how-to block ads
|
| | | | FAQ Revisions | Editors: skj  , Covenant , aryoba , Phraxos
Last modified on 2009-12-09 10:16:13
| |
|
|
| | Topic #1: Layer-2 and Layer-3 Network Design concerning Core and Access Switches
In general, you don't want to deploy switches using their default configuration since a lot of time, default configuration does not provide the most suitable network design. Designing the network the proper way from beginning is a huge decision to make sure that the network is stable, reliable, and scalable.
Following is an illustration.
»IS there any difference using a ACL or just...
Topic #2: VLAN, Access port, Trunk port, and Port Channel
In setting up a Layer-2 network, there is a need of careful and thorough decision process; especially when there are multiple switches from various vendors to be connected. Some features and/or behaviors may only be supported on one vendor's switches while other vendor's switches do not.
Following is an illustration.
»[Config] Troubleshooting Portchannel errors (3750g)
Topic #3: VLAN and VTP Domain
The following thread shows example of setting up Catalyst switches in a small network environment. Note that there are things to consider like VTP Domain management and inter-VLAN routing when there are two or more switches in the network.
One way of setting up the network is to have all switches to be in the same VTP Domain. Note that VTP feature is Cisco proprietary. If there is non-VTP-compliant switch within the network, then you have a choice to run VTP on some switches (i.e. Cisco switches) or don't run VTP at all anywhere. In other words, running VTP is not required even in Cisco switch network. As a note, a lot of organizations don't run VTP at all even all switches are VTP compliant. Check out following threads for illustrations.
»[Config] Secondary VLAN issue
»vtp pruning question
Topic #4: Same VLAN between Main Office and Branch Office
Let's say your company just open up branch or remote office and you like to extend the main office's VLAN to the branch office to ensure connectivity. Note that this VLAN extension does not necessarily mean that both main and branch offices will use the same exact subnet even though the VLAN ID used is the same.
The following is one possible way to design the network, which is also used as standard in many organizations.
Main Office
Server VLAN: 10 with 172.16.10.0/24 subnet
DMZ VLAN: 20 with 172.16.20.0/24 subnet
User VLAN: 30 with 172.16.30.0/24 subnet
Branch Office
Server VLAN: 10 with 10.0.10.0/24 subnet
DMZ VLAN: 20 with 10.0.20.0/24 subnet
User VLAN: 30 with 10.0.30.0/24 subnet
Note that it is possible to use the same subnet for both main and branch office. However this kind of setup is uncommon and produce no benefit other than possible major confusion or even unnecessary complex network design. Check out the following thread for illustration.
»route VLAN over a P2P configuration
Topic #5: Connect internal switch to business partner's switch
Let's say there is a need to connect your internal switch to business partner's switch in DMZ environment, for Internet connectivity, to extend the network, or for any reason. In general, it is always a bad idea to share the same Layer-2 inter-connectivity with external network (network that you don't manage) since Spanning-Tree loop can bring down your network immediately.
A best practice to have connectivity with external network is by having Layer-3 relationship with that external network. The worst possible that could happen with this Layer-3 relationship is lost packet or loop which neither would bring down network like Spanning-Tree loop. Check out the following thread for illustration.
»spanning tree bpdu filtering
 feedback form
 feedback form
by aryoba
last modified: 2009-09-22 10:18:55 |
|
