Re: Need Confirmation about new architecture...

FS-EXP · ‎05-02-2008

I'm configuring a new network architecture.
I just want a confirmation about my network Diagram (file below).

Is everything ok? Made me part of your remarks.

Thanks.

Yoann

cenk sasmaztin · ‎05-02-2008

hi
you make new network architecture very successfull .

I hope you make think about network security.

you can on network for client connection
802.1x port baset security or clasic mac base securtiy .For system security dhcp snooping ,arp protection,front panel security,loop protection.For managemet security ip autoraize manager ,ssh,ssl etc.

good luck..

cenk

FS-EXP · ‎05-02-2008

I've make a mistake for the IP address of Vlan 1 on each switch.

The new network diagram is attached to this message

FS-EXP · ‎05-02-2008

And is-it possible to build this architecture without modify IP configuration of PC ?

cenk sasmaztin · ‎05-02-2008

hi..
this network achitecture make for successfully working pc ip addreses same subnet in vlan ip address and vlan ip addres all pc default gateway address.each vlan own address range .I see you write on 3500 default routing command 0.0.0.0 0.0.0.0 172.16.0.250 ok very good because you internet router response this route you make write on internet router ip route command.

example:
ip route 172.16.0.0 255.255.255.0 172.16.0.240
ip route 172.16.5.0 255.255.255.0 172.16.5.240
ip route 172.16.2.0 255.255.255.0 172.16.2.240
ip route 172.16.1.0 255.255.255.0
172.16.1.240
ip route 172.16.10.0 255.255.255.0 172.16.10.240

so you want for pc vlan dhcp server you write ip helper|dhcp ip address| in vlan interface and assign scobe name vlan5 scobe name you want another vlan for dhcp scobe create same dchp server on (same nic)another scobe and scobe name example vlan3 and you write ip helper address in vlan 3

good luck..

cenk

FS-EXP · ‎05-03-2008

Switch 3500 can ping our firewall
VLAN 1 (which is on same subnet as firewall) can ping internet.

But any other VLAN can ping firewall.

What's the issue?

Mohieddin Kharnoub · ‎05-03-2008

Hi

Your firewall exists in Vlan1, and it doesn;t know any thing about Vlan2-5

Therefore, you should tell the Firewall how to reach Vlan2-5 (Route Back) by pointing all the Networks for Vlan2-5 to the 3500 Switch 172.16.0.240.

Add 4 static routes on your firewall like this:

VLAN 2: 172.16.5.0/24 route to 172.16.0.240
VLAN 3: 172.16.2.0/24 route to 172.16.0.240
VLAN 4: 172.16.1.0/24 route to 172.16.0.240
VLAN 5: 172.16.10.0/24 route to 172.16.0.240

If you can understand the CLI:
Router(config)#ip route 172.16.5.0 255.255.255.0 172.16.0.240 **Route to Vlan2
Router(config)#ip route 172.16.2.0 255.255.255.0 172.16.0.240 **Route to Vlan3
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.0.240 **Route to Vlan4
Router(config)#ip route 172.16.10.0 255.255.255.0 172.16.0.240 **Route to Vlan5

Good Luck !!!

Science for Everyone

Mohieddin Kharnoub · ‎05-03-2008

Or combine all routes together:

Router(config)#ip route 172.16.0.0 255.255.0.0 172.16.0.240 **Route to Vlan2-5

Note:
This will include all the 172.16.0.0/16 Subnet

Good Luck !!!

Science for Everyone

cenk sasmaztin · ‎05-04-2008

please look 5.replies

cenk

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Need Confirmation about new architecture...

Need Confirmation about new architecture...