Network Design Implementation
Hi,
I am trying to design a master-slave system with the following attributes:
1. Linux Master box having all the Java code.
2. At least two Windows XP Professional Slave boxes (no Java code on any of these)
Front end screens on Master would contain a text fields for IP Address and Java program to be executed. On a click of button, the slaves (who's IP Address was entered in the Master screen text field) would get the request to execute the given Java program, a given number of times. Once executed, each slave would turn the results in to the master via a file. After all the slaves have turned in their results, Master would consolidate the results, work another program on the results and re-delegate tasks to the slaves. The steps would stop iterating only when an exit criteria specified by the program has been met.
If we were to restrict all code to only the master box, what could be the lucidly possible ways to achieve this design?
Thanks!
I have campus sites that have there own fiber or sites that have a GigaMAN connection in which I run AP's in local mode. The design question you need to answer is, can your link support the number of access points and client connection if the AP's are in local mode. Like the others mentioned, FlexConnect doesn't have the same features as AP's in local mode, but if your not going to require those futures, FlexConnect might be a better choice. How does traffic flow... if you have resources in each building, then local mode might not be what you want, since traffic is tunneled back to the WLc and then routed back to the site. Understanding the traffic flow and your links, will help decide on what your design should be.
Similar Messages
-
Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about hierarchical network design.
Recommending a network topology is required for meeting a customer's corporate network design needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
A typical hierarchical topology is
A core layer of high-end routers and switches that are optimized for availability and performance.
A distribution layer of routers and switches that implement policies.
An access layer that connects users via lower-end switches and wireless access points.
Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions. Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
Remember to use the rating system to let Ahmad know if he has given you an adequate response.
Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.Dear Leo,
We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.
Two-Layer Hierarchy
In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
Three-Layer Hierarchy
A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
Aggregation—A three-layer hierarchy has two aggregation points:
At the edge of the access layer going into the distribution layer
At the edge of the distribution layer going into the core
At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
Now we are discussing that How Many Layers to Use in Network Design?
Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
Best regards,
Ahmad Manzoor -
Office network design ideas..
Hey all, we are upgrading to a Cisco network and wanted some input on our possible network design...
Currently we have:
A Juniper SSG 140 and IDP for our firewall and IDS
3com (layer2/3) switches for our desktops
2 Dell PowerConnect 5424 switches for our servers and firewalls
2 Dell PowerConnect 5424 switches (separate network) for our SAN/VM hosts
This is what we are thinking of for our next solution
ASA 5512 for our firewall (I read we could possibly get a 25% performance speed improvement for user VPN connections?)
2 WS-C3750x-48t-e (I think this does Layer 2/3) for our desktops
2 WS-C3750x-48t-e for our firewalls/servers
2 WS-C3750x-24P-L for our SAN/VM hosts
The problem is different network services providers who are going to implement this for us are giving us different solutions
Some desktop 3560X for desktops and 4948 for servers and others are telling me 3750x for desktops and Nexus 3048 switches for SAN
Some are telling me we can keep SAN+VM+core traffic on the same switches and just separate them with VLANs while others are telling me we should get separate switches for them
Basically, we just want a improved improvement with better PERFORMANCE and REDUNDANCY (esp with our core + SAN/VM traffic) without going overboard and spending a ton of money
More thoughts:
We need Layer 2/3 switches for core + SAN
Do we need 10G ports?
Let me know your thoughts...Hi There,
the hardware selection actually depends on the network/site topology, number of users, traffic load and more other factors
this is for IP network, for SAN do you mean iscsi, FCoE or pure FC SAN because these are different things and may change the HW selection,
in general 3560 are good fro access switches and 3750 provide same capabilities with improved performance and support for swtckwise ( 3750 is a good option especially if you planing to stack them )
for L3 it is supported on both but consider the license/image you buy with regard to the features you need
nexus for Data center switch are the best as they are design for data center switching however you need to know, port density, 1G or 10G, do you need any FC SAN, DC load/capacity, any L3 function is required and future growth then you can decide if Nexus 3K or 5K is good for you or not
N5K
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
N3K
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/at_a_glance_c45-648255.pdf
if yo have a network topology with more details of what you need, post it here for more discussions
hope this help
if helpful rate -
What are best practices in consideration to wireless network design? I have a WLC 4400 and 1200 AP's that I want to deploy to replace my existing wireless network. I am researching the best network design for implementing a secured wireless infrastructure and also having a quest account for non employee's to logon to and surf the Internet. We also have WAN sites that need to be included in this design.
Any help would be appreciated.Hi Tim,
I just wanted to add a bit to the excellent info you have already received from Alejandro (nice work A!);
Here some good "getting started" Cisco docs (and link to a video) which might help. This is a fair bit of reading :)
Wireless LAN Design Guide
http://www.cisco.com/web/about/ciscoitatwork/design_guides/dg-wlan.html
Wireless Site Survey FAQ
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml
Understanding the Lightweight Access Point Protocol (LWAPP)
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml
Deploying Cisco 440X Series Wireless LAN Controllers
http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html
Cisco Wireless LAN Controller Configuration Guide, Release 4.0
http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_book09186a00806b0077.html
WLC Video
http://www.cisco.com/en/US/products/ps6366/index.html
Lightweight Access Point FAQ
http://www.cisco.com/en/US/products/ps6306/products_qanda_item09186a00806a4da3.shtml
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
Here are some excellent overall scope ideas;
Deploying High Capacity Wireless LANs
http://www.cisco.com/en/US/products/ps6108/products_white_paper0900aecd8027a5f7.shtml
Cisco Deploys Wireless LAN Technology to Increase Productivity
http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_Case_Study_WLAN_2004_print.pdf
Design Principles for Voice Over WLAN
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/networking_solutions_white_paper0900aecd804f1a46.shtml
Evaluating Interference in Wireless LANs: Recommended Practice
http://www.cisco.com/application/pdf/en/us/guest/products/wireless/c2072/cdccont_0900aecd80554f8b.pdf
I have attached some good "getting started" type Security docs). You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.
Wireless LAN Security White Paper
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper09186a00800b469f.shtml
Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper0900aecd8042e23b.shtml
WLAN Security considerations (Part of WLAN SRND Guide)
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf
Wireless LAN Security Solution
http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html
Wireless - Compare Products and Solutions
http://www.cisco.com/en/US/products/hw/wireless/products_category_buyers_guide.html
**Don't forget to check out the good books available from Cisco Press (link on this site)
Hope this helps! And best of luck.
Rob -
Hi guys.
Looking for some advice on a network design.
Please tell me what you think may or may not be wrong or missing.
Here are the details:
The user count is approximately 600 (desktops, laptops and Cisco IP phones) with two locations (office and data center) connected via 100Mbps guaranteed MAN line with site-to-site VPN as backup.
Servers will all be in the Data Center.
Edge routers to be used as site-to-site VPN connection point between office and data center.
Edge router at data center also to be used to connect to 4 other remote sites.
Edge networks (router and ASA) will be used to provide internet access to equipment at their respective locations. (No routing across MAN for internet access)
Cisco 4510 to be used as user switches.
Supervisor engines will be connected via 10G fiber to core switches.
There will be 2x 10G connection for each supervisor module.
Core switches are 4500x to be stacked via VSS using 10G Twinax cables.
Core switch will also have 1G copper sfp to connect to MAN line hand-off.
There will also be a physically (for the most part) segregated network using 3750x
switches that connect back to the core. We will use 1G Fiber connections.
Here is the current kit list:
Office Network Edge
1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
1x ASA Firewall w/ IPS (ASA5525-IPS-K9)
Office Network Core
2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
2x 1GB Fiber SFP module per 4500X switch to connect to 3750x (GLC-SX-MMD)
2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
8x 10GB Fiber SFP+ module to connect to 4510 Sup Engines (SFP-10G-SR))
1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
1x 1GB Copper SFP to connect to ASA firewal (GLC-T)
Distribution
4x Catalyst 4510R+E Switches (WS-C4510R+E) w/ IP Base License
2x Supervisor 8-E per 4510 switch (WS-X45-SUP8-E)
8x 48-port PoE module per 4510 switch (WS-X4748-UPOE+E)
4x 10G Fiber SFP+ module per 4510 switch (SFP-10G-SR)
1x 2GB SD Memory card per Supervisor Engine (SD-X45-2GB-E)
Office Network Segregated
4x 3750X 48-port PoE Switches (WS-C3750X-48P-L) LAN Base License
1x 1G Fiber SFP module per 3750x switch (GLC-SX-MMD)
1x Slot module per 3750x to connect 1GB SFP modules (C3KX-NM-1G)
Data Center Edge
1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
1x ASA Firewall w/ IPS (ASA5525-IPS-K9)
Data Center Core
2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
3x 10GB Fiber SFP+ modules per 4500X switch to connect to 3850 switches (SFP-10G-SR)
1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
1x 1GB Copper SFP to connect to ASA firewall (GLC-T)
1x 1GB Copper SFP to connect to segregated ASA (GLC-T)
Data Center Distribution
6x 3850 24-port PoE Switches (WS-C3850-24T-S) IP Base License
1x Slot module per 3850 switch to connect 10GB SFP+ modules (C3850-NM-2-10G)
1x 10G Fiber SFP+ module per 3850 switch (SFP-10G-SR)
Data Center Segregated
1x Cisco 2951 Router to connect to internet and vpn tunnel endpoint (CISCO2951/K9)
1x ASA 5512-X (ASA5515-K9)
Attached diagram is just a draft.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
A 39xx is underpowered if you want to support gig VPN tunnel.
If your MAN is 100 Mbps (possibly "light" for 600 users), I would suggest running your port at 100 Mbps, not gig. (This because LAN switches don't shape, and may not be able to "see" congestion or drops within the MAN.)
You user edge (the 4500s) will be L2 or L3. If the latter, I would recommend not using a VSS core.
I would recommend not using the same Internet connection for both general Internet access and VPN. -
Hi Guys
I am posting this because I am starting my career into network design and want some help in it. I am at present in need of a high level design overview as I need to prepare some high level network design documents. Can anyone shower some thoughts in it as how about doing this and if any there is a template for HDD so that it maybe useful.
Also I believe in keeping information as transparent as possible to the readers of the document and need someone to explain in very simple terms if at all it is possible.
Thanks a lot
VinHi Vin,
I would check the Cisco SBA and Validated Design Zone as a first pass.
Lots of great design documents there.
As for how I would create a high level design - keep it simple. You just want an overview of the connectivity - e.g. for a dual-site head office with 100+ branch wan, I would only show a single branch site as a template.
Every network is different, but the more documentation you write and read the more you will define your own style.
Apologies I can't give you any of my customer's documentation - NDA's and everything!
Regards, Ash, -
Cisco Video Telephony Solution Reference Network Design (SRND)
Below are links to two design guides focused on video telephony and videoconferencing. The first link is goes to the NEW Video Telephony guide while the second links to the existing Videoconferencing guide that has been referenced before in a previous thread.
Cisco Video Telephony Solution Reference Network Design (SRND):
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns268/c649/ccmigration_09186a008026c609.pdf
IP Videoconferencing Solution Reference Network Design (SRND):
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns280/c649/ccmigration_09186a00800d67f6.pdfHi
As long as this is new instalation I recommend you to use SIP on all of the end points where possible and integrate with CUCM using sip trunk this will give you two main benefits
- the transformation of the called and calling number from and to CUCM will be easier
-if have end point using H323 and communicating with other end using sip the vcs will do internetworking to this call and you will need license for each internetworked call plus the media path will go through the vcs not direct between end points for internetworking
If you use sip make the end point name/sip usri as [email protected] Calls from vcs to CUCM use search rules with trsformation so if end point dial 123456 only from vcs and the default call is sip vcs will send it to CUCM as 123456@sip domain.com you need to do transformation before sending it to CUCM and send it as 123456@cucmip.
This is just in brief and also using the expersss way you can have your sip domain registered over the Internet and configure dns srv record point sip ton the vcs public ip and Internet calls can come to your end point sip name directly no need to publish ip to others to dial you
HTH
If helpful rate -
I am designing a new Hyper v network with 3 nodes. Each node has 8 NICs and I want to team 2 NICs per network.
Team 1 will be the Management Network. A team will be created at the OS layer and a virtual switch will be created for the Network.
OS Management
Live migration
Heart Beat
These services will be added as interfaces on the network adaptor and will be VLAN'd. QoS will then be added to the virtual switch for the Management and Heart beat network interfaces to ensure that these services are not compromised.
The CSV network communication will managed by the virtual machine network but I may enable cluster communications on the Management network Team 1 instead.
Please advise.Very informative reply. Helps very much :)
The other 4 ports will be for production VM traffic and storage is FC on a dual channel HBA. The over all Network design is based on Blade architecture:
Storage
1 FC HBA Dual Channel
Ethernet
2 NICS for
OS Management
Live migration
Heart Beat
4 NICs for
VM Production Traffic
Back ups are using the Native solution with agents for VM over a fibre channel network connection back to our DC.
Looking Good?
Also
What is the better approach for managing QoS on the network for hyper v 2012 r2
Create the team - Create the switch - Tag the VLAN interfaces to the team for :
OS Management
Live migration
Cluster comms
then apply Weight using Powershell
Create a management team - create a switch with the management VLAN tagged then apply the ploicy
Configuring Policy-based Quality of Service (QoS)
http://technet.microsoft.com/en-us/library/hh831689.aspx
Please advse -
Hiii Cisco Team,
i want to start studying Cisco network designing course to have CCDA certificate, could you please provide me with the rquirements, links and any helping material on that? after getting CCDA, what is the next certificate on the same path?? currently i have CCNA, CCNA security and CCSP
looking forward to have my CCDA
thank youCCDA requirements are listed here.
While it's not a prerequisite, the next logical step in that certification path or track would be CCDP. See here. -
Network Design Pointers...
Hey everyone, I am not too sure if this is the correct location to be posting this, but I have some questions regarding networking design.
I have created a test network within Packet Tracer, which I have added as an attachment. I just wanted some pointers on how I could have changed things, just regarding the topology. My main arean of concern is with the printers, could they have been better located.
I have uploaded a screen shoot, and the Packet Tracer file of my design, please let me know what you guys think. This is my first time creating a network, this helps me study for my exams, as I just finished my CCENT, and now working on CCNA.
Thanks so much for your time everyone.
Paul St.Onge>
Threaded interfaces - do you mean user
interfaces?Not quite, and it possibly comes as part of the other questions, but a description (or an attempt at) is, imagine that you have one application on a server and some small applications in a series of pcs connected with the server. This applications,when started, send a command to te server which creates a thread that interfaces with the client app so that the processing can be spread more or less evenly. <hope to make sense>
>
Detection of java/javaw - what do you mean by that?The System.getProperties(... was what i was looking for -
2013 Design implementation-two sites
Hi!
I have a design implementation question. We are a small firm with 80 AD users, 100 mailboxes, DB store is 200 gigs and all on Exchange 2007 (Virtualized connecting to a SAN), but growing rapidly. Also, we currently have two sites in Chicago and New York(Exchange
2007 server in NY). We would like to upgrade from 2007(all roles installed on a VM server ESX 5.5 server) to 2013. Should we virtualized the Exchange 2013 or should they be physical servers? Also, since the servers will be in separate sites will I need a Load
Balancer in both location? Also, should I split up the roles since we have two locations running the both roles on both servers. For example below:
1 Chicago server-CAS/Mailbox Role
1 New York server-CAS/Mailbox Role
Should I have the Chicago users connect to the Chicago Server? And the New York users pointed to the New York Server? Currently everyone connects to the mail sever in NY. Any advice or comments would be appreciated.
Thanks!Hi,
Yes, if you need proxy or redirection settings on OWA and other Exchange web services, one CAS in each site is must.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Hi all
I wanted to know if someone can give me some adivce,I've started my own consulting company and I have a client who wants a network redesign and a
Core network design.Both of these are for different sites and I wanted to know what questions should I ask the client and is there some books that I can
read upon about network design that will give me a good feel on how to proceed. I have a good ideal already about the hardware that is needed at each layer, but the network I learned on was a large enterprise network and these are smaller networks and I really want to do a good job for this user so that
I can get repeat business.Thanks in advance and have a great day and I look forward to your replies.1) you should ask is why does the client want a network redesign and what are they looking to achieve by doing this ie. no one does a network redesign just for the fun of it
2) based on the answers to the first question you need to see the existing network design and then work out why it does not meet the clients needs.
3) probably as important as anything else is what budget is available for the redesign ie. consultancy for you and hardware budget.
4) what inhouse experience the client has. You can setup the loveliest shiny network but if the customer cannot then support it it is not particularly useful to them.
5) future plans for expansion for the client
6) the hardest part - application, traffic patterns, bandwidth requirements of the network. Make sure you at least identify the apps that the client makes their money from and design accordingly.
Don't decide on hardware before the design. The design dictates the hardware design and not the other way around. If you already have an idea of the hardware you are going to use you either have answers to all the above or you are getting ahead of yourself
A good place for design info are Cisco's design papers -
www.cisco.com/go/srnd
Jon -
Hi Guys,
can anyone give me an idea of how a B2B network design should look like? a url link to a desing example or a network diagram example will be appriciated.
cheersThis url might help....
http://www.cisco.com/en/US/netsol/ns656/networking_solutions_design_guidances_list.html -
Validate PIX & IPS Network Design
Attached is my network design of the PIX and the IPS in promiscuous mode (non-inline). It doesn't look sound:
1. Is it possible to set up the IPS in non-inline mode with two sensors?
2. Can the IPS direct blocking commands to the PIX through the Desktop Management console? If not, do I need to place an internal switch for the desktop console and the command/control interfaces of the PIX and IPS?
3. Other comments/suggestions?Cisco IPS Version 5.0 Sensor can be configured either in the IPS (inline) mode or the promiscuous IDS mode. If your sensor already has more than one monitoring interface, no additional hardware is required to run Cisco IPS Sensor Software Version 5.0 in the IPS (inline) mode. IPS services require at least one monitoring interface pair (two monitoring interfaces). Cisco provides the option of upgrading sensors with a single monitoring interface to support multiple monitoring interfaces. For more information on the various IDS and IPS sensor platforms and part numbers, please refer to Cisco IPS 4200 Series Data Sheet located at: http://www.cisco.com/go/ips
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item0900aecd801e6a99.shtml -
Network Design Review - Best Practices
Looking to start a discussion around best practices for inbound network design at the core.
The planned devices are as followings:
Edge Routing / DMVPN - Cisco 2951
Cisco UCM / IP Phone VPN Concentrator - Cisco ASA 5512-X
Cisco AnyConnect SSL Client Concentrator - Cisco ASA 5515-X
Cisco FirePower / IPS Device - Cisco ASA 5515-X
The plan is as follows:
All traffic enters through the 2951.
DMVPN traffic will go directly to the FirePower Device and then to the core network.
IP Phones will pass-through 2951, enter 5512-X for VPN, go to FirePower and then to the core network.
AnyConnect Clients will pass-through 2951, enter 5515-X for VPN, go to FirePower and then to the core network.
Wondering if anyone else has completed a similar setup and any issues you may have fun into.
Basic diagram attached.
Thanks!There really isn't a true two factor authentication you can just do with radius unless its ISE and your doing EAP Chaining. One way that is a workaround and works with ACS or ISE is to use "Was machine authenticated". This again only works for Domain Computers. How Microsoft works:) is you have a setting for user or computer... this does not mean user AND computer. So when a windows machine boots up, it will sen its system name first and then the user credentials. System name or machine authentication only happens once and that is during the boot up. User happens every time there is a full authentication that has to happen.
Check out these threads and it explains it pretty well.
https://supportforums.cisco.com/message/3525085#3525085
https://supportforums.cisco.com/thread/2166573
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Maybe you are looking for
-
Activation of Bank Control Key field (P0009-BKONT) in IT 0009
Hi, We got a requirement to activate Bank Control Key field (P0009-BKONT) in IT 0009 for the Countries Barbados, Dominican Republic and Trinidad & Tobago. For activating this field, we copied a new screen for each country for IT 0009 and made the fie
-
Is it possible to extend volumes with DFS without taking any resources offline?
I am running two Windows 2008 R2 servers (hosting DFS) within a VMware 4.1 environment. From the VM side of the house additional space was allocated. My question is: Can I simply expand my volume using the Disk Management's GUI to extend the drive (o
-
Executing Workflow through RFC Call
Hi, I need to execute a worklow in one system through an RFC call from another system . Is this possible? If yes, then what all parameteres do I need to do so and what all steps are involved. Regards, Divyanshu
-
How do i transfer slo-mo videos i've shot to my P.C?/Laptop?
The share option only allows upload to various sites such as youtube, and emailing to myself only allows a certain size video. I connected my iphone5s to my computer, but all that shows up is pics.When i had the iphone 3 i could connect to my compute
-
Bad caracter : for french "é" , "è", etc----
Si quelqu'un sait comment faire pour que les accents soient acceptés dans Imovie 6 HD car a l'affichage , on a des trucs genre n'importe quoi" , Merçi à l'avance --- Why can we not have on the result, the good caracter like "é", , "è" , "à", . we can