Help Needed!

Unanswered Question
Mar 8th, 2009
User Badges:

A small business that has two locations with roughly 50 users per location.

Site A is the “Corp” office and houses the Accounting( 4 people ), Marketing( 10 people ), Sales( 10 people ) and Design teams( 6 people ).

Site B is the “Factory” office and houses the Engineering( 20 people ), Testing( 15 people) and Shipping teams (10 people).

The Accounting, Marketing, Sales, Shipping and Design teams need to have access to common and separate Database Servers. One server per team, and one shared server.

The Engineering, Testing and Design teams need to be able to have access to common and separate Database Servers. One server per team and one shared server.

The sites are roughly 20 miles apart.

The Corp site needs internet access for the Marketing teams research.

The Factory site only needs access to the Corp sites infrastructure.

Design and diagram a network to accommodate the requirements stated above given the limited information.

Design should in use at the very least: Routing, Subnetting & ACLs.

Can any1 please help me to achieve the above target?

Thanx a ton in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
marikakis Sun, 03/08/2009 - 08:46
User Badges:
  • Gold, 750 points or more

I am sorry I do not have the time to be more analytic, but I will try to provide some general guidelines:

1) Read the text you just posted, but add the word 'VLAN' on the right of each team name you mentioned (e.g. Engineering VLAN, common VLAN, etc).

2) Normally a VLAN corresponds to a subnet that can accomodate all hosts in the VLAN (consider also any needed router addresses on the same VLAN).

3) Routing between VLANs should be possible since you need also access to common servers, but must be restricted with ACLs to disallow access to VLANs that are not supposed to communicate directly.

4) Routing between sites can be left to simply work without ACLs. Any needed specific policies can be applied at source or destination subnets (on router side interface in VLAN).

5) Exit to the Internet should allow exit for the subnet of the team that is supposed to use the Internet and return traffic for the specific team only.

Ok, it seems I was somewhat analytic. This keeps happening to me :-) Hope I understood well your requirements.

Faizan Shaikh Sun, 03/08/2009 - 09:53
User Badges:


Thanks a lot for the information you have provided. I have the same idea to use vlans. But the task is given with the limited information i have posted.

Can you please help me with commands and configurations to accomplish the task?

Its a challenge and i have to grab the prize :)

marikakis Sun, 03/08/2009 - 10:26
User Badges:
  • Gold, 750 points or more

You need to decide on the networks and subnets first. The commands are rather easy and I will have to ask for other regular members to respond in this case if they can, because I am really busy tonight and I cannot analyze this case further (although what I really think is that you should give it a shot yourself to make sure you actually deserve the prize you are about to receive :-)

Faizan Shaikh Sun, 03/08/2009 - 11:01
User Badges:


Thanx a ton man!

I can't start anyways, I am veryyy new to networking. :D

marikakis Sun, 03/08/2009 - 11:15
User Badges:
  • Gold, 750 points or more

Why everybody keeps calling me a man here? Do not assume you are talking to a man people!

It seems I have time for puzzles:

"A father and son are in a car. The car crashed. The father died. When the doctor saw the boy said: Oh my God, this is my son!" Resolve how is this possible :-)

Needless to say I was I was one of the few people that resolved this right away :-)

marikakis Sun, 03/08/2009 - 11:40
User Badges:
  • Gold, 750 points or more

You need to do your subnetting work first as I stated previously. Then you create the vlans in switches. Then you assign host ports to vlans (access ports). You also connect router to switch (switch can be L3, but I will assume you have a separate router). You create trunk ports for the connected router interfaces on the switch side. On router side you configure subinterfaces for the corresponding VLANs and assign IP address on those router subinterfaces. You create ACLs according to the policies of your network and typically apply them close to source or destination depending on what fits best. You apply the ACLs to router interfaces or subinterfaces.

Do a search on CCO to see how you can create VLANs, access ports, trunk ports, router subinterfaces for dot1q and ACLs. And try to learn how to subnet.


This Discussion