Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Need Confirmation about new architecture...

SOLVED
Go to solution
FS-EXP
Advisor

Need Confirmation about new architecture...

I'm configuring a new network architecture.
I just want a confirmation about my network Diagram (file below).

Is everything ok? Made me part of your remarks.

Thanks.

Yoann
8 REPLIES
cenk sasmaztin
Honored Contributor
Solution

Re: Need Confirmation about new architecture...

hi
you make new network architecture very successfull .

I hope you make think about network security.

you can on network for client connection
802.1x port baset security or clasic mac base securtiy .For system security dhcp snooping ,arp protection,front panel security,loop protection.For managemet security ip autoraize manager ,ssh,ssl etc.

good luck..

cenk

FS-EXP
Advisor

Re: Need Confirmation about new architecture...

I've make a mistake for the IP address of Vlan 1 on each switch.

The new network diagram is attached to this message
FS-EXP
Advisor

Re: Need Confirmation about new architecture...

And is-it possible to build this architecture without modify IP configuration of PC ?
cenk sasmaztin
Honored Contributor

Re: Need Confirmation about new architecture...

hi..
this network achitecture make for successfully working pc ip addreses same subnet in vlan ip address and vlan ip addres all pc default gateway address.each vlan own address range .I see you write on 3500 default routing command 0.0.0.0 0.0.0.0 172.16.0.250 ok very good because you internet router response this route you make write on internet router ip route command.

example:
ip route 172.16.0.0 255.255.255.0 172.16.0.240
ip route 172.16.5.0 255.255.255.0 172.16.5.240
ip route 172.16.2.0 255.255.255.0 172.16.2.240
ip route 172.16.1.0 255.255.255.0
172.16.1.240
ip route 172.16.10.0 255.255.255.0 172.16.10.240

so you want for pc vlan dhcp server you write ip helper|dhcp ip address| in vlan interface and assign scobe name vlan5 scobe name you want another vlan for dhcp scobe create same dchp server on (same nic)another scobe and scobe name example vlan3 and you write ip helper address in vlan 3

good luck..
cenk

FS-EXP
Advisor

Re: Need Confirmation about new architecture...

Switch 3500 can ping our firewall
VLAN 1 (which is on same subnet as firewall) can ping internet.

But any other VLAN can ping firewall.

What's the issue?
Mohieddin Kharnoub
Honored Contributor

Re: Need Confirmation about new architecture...

Hi

Your firewall exists in Vlan1, and it doesn;t know any thing about Vlan2-5

Therefore, you should tell the Firewall how to reach Vlan2-5 (Route Back) by pointing all the Networks for Vlan2-5 to the 3500 Switch 172.16.0.240.

Add 4 static routes on your firewall like this:

VLAN 2: 172.16.5.0/24 route to 172.16.0.240
VLAN 3: 172.16.2.0/24 route to 172.16.0.240
VLAN 4: 172.16.1.0/24 route to 172.16.0.240
VLAN 5: 172.16.10.0/24 route to 172.16.0.240

If you can understand the CLI:
Router(config)#ip route 172.16.5.0 255.255.255.0 172.16.0.240 **Route to Vlan2
Router(config)#ip route 172.16.2.0 255.255.255.0 172.16.0.240 **Route to Vlan3
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.0.240 **Route to Vlan4
Router(config)#ip route 172.16.10.0 255.255.255.0 172.16.0.240 **Route to Vlan5

Good Luck !!!
Science for Everyone
Mohieddin Kharnoub
Honored Contributor

Re: Need Confirmation about new architecture...

Or combine all routes together:

Router(config)#ip route 172.16.0.0 255.255.0.0 172.16.0.240 **Route to Vlan2-5

Note:
This will include all the 172.16.0.0/16 Subnet

Good Luck !!!
Science for Everyone
cenk sasmaztin
Honored Contributor

Re: Need Confirmation about new architecture...

please look 5.replies
cenk