Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
5
Helpful
4
Replies

Simple Network Design Question

danmartinnorhrop
Level 1
Level 1

‎10-17-2016 07:51 AM - edited ‎03-08-2019 07:49 AM

Hello,

I am hoping someone with more experience and skills can help me with a design question.  We currently have Time Warner Business Class with 5 public IPs.  The manager wants to use a few of the IPs for different usages such as a WiFi guest network, normal corporate network, and a couple of others. We have to use a few of these public IPs because we have some devices that must be off our main ASA and I do not control these requirements.

Anyhow, the Time Warner modem only has one port so we use a very old 5 port switch to split up the network (public IPs) and this switch seems to often need to be reset.  I feel this switch is a serious weak spot because it is so old and I dont think it is the correct design solution.

My feeling is I have a few options.  We could buy a better 5 port switch with higher performance and keep the network design, or I can go back to Time Warner Cable and ask them for a 5 port modem even though they told us to just use a switch, or we do have a 2921 ISR router but I do not know if I can figure out a solution to make that device/design work.  I am just hoping someone has some good ideas.  As of now I am leaning toward the upgrade of the switch.

R

Joe

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎10-17-2016 11:42 AM

I am not sure that I have a correct understanding of your network and its design. It sounds like you are saying that you are using ASA as a firewall and that one network goes through the ASA (which hopefully is the corporate network) and that there are several other networks (wifi and others) which connect through switch ports to the ISP (and therefore seem to not use the ASA firewall). Is this correct? If not please clarify.

A design that is very frequently used has the ASA connect to the ISP and to have the other networks and hosts send their traffic through the ASA for firewall protection. The ASA can use the other Public IPs to do address translation for the other networks so they maintain separation from each other as they access the Internet.

But your post appears to say that there are requirements for some of your networks that prevent using the ASA for all of the networks. And in that case having the various networks connect using the switch is probably an adequate design. If the switch needs to be reset frequently then it probably does make good sense to replace the switch with a newer and more reliable switch.

HTH

Rick

HTH

Rick
0 Helpful

danmartinnorhrop
Level 1
Level 1
In response to Richard Burts

‎10-19-2016 08:32 AM

Hey Rick,

I think you said it correctly.  I do not have rights on the ASA and getting the configuration changed on the device is pretty difficult.  So yeah, we have a switch that sits between the ISP and various networks.

So it sounds like you are saying that switch is fine as far as design goes?  I was just thinking that if we had a multi port ISP modem we could eliminate the need for the extra device (switch).  But, I suppose if we simply got a more powerful switch it should be OK.

Thanks for your help,

Joe

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to danmartinnorhrop

‎10-19-2016 09:00 AM

Joe

From a design perspective having a switch to support connecting multiple devices on your side to the ISP device seems an appropriate solution.

Whether to continue using the existing switch, or replace it with a better switch, or try to get a multi port ISP modem are implementation details which you can work out. My personal preference would be to replace with a better switch but if you talk to the ISP and they are willing to provide a multi port modem that should be fine.

HTH

Rick

HTH

Rick

Rick Morris
Level 6
Level 6

‎10-19-2016 09:32 AM

Joe,

Rick Burts has shared good advice. I would concur with him that a switch is the best option for the multiple connections, but also to segment and control certain aspects of the network. If you need guest WiFi on a network that bypasses the ASA then this would be a good place to land the default gateway for that network. You need to look at a layer 3 switch if you are going to do any routing function, or make sure the TW modem/router has the ability to be run with the multiple vlans; however, it sounds like that is not an option based on the information above.

There are several mid-range switches that are fairly inexpensive and would even provide growth.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card