cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
577
Views
9
Helpful
5
Replies

Recommended Network Setup

steven.wright
Level 1
Level 1

Hi All,

I am begining to draw up plans for a new network for around 200 users. I was thinking about using Cisco 3750 switches, we do not need to do anything fancy with these switches, just very basic VLAN and routing. I would like to know your thoughts?

Also, I was thinking about getting a Cisco ASA5500 as the secrurity device, that will also provide functionality for remote access etc, as well at standard PIX funtions (DMZ etc)

Would anyonce recommend any alternatives to this, or additional hardware, i.e using a router as a default router rather than the switch.

Also, I would like to know what you all think about prividing Gigabit to users desktops, is it worth it, or only worth providing Gig LAN access to servers etc.

Thanks for all you input, it is greaatly appreciated

Steve

1 Accepted Solution

Accepted Solutions

Hello Steve.

Sure, it must be a trunk. As the 2960s don't support ISL, it'll be a dot1q trunk.

Regards

Frank

PS: You may want to consider this document:

Document ID: 13608

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080

120f48.shtml

View solution in original post

5 Replies 5

fherlan
Level 1
Level 1

Hi.

This is what I would do/consider:

- for redundacy have 2x 3750 as "core routers"

- do VLANs for different user groups (e.g. departments) and servers/printers

- if you have heavy traffic from/to DMZ, I would get e firewall with GE interfaces

- use 2960s (with PoE?) as access switches

- connect the access swiches via EtherChannel to the 3750s

Do you need high speed (GE) to the desktop? Are your server(s) able to provide the data at that speed - even if users read/write simulaneoulsly to the server(s)?

Just my two cent...

Regards

Frank

Hi Frank,

Thank you so much for your response, it has given me a few things to think about.

I have a couple of questions though...

The 2960 access switches do not run at layer 3 (unlike the 3750s) I assume that you advised using these to take away the routing from these switches and provide this service on the 3725 routers?

Also the 2960s do not use stackwise, (as you would know stackwise gives a 32Gbps backplane) what uplink speeds can be achieved between the 2960s?

Also you mentioned using ether-channel to connect the Cisco 2960 switches to the 2 3725 routers, by this do you mean have 1 connection into 1 router and the other into the other? if so would this mean that both routers would be used to send traffic?

Finally, if there are 2 routers I assume we would need anther switch in order to plug into the ASA?

Please see the attached diagram...

Again, thank you for your ideas and input it is greatly appreciated.

Steve

Hi Steve.

Yes, the 2960s can't do routing but can provide access security (e.g. "switchport port-security" or "bpduguard").

The uplink speed depends on the interfaces you use. Let's assume you have some 2960s (WS-C2960-24TT-L) and a pair of 3750s (WS-C3750G-24T-S). I would connect the two GE ports to the 3750s (one to each 3750) and do EtherChannel on this link. This would give you a 2GBit FDX uplink per 2960 to your core.

If you would use more/other interfaces for the EtherChannel you can have up to 8Gbit FDX uplink.

With the 2960s (WS-C2960-24TT-L) you have 24x 100MBit = 2.4GBit. If you use 2x GE uplinks, I think that's good enough.

>by this do you mean have 1 connection into 1 router and the other into the other?

Yes. But both 3750 have to be connected via stack cable!

>if so would this mean that both routers would be used to send traffic?

As far as I know -> yes (and I'm pretty sure about that...)

>Finally, if there are 2 routers I assume we would need anther switch in order to plug into the ASA?

No. Not at all. Bit I would rather buy a second ASA to have also redundany in DMZ/Internet access (check licensing before you buy...)

Hope it helps.

Regards

Frank

Frank,

thats brilliant...one more thing, the uplink from the access (2960) switches to the core (3750) I assume this etherchannel link with be a trunk to facilitate the inter VLAN routing?

Thanks again for your help

Hello Steve.

Sure, it must be a trunk. As the 2960s don't support ISL, it'll be a dot1q trunk.

Regards

Frank

PS: You may want to consider this document:

Document ID: 13608

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080

120f48.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: