New Switch Design

Unanswered Question
Jun 14th, 2007
User Badges:

Hi all,


I am tasked to design the network infrastructure for new office. There are up to 180 network points. There are One production segment, one UAT segment and one guest segment. These segment steamlined the purposes. for example, guest segment is meant for guest's wireless access, and they are only allowed to surf internet thru the company's internet access.

How should I go about to design the network?


Any suggestion is welcome!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ariela Thu, 06/14/2007 - 23:28
User Badges:
  • Silver, 250 points or more

Hi,


first suggestion, obvious, use VLANs to separate production from UAT and guest segment in your L2 topology.

See that:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns656/c649/cdccont_0900aecd804ab672.pdf

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns656/c649/cdccont_0900aecd804ab67d.pdf


Then use 802.1x+radius server authentication:

http://www.cisco.com/application/vnd.ms-powerpoint/en/us/guest/products/ps6662/c1161/cdccont_0900aecd80313f72.ppt

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/sw8021x.htm


For wireless another good thing to know is Fast Secure Roaming:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801c5223.html


The gateway will be a L3 device that works as router on a stick for inter-vlan routing: you could apply here your policies about Internet access for wifi users, and all you need.


This is very essential. However your focus must be "High Availability" of your network services, "Security", and "Fault Tolerance". If you need more infos you're welcome.


HTH

Andrea

Actions

This Discussion