1GB SFP modules (C3KX-NM-1G)


Data Center Edge
1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)

Data Center Core
2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
3x 10GB Fiber SFP+ modules per 4500X switch to connect to 3850 switches (SFP-10G-SR)
1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
1x 1GB Copper SFP to connect to ASA firewall (GLC-T)
1x 1GB Copper SFP to connect to segregated ASA (GLC-T)


Data Center Distribution
6x 3850 24-port PoE Switches (WS-C3850-24T-S) IP Base License
1x Slot module per 3850 switch to connect 10GB SFP+ modules (C3850-NM-2-10G)
1x 10G Fiber SFP+ module per 3850 switch (SFP-10G-SR)


Data Center Segregated
1x Cisco 2951 Router to connect to internet and vpn tunnel endpoint (CISCO2951/K9)
1x ASA 5512-X (ASA5515-K9)

 

Attached diagram is just a draft.

Labels:
Preview file
2515 KB
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-18-2015 05:55 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

A 39xx is underpowered if you want to support gig VPN tunnel.

If your MAN is 100 Mbps (possibly "light" for 600 users), I would suggest running your port at 100 Mbps, not gig.  (This because LAN switches don't shape, and may not be able to "see" congestion or drops within the MAN.)

You user edge (the 4500s) will be L2 or L3.  If the latter, I would recommend not using a VSS core.

I would recommend not using the same Internet connection for both general Internet access and VPN.

0 Helpful

Kevin Cummins
Level 1
Level 1
In response to Joseph W. Doherty

‎02-18-2015 06:50 AM

Hi.

Thanks for your reply.

We are not looking to get the full 1Gig across the VPN. Just the internet connections that VPNs will be using are 1Gbps best effort lines. 

The VPN between the office and data center will only serve as a backup route if the L2 MAN link goes down.

(However, the router in the data center will connect to other remote sites.)

So I assume we would need L3 routing on the 4500x core?

Also, was only planning to use VSS on the core to stack the 4500x using the TwinAX cables since there are no stack modules for it. Not across the rest of the network.

Let me know what you think.

0 Helpful
Customers Also Viewed These Support Documents