Branch LAN design

Unanswered Question
Jun 30th, 2010

Im studying for my CCDA and I dont have the real life practical answer for the following scenario:

A remote site has 10 nodes. The site has multiple subnets/VLANs.

My question are:

Q1. Should I include a layer 2 or layer 3 switch behind the edge router?  e.g WAN---edge router---layer 3 switch ---layer 2 switch ---PCs

Q2. Is there a formula to ensure the subnet alocation will will meet the meet the future expansion? e.g. 3 x 100 nodes for 3 years.

Q3. Should I do intervlan on the layer 3 switch or on the edge router?

Q4. If there are enough public IPs, is it good to use public IPs for all nodes (including PCs)? If NAT is an option, how can I manage the PCs remotely?

Thanks for sharing.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 06/30/2010 - 11:50

Q1. Should I include a layer 2 or layer 3 switch behind the edge router?  e.g WAN---edge router---layer 3 switch ---layer 2 switch ---PCs

Ideally, you would want to do inter-vlan layer3 switching vs routing on the stick. Usually budget dictates which design to go with by nowadays the prize of a L2 switch vs a L3 switch is minimum.

Q2. Is there a formula to ensure the subnet alocation will will meet the meet the future expansion? e.g. 3 x 100 nodes for 3 years.

Rule of thumb is to subnet by using a /24.. Not sure I following this question based on the example provided. What do you mean by 3x100?

Q3. Should I do intervlan on the layer 3 switch or on the edge router?

Answered on Q1. Layer3 switching is much faster.

Q4. If there are enough public IPs, is it good to use public IPs for all nodes (including PCs)? If NAT is an option, how can I manage the PCs remotely?

NAT provides security by obscurity so if you are planning to use routable public IPs, you must implement additional security guidelines as any device on the internet will be able to reach your network. If you are planning to manage PCs from remote, you must implement a VPN in your network.

Regards,

Edison

Actions

This Discussion