From: John Matus (jmatus@pacbell.net)
Date: Sun Dec 03 2006 - 10:02:59 ART
Bee,
thanks for the info.
at what level would i implement the connection to the other site office?
the distribution or the core? i'm guessing the distribution
we have about 40 servers and about 200 users. we are running a flat network
at this point (/15-bit) which is probably not a great idea. i'm thinking we
should put the servers and each of our 4 departments in their own V-lan just
to add additional broadcast security. wathchoo think?
i forget what router we are using to access NY but all of our access
switches are either 3500's 3548's or 3550s' (which are not using any routing
protocols on them. i believe they are all just daisy chained into the
3548 gig g-bic uplinks and then are conneceted directly to the
routers..........ick. yeah?
John D. Matus
MCSE, CCNP
Home (818) 782-2061
Work (626) 568-7716
Cell (818) 430-8372
jmatus@pacbell.net
----- Original Message -----
From: "WorkerBee" <ciscobee@gmail.com>
To: "John Matus" <jmatus@pacbell.net>
Cc: <ccielab@groupstudy.com>
Sent: Saturday, December 02, 2006 6:37 PM
Subject: Re: design question LAN/WAN
> Your access switches need to enforce Layer 2 features like:
>
> - bpduguard
> - root guard
> - port-security max mac address set to 1 can stop loops
> - storm-control
> - shutdown unused ports
>
> For routing edge design, you can run Layer 3 at the edge and thus
> no more Layer 2 or HSRP extenstion to the Distribution/Core switches.
> Your design can be classified as Collapsed Backbone design.
>
> For Core switches, try to implement pure Layer 3 with point-to-point
> interfaces for fast routing and no ACL nor Firewall rules. Keep it
> simple.
>
> Yeah, sometimes a $10 hub can brought down a million dollar setup
> but it can be prevented but need to turn on more features and strategy
> to overcome them...
>
> I prefer 3-3-3 (Core-Distr-Aaccess) if you have the spare cash ;)
> If you design 2-3-2, the L3 (Distri) switch will treat the Core as a
> transparent
> Layer 2 to reach the WAN router to your MPLS cloud. Is not fun if the Core
> is Layer 2. :(
>
> On 12/3/06, John Matus <jmatus@pacbell.net> wrote:
>> hey guys,
>> trying to deal w/ a real world scenario.
>> just the background. someone in my company plugged both ends of a cat5
>> into
>> a linksys switch that attached to our access layer switches which
>> brought
>> down our whole network. it toasted 2 3500 plus our core router. ICK.
>> luckily not under my juristiction........
>>
>> but, after analyzing the topology there does not seem to be an
>> access-distribution-core design in place that would stop broadcast storms
>> or
>> things of this nature from occuring...
>>
>> we have a NY site connnecting to an LA site via MPLS. so on each end
>> there
>> is a router>>pix>> core-switch>> access layer switches. this does not
>> seem to
>> jive to me. shouldn't there be a layer 2-3-2 type of setup here?
>>
>> i would think that all nodes should attache to access switches. the
>> access
>> switches connect to either a router or a MLS......but then i'm a bit
>> fuzzy how
>> the router would attach to the core and how this site's 2-3-2
>> architecture
>> would connect to the east-coast's 2-3-2 architecture. if the core is
>> just
>> supposed to switch traffic as fast as possible then that, i would think,
>> would
>> only be located on each site, and not connected between sites thru
>> MPLS....
>>
>> i guess my main question is, do we implement a core (#1) and #2, do the
>> remote
>> sites connect through the distribution layer?
>>
>> TIA
>>
>> <i don't design networks.....i just do labs :-)
>>
>>
>> John D. Matus
>> MCSE, CCNP
>> Home (818) 782-2061
>> Work (626) 568-7716
>> Cell (818) 430-8372
>> jmatus@pacbell.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART