Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1233
Views
0
Helpful
7
Replies

Network design recommendation

phlitservices
Level 1
Level 1

‎02-18-2009 03:41 PM - edited ‎03-04-2019 03:38 AM

Hi Guys,

Basically I'm tasked with turning my 40 site layer 2 network (T1 layer 2 connectivity per site) into a routed layer 3 network as I currently have issues with broadcasts saturating the links plus the network is open to my service provider as there is no encryption on the links… I'm simply only thinking of two things at the moment as my budget is extremely tight:

1> Eliminate broadcast by replacing the fully switched network with a routed network

2> Data Security (VPN connections back to the main office)

VOIP would be very beneficial to us at the moment but we simply can't afford it now and we are also locked into a contract with our Telecom provider (PSTN services) that runs for another year and a half.

What should I do? I'm thinking of purchasing the 861 routers (security bundle) for the 40+ sites and connect them back to my main office (which also has a 2821 security bundle) through a VPN.

This would eliminate the two issues I stated above but the other problem is integrating VOIP services into the network a year or so from now, I simply don't want to remove and replace all these routers come mid 2010 or so… We tried to convince management to go VOIP but our IT budget is being slashed at almost every second with this economic storm at hand… How do you build a future proof network on a limited budget :-) ? Let me know your thoughts….

Thanks,

Donavan

Labels:
0 Helpful
7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-18-2009 05:52 PM

T1 L2 at remote sites? Could you explain what device at the remote site is connecting the LAN to the T1 and providing L2? Also could you explain how the HQ site also connects? (For instance, it has 40 T1 connections?)

Yes, your service provider can examine your traffic but although it's certainly possible, building VPNs to exclude your service provider traffic content access would raise both the complexity and performance requirements for your network. Unless you really need to secure all your traffic from your provider, you might consider sending just encrypted files across the network, as necessary. (Also helps to preclude server admins and local network engineers from access to data content too.)

0 Helpful

phlitservices
Level 1
Level 1
In response to Joseph W. Doherty

‎02-18-2009 06:38 PM

Thanks for your response Joseph, basically my service provided gives me a dedicated 1Mb connection L2 connection... The only info I obtain from them is the VLAN ID for each remote site, at the main office router I use sub-interfaces on my 2821 ISR to terminate each remote connection....

At each remote site I currently have a L2 switch and a max of 6 hosts at each remote location..

Also, at the central location we have a 6Mb connection...

Donavan

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to phlitservices

‎02-18-2009 06:44 PM

And at the remote site, is the router owned by the provider?

0 Helpful

phlitservices
Level 1
Level 1
In response to Leo Laohoo

‎02-18-2009 06:51 PM

Yes, the L2 switches at the remote sites belong to the SP...

Thanks - Donavan

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to phlitservices

‎02-19-2009 04:51 AM

What had confused me what your description of L2 T1. You handoffs are Ethernet then? 10 Mbps?

Are the 40 Vlans connected to your HQ router as different subnets? If so, your current HQ router acts as a routing hub between HQ and between all remote sites?

I'm trying to understand your topology better. If the topology is multiple Vlans off the HQ router, each as a subnet, broadcasts should be contained per Vlan segment. The only broadcast issue for such a topology should be physical volume hitting the HQ router's ingress. Remote site routers would constrain that. It's also possible, depending on topology, you could implement site routers downstream of your provider's switch. (BTW: L3 doesn't have to be all or nothing, you might start with L3 at the busiest [broadcasting] remote sites.)

The 861 you've mentioned might be a good candidate, as also might be the 871 if you want to pursue building VPNs. However, I have little experience working with the 800 series, and if you did want to pursue VoIP, unsure they offer all the features you would really want. (Also, since you oversubscribe the HQ link, VoIP performance couldn't be guaranteed [40 Mbps to 6 Mbps].)

0 Helpful

phlitservices
Level 1
Level 1
In response to Joseph W. Doherty

‎02-19-2009 05:41 AM

You are correct, 1Mbp Ethernet connections per site and each site (VLAN) is terminated on the HQ router as a subnet..... Thanks for your response....

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-18-2009 07:42 PM

How do you build a future proof network on a limited budget?

You can upgrade the current network with limited budget - future proofing for the next 2-3 years instead of 3-5 years.

You are caught in a dilema: With a tight budget, you choice of getting an affordable switch (perhaps 2960) as compared to a future-proofed model (3560/3750 PoE). Another option is, do you need an upgrade? Can you or the client wait until the financial condition improves and maybe the budget wouldn't be so difficult? Maybe wait until the SP's contract expires, perhaps?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card