Networking Design Guide

Similar Messages

• Cisco Video Telephony Solution Reference Network Design (SRND)

  Below are links to two design guides focused on video telephony and videoconferencing. The first link is goes to the NEW Video Telephony guide while the second links to the existing Videoconferencing guide that has been referenced before in a previous thread.
  Cisco Video Telephony Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns268/c649/ccmigration_09186a008026c609.pdf
  IP Videoconferencing Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns280/c649/ccmigration_09186a00800d67f6.pdf

  Hi
  As long as this is new instalation I recommend you to use SIP on all of the end points where possible and integrate with CUCM using sip trunk this will give you two main benefits
  - the transformation of the called and calling number from and to CUCM will be easier
  -if have end point using H323 and communicating with other end using sip the vcs will do internetworking to this call and you will need license for each internetworked call plus the media path will go through the vcs not direct between end points for internetworking
  If you use sip make the end point name/sip usri as [email protected]  Calls from vcs to CUCM use search rules with trsformation so if end point dial 123456 only from vcs and the default call is sip vcs will send it to CUCM as 123456@sip domain.com you need to do transformation before sending it to CUCM and send it as 123456@cucmip. 
  This is just in brief and also using the expersss way you can have your sip domain registered over the Internet and configure dns srv record point sip ton the vcs public ip and Internet calls can come to your end point sip name directly no need to publish ip to others to dial you
  HTH
  If helpful rate

• Secure Wireless Design Guide 1.0

  Has there been any update to this document?  This document is dated July 11, 2007.
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns386/c649/ccmigration_09186a0080871da5.pdf
  Does anyone have a link to other reference material for designing Wireless Security; integrating WLCs with other Cisco security appliances and software?
  Thank you for your help.

  You can check the Wireless and Network Security Integration Solution Design Guide on the link below:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/sw2dg.html
          "niLz"
  Nilo Noguera Jr.
  | Specialist, Virtual Engineering - Partner Helpline Organization
  together we are the human network

• CSS Design Guides

  We recently purchased a CSS 11503 and I am tearing my hair out looking for baseline design guides. Right now, we're not even sure that it will do what we WANT it to do, in the way we want to do it.
  Basically, the CSS is going to sit between a 6509 and a server farm. Two of the servers are IMAP, two are webmail. The CSS will be handling load balancing for the IMAPs, and load balancing for the webmail. However, the webmail servers ALSO need to talk to the IMAP, and need the persistent connections offerred via the CSS.
  We're trying to figure if the webmail server, when it needs to connect to the IMAPs, can go OUT the CSS, and connect to the IMAPs via the VIP. It seems to me we would need NAT configured, and my problem is I can't seem to find how to do that. I guess it's the same issue as needing a server behind the CSS to get out to the Internet for updates/patches and what-not - how does a server INSIDE the CSS talk to the oustide world directly, when it needs to?
  I hope that made some sort of sense. Another way to look at it is the webmail servers need to be servers AND clients, but we want them behind the CSS.
  The root is this: are there any good design guides for CSS that discuss these issues? Thus far I have been unable to find any.
  Thank you!

  I reviewed the basic config guide; I actually found the NAT info right after posting this!! Thanks for the replies; I appreciate it.
  The NEW question is about the VLANing on the CSS. We're trying to figure out the best way to incorporate the management port (VLAN1, we hope) into our current VLAN architecture, which has a private network for management on VLAN1, which is trunked across the network for accessibility from multiple segments. The management port on the CSS doesn't support trunking - otherwise we'd treat it as any other box. Meanwhile, we want our VIPs in our server VLAN. We contemplated the VLAN "multi" option, but it doesn't look like we can implement it, given older version of IOS and the fact that we are already trunking.
  We'll get there....I'm sure it isn't THAT hard to untangle. But it's frustrating that the separate management interface on this box doesn't support VLAN trunking.
  EMILY

• Management Network Design - IP Addressing

  Hello !
  I have a basic question with IP addressing for management network. We use management IP address to identify each network element. I have come across two forms of IP addressing for management network:
  1. Assign the IP address directly to an interface (if its a L2 switch, the interface is made L3 using *no switchport* command) of the network element.
  2. Create a SVI i.e., define a management VLAN on each network element, assign IP to this VLAN and assign a port to this VLAN for management.
  Both these designs provide IP termination on the network elements for management using standard network management protocols. I am wondering what's the difference between the two. Any significant advantage of one over the other ? Please share your thoughts.
  P.S. Many vendors don't seem to support command equivalent to *no switchport* on Cisco L2 switches. I presume the reason for this is they don't have MAC addresses on L2 switch ports. Each switch has only 1 MAC address (which identifies the switch) unlike Cisco switches wherein each interface has its own MAC address and can be converted to a L3 interface.
  Thanks & Regards,
  Naveen

  In addition to method #1 and #2 you mention, there's also the use of a loopback interface (applicable on Cisco routers) and, where available, the dedicated Ethernet management port on the device which uses its own management virtual routing and forwarding (vrf) instance, Where applicable, those two methods are the preferred ones as they have a higher degree of reliability and isolation from any routing protocols in the devices' primary routing information bases (ribs or routing tables) and, in some cases even have a dedicated CPU to isolate you from runaway main CPU utilization in the device. For routers the loopback interface is the preferred method. See page 23 of the SBA WAN Deployment Guide.
  Between #1 and #2 you can make an argument either way. #1 requires a dedicated physical layer link which can be a good thing (no dependency on a shared trunk being up) or bad thing (requires using a physical port and possibly a scarce inter-floor or inter-building link). The most common method I see and one recommended by Cisco is #2 - a management VLAN SVI. See pages 19-20 of the SBA LAN Deployment Guide, for instance.
  Besides the IP addressing, there's a lot of good best practices around securing the management plane and deploying centralized authentication etc. Pay attention to those aspects as well. They are covered in some of the SBA Design Guides (parent page here) as well as in the material supporting Implementing Cisco IOS Network Security, the foundation guide for CCNA Security certification.

• Wireless Network Design

  What are best practices in consideration to wireless network design? I have a WLC 4400 and 1200 AP's that I want to deploy to replace my existing wireless network. I am researching the best network design for implementing a secured wireless infrastructure and also having a quest account for non employee's to logon to and surf the Internet. We also have WAN sites that need to be included in this design.
  Any help would be appreciated.

  Hi Tim,
  I just wanted to add a bit to the excellent info you have already received from Alejandro (nice work A!);
  Here some good "getting started" Cisco docs (and link to a video) which might help. This is a fair bit of reading :)
  Wireless LAN Design Guide
  http://www.cisco.com/web/about/ciscoitatwork/design_guides/dg-wlan.html
  Wireless Site Survey FAQ
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml
  Understanding the Lightweight Access Point Protocol (LWAPP)
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml
  Deploying Cisco 440X Series Wireless LAN Controllers
  http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html
  Cisco Wireless LAN Controller Configuration Guide, Release 4.0
  http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_book09186a00806b0077.html
  WLC Video
  http://www.cisco.com/en/US/products/ps6366/index.html
  Lightweight Access Point FAQ
  http://www.cisco.com/en/US/products/ps6306/products_qanda_item09186a00806a4da3.shtml
  Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
  Here are some excellent overall scope ideas;
  Deploying High Capacity Wireless LANs
  http://www.cisco.com/en/US/products/ps6108/products_white_paper0900aecd8027a5f7.shtml
  Cisco Deploys Wireless LAN Technology to Increase Productivity
  http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_Case_Study_WLAN_2004_print.pdf
  Design Principles for Voice Over WLAN
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/networking_solutions_white_paper0900aecd804f1a46.shtml
  Evaluating Interference in Wireless LANs: Recommended Practice
  http://www.cisco.com/application/pdf/en/us/guest/products/wireless/c2072/cdccont_0900aecd80554f8b.pdf
  I have attached some good "getting started" type Security docs). You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.
  Wireless LAN Security White Paper
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper09186a00800b469f.shtml
  Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper0900aecd8042e23b.shtml
  WLAN Security considerations (Part of WLAN SRND Guide)
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf
  Wireless LAN Security Solution
  http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html
  Wireless - Compare Products and Solutions
  http://www.cisco.com/en/US/products/hw/wireless/products_category_buyers_guide.html
  **Don't forget to check out the good books available from Cisco Press (link on this site)
  Hope this helps! And best of luck.
  Rob

• Video Conferencing Design Guide

  Does any one know if there is a VC design guide.
  If so could you please point me to the link.
  Thank you
  PL

  Take a look at this thread...
  http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=ml3027rm61.SJ1B?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd6216d
  or use the following info...
  Aug 3, 2004, 8:34am PST
  Below are links to two design guides focused on video telephony and videoconferencing. The first link is goes to the NEW Video Telephony guide while the second links to the existing Videoconferencing guide that has been referenced before in a previous thread.
  Cisco Video Telephony Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns268/c649/ccmigration_09186a008026c609.pdf
  IP Videoconferencing Solution Reference Network Design (SRND):
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns280/c649/ccmigration_09186a00800d67f6.pdf

• Design guides for Ironport Web Security

  Hi All,
  I am looking for a proxy solution for our enterprise network, and considering Ironport WebSecurity S370 appliance.
  I am just curious if there is any good design guides on how to properly implement Ironport on the network.
  I need best practices documents, i.e.  can I place two units with one virtual IP address and so on.
  Thanks!

  WSA's don't cluster, with a shared virtual IP, how you handle mulitple WSA boxes is a function of how you're redirecting traffic to them.
       WCCP - you just add them as multiple WCCP destinations
       PAC file - you add seperate entries and the browser/app figures out which one is available.
       Policy Based Routing (eg. no Cisco router) - I'm not sure, as I've never done it.
  You might be able to use a load balancer, but my feeling is that gets too complicated.
  I used this to set up one box using WCCP
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/H1CY11/SBA_Mid_BN_WebSecurityDeploymentGuide-H1CY11.pdf
  There's a caveat when you use WCCP for 2 boxes, you need to tweak the ACL so that you don't get loops:
  http://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=1603&p_created=1278697344&p_sid=zzjbITyk&p_accessibility=0&p_redirect=0&p_srch=1&p_lva=772&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MzA4LDMwOCZwX3Byb2RzPTAmcF9jYXRzPTAmcF9wdj0mcF9jdj0mcF9zZWFyY2hfdHlwZT1hbnN3ZXJzLnNlYXJjaF9ubCZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PW11bHRpcGxlIFdTQQ!!&p_li=cF91c2VyaWQ9MXJvblAwcnQmcF9wYXNzd2Q9Zm8wQmE1&p_topview=1

• Q about flexpod design guide 5.0

  Hi all,
  In the design guide when you setup the vswitch you only specify one network adapter for the vswitch.  I added a second one in failover and reversed them depending on the order of the Vnics.
  Is this correct or should I put it back to one?
  I don't see how it would failover if I do.
  Also I only see two veth interfaces in the port channel as this is a vic 1420 shouldn't there be 4 per fabric?
  Thanks
  Kev

  Nexus 1000v Essential Edition is now free of charge to acquire.
  http://blogs.cisco.com/datacenter/new-nexus-1000v-free-mium-pricing-model
  For vSwitch implemention, i would have to let someone else step in to discuss their experiences with this setup.  The N1K implementation is using mac-pinning which would be an active-active configuration.  For vSwitch, you probably can have both nics active with 'Virtual Port ID' or 'Source MAC Hash' for load balancing.  'IP Hash' is a port channel and not supported on servers/blades within UCSM.
  33. Type port-profile type ethernet system-uplink.
  34. Type vmware port-group.
  35. Type switchport mode trunk.
  36. Type switchport trunk native vlan .
  37. Type switchport  trunk allowed vlan , ,  , , .
  >>>>>>  38. Type channel-group auto mode on mac-pinning.   <<<<<<<
  39. Type no shutdown.
  40. Type system  vlan , , , , .
  41. Type system mtu 9000.
  42. Type state enabled.
  Thank You,
  Dan Laden
  Cisco PDI Data Center
  Want to know more about how PDI can assist you?
  http://www.youtube.com/watch?v=3OAJrkMfN3c
  http://www.cisco.com/go/pdihelpdesk

• Second WiSM Design Guide

  Hi All,
  I have been running a WiSM successfully for months now, but our wireless network has grown quite a bit so we have purchased a second WiSM.
  Are there any best practises for implementing another one, or are there any design guides?
  Thanks,
  Michael

  Hello Michael,
  Your setup is basically going to be the same. However, you do want to make sure the virtual IP address on both WLCs on the 2nd WISM you purchased are configured the same as the other WISM if you intend to allow mobility between APs and clients. Additionally, you will also have to add your two mobility members to your existing controllers and configure them correctly on your new ones.
  If you intended to configure manual load balancing you can use the primary/secondary/tert configuration on the access points.
  All of the above is mentioned in the 4.0 configuration guide and it does cover multiple WLC implementation as well:
  http://cco/en/US/products/ps6366/products_configuration_guide_book09186a00806b0077.html
  I hope this helps!
  -Mark

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor

• Office network design ideas..

  Hey all, we are upgrading to a Cisco network and wanted some input on our possible network design...
  Currently we have:
  A Juniper SSG 140 and IDP for our firewall and IDS
  3com (layer2/3) switches for our desktops
  2 Dell PowerConnect 5424 switches for our servers and firewalls
  2 Dell PowerConnect 5424 switches (separate network) for our SAN/VM hosts
  This is what we are thinking of for our next solution
  ASA 5512 for our firewall (I read we could possibly get a 25% performance speed improvement for user VPN connections?)
  2 WS-C3750x-48t-e (I think this does Layer 2/3) for our desktops
  2 WS-C3750x-48t-e for our firewalls/servers
  2 WS-C3750x-24P-L for our SAN/VM hosts
  The problem is different network services providers who are going to implement this for us are giving us different solutions
  Some desktop 3560X for desktops and 4948 for servers and others are telling me 3750x for desktops and Nexus 3048 switches for SAN
  Some are telling me we can keep SAN+VM+core traffic on the same switches and just separate them with VLANs while others are telling me we should get separate switches for them
  Basically, we just want a improved improvement with better PERFORMANCE and REDUNDANCY (esp with our core + SAN/VM traffic) without going overboard and spending a ton of money
  More thoughts:
  We need Layer 2/3 switches for core + SAN
  Do we need 10G ports?
  Let me know your thoughts...

  Hi There,
  the hardware selection actually depends on the network/site topology, number of users, traffic load and more other factors
  this is for IP network, for SAN do you mean iscsi, FCoE or pure FC SAN because these are different things and may change the HW selection,
  in general 3560 are good fro access switches and 3750 provide same capabilities with improved performance and support for swtckwise ( 3750 is a good option especially if you planing to stack them )
  for L3 it is supported on both but consider the license/image you buy with regard to the features you need
  nexus for Data center switch are the best as they are design for data center switching however you need to know, port density, 1G or 10G, do you need any FC SAN, DC load/capacity, any L3 function is required and future growth then you can decide if Nexus 3K or 5K is good for you or not
  N5K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
  N3K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/at_a_glance_c45-648255.pdf
  if yo have a network topology with more details of what you need, post it here for more discussions
  hope this help
  if helpful rate

• Need help on network design

  Hi guys.
  Looking for some advice on a network design.
  Please tell me what you think may or may not be wrong or missing.
  Here are the details:
  The user count is approximately 600 (desktops, laptops and Cisco IP phones) with two locations (office and data center) connected via 100Mbps guaranteed MAN line with site-to-site VPN as backup.
  Servers will all be in the Data Center.
  Edge routers to be used as site-to-site VPN connection point between office and data center.
  Edge router at data center also to be used to connect to 4 other remote sites.
  Edge networks (router and ASA) will be used to provide internet access to equipment at their respective locations. (No routing across MAN for internet access)
  Cisco 4510 to be used as user switches.
  Supervisor engines will be connected via 10G fiber to core switches.
  There will be 2x 10G connection for each supervisor module.
  Core switches are 4500x to be stacked via VSS using 10G Twinax cables.
  Core switch will also have 1G copper sfp to connect to MAN line hand-off.
  There will also be a physically (for the most part) segregated network using 3750x 
  switches that connect back to the core. We will use 1G Fiber connections.
  Here is the current kit list:
  Office Network Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Office Network Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 1GB Fiber SFP module per 4500X switch to connect to 3750x  (GLC-SX-MMD)
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  8x 10GB Fiber SFP+ module to connect to 4510 Sup Engines (SFP-10G-SR))
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewal (GLC-T)
  Distribution
  4x Catalyst 4510R+E Switches (WS-C4510R+E) w/ IP Base License
  2x Supervisor 8-E per 4510 switch (WS-X45-SUP8-E)
  8x 48-port PoE module per 4510 switch (WS-X4748-UPOE+E)
  4x 10G Fiber SFP+ module per 4510 switch (SFP-10G-SR)
  1x 2GB SD Memory card per Supervisor Engine (SD-X45-2GB-E)
  Office Network Segregated
  4x 3750X 48-port PoE Switches (WS-C3750X-48P-L) LAN Base License
  1x 1G Fiber SFP module per 3750x switch (GLC-SX-MMD)
  1x Slot module per 3750x to connect 1GB SFP modules (C3KX-NM-1G)
  Data Center Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Data Center Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  3x 10GB Fiber SFP+ modules per 4500X switch to connect to 3850 switches (SFP-10G-SR)
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewall (GLC-T)
  1x 1GB Copper SFP to connect to segregated ASA (GLC-T)
  Data Center Distribution
  6x 3850 24-port PoE Switches (WS-C3850-24T-S) IP Base License
  1x Slot module per 3850 switch to connect 10GB SFP+ modules (C3850-NM-2-10G)
  1x 10G Fiber SFP+ module per 3850 switch (SFP-10G-SR)
  Data Center Segregated
  1x Cisco 2951 Router to connect to internet and vpn tunnel endpoint (CISCO2951/K9)
  1x ASA 5512-X (ASA5515-K9)
  Attached diagram is just a draft.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  A 39xx is underpowered if you want to support gig VPN tunnel.
  If your MAN is 100 Mbps (possibly "light" for 600 users), I would suggest running your port at 100 Mbps, not gig.  (This because LAN switches don't shape, and may not be able to "see" congestion or drops within the MAN.)
  You user edge (the 4500s) will be L2 or L3.  If the latter, I would recommend not using a VSS core.
  I would recommend not using the same Internet connection for both general Internet access and VPN.

• High Level Network Design

  Hi Guys
  I am posting this because I am starting my career into network design and want some help in it. I am at present in need of a high level design overview as I need to prepare some high level network design documents. Can anyone shower some thoughts in it as how about doing this and if any there is a template for HDD so that it maybe useful.
  Also I believe in keeping information as transparent as possible to the readers of the document and need someone to explain in very simple terms if at all it is possible.
  Thanks a lot
  Vin

  Hi Vin,
  I would check the Cisco SBA and Validated Design Zone as a first pass.
  Lots of great design documents there.
  As for how I would create a high level design - keep it simple.  You just want an overview of the connectivity - e.g. for a dual-site head office with 100+ branch wan, I would only show a single branch site as a template.
  Every network is different, but the more documentation you write and read the more you will define your own style.
  Apologies I can't give you any of my customer's documentation - NDA's and everything!
  Regards, Ash,

• Oracle DBI Designer Guide

  Hi,
  Can any one tell me where i can find Oracle DBI Designer Guide. I want to develop custom reports and dashboards , in which guide i can find the help regarding dimension creation , reports and dashborads and graphs.
  Thank you.

  All Oracle Apps 11iR12 docs can be found at:
  Applications Releases 11i and 12
  http://www.oracle.com/technetwork/indexes/documentation/index.html
  Oracle Business Intelligence
  http://www.oracle.com/technetwork/middleware/bi-publisher/documentation/xmlpdocs-084437.html
  Thanks,
  Hussein