Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
2
Replies

New to Network - Is this topology and understanding correct ? (please help)

SJ K
Level 5
Level 5

‎02-19-2015 11:50 AM - edited ‎03-07-2019 10:45 PM

Hi all,

I am new to network and is currently taking my ICDN1 course, but have no actual hands-on experience beside the short labs lesson in class..

Hence, I will like to take this opportunity to check with gurus here for their advices and to see if my understanding is correct or wrong.

Please pardon me if I ask/make any silly questions or wrong theories.

=========================================================

Refer to below diagram (which I drawn)

mydrawing

Assumptions

Node 1 and Node 2 need to have public IPs assigned by ISP.
Internal and mangement network not reflected Security not a concern, NAT/DMZ not required
Firewall and Router are 2 separate physical device
 

Questions

Q1) is my toplogy and IPs assignment correct base on the assumption above ?

Q2) do we need to assign IPs to Fe0/0 for both firewall and MyRouter ? Must it be using the ISP issued IPs or can it be internal IPs ?

Q3) Can we consider MyRouter Fe0/0 and below = 1 broadcast domain/network segment or
MyRouter Fe0/0 to Fe0/0 firewall = 1 network segment and Firewall Fe0/1 and below = another network segment ? and why ?

 

I am thinking of how does a IP packet transfer from node1 to the internet. Let's say node1 send a packet to 8.8.8.8

[src ip=202.156.1.4][dst ip=8.8.8.8][src mac=a.b.c.d][dst mac=a.b.c.f] (packet going from Node1 to the gateway/firewall)
[src ip=202.156.1.4][dst ip=8.8.8.8][src mac=a.b.c.g][dst mac=a.b.c.h] (packet going from the Firewall to the MyRouter)

Q4) How does firewall know which interface it must exit on the next hop ?
Is there a routing table in Firewall ? Does the Firewall has a default gateway , or it has a default route ?

Q5) Since the firewall is connected to MyRouter directly, how does it know the MAC address of MyRouter and vice versa ? Can we do ARP request without going through switch ? Is the MyRouter physically connected to the switch or to the Firewall ?

Hope some kind gurus here can enlightened me.

Thanks

Labels:
0 Helpful
2 Replies 2

Roberto Kippins
Level 1
Level 1

‎02-23-2015 11:29 AM

Hi this is incorrect because you are given a /24 subnet from your isp and you are using it throughout the whole network even though you have multiple devices connected. The connection between you and the isp is one network, this is usually a /30 network, the connection between the router and the firewall could be one network depending on which mode the firewall is operating, if in routed mode the connection between the firewall and the router will need to be on a separate subnet, if in transparent mode they can be on the same subnet as well as the the nodes. In transparent mode the nodes will use the router as the gateway, in routed mode the nodes will use the firewall as the gateway and the firewall will then use the router as it's gateway.

0 Helpful

nickswilliams
Level 1
Level 1

‎03-11-2015 03:26 PM

Hi Szejikoh,

I see several issues with what you have illustrated, but more on that in a sec.  You mention in your Assumptions section security is not an issue.  If it's not then why complicate things with a Firewall?

Q1)It is, but more on that in a moment.

Q2)You're contradicting here what you've said.  You mention NAT/DMZ is not required but you cant have private IP ranges in a External environment.

Q3)Everything inside of the Router interface fe0/0 would be a Broadcast domain, however, it's unlikely a Firewall would allow Broadcasts, so more likely everything inside of the Firewall would be 1 Broadcast domain, the firewall to your Router would be 1 Broadcast domain and the network between your Router and the ISP Router would also be a Broadcast domain.  Remember: Routers can forward Broadcasts so everytime you hit a router the Broadcasts stop.

Q4)It would likely have a default gateway, much the same as the Router connected to the ISP would have.  Your Router would be unlikely to have a routing table as it's only exit (or next hop) is the ISP Router.

Q5)The Firewall interface would do an ARP to find the next hop MAC address.  You don't need a switch to do an ARP request.

Ok, but onto my point; you just wouldn't set up a network like this.  You could have all devices using external IP's (as you have done) but then what is the point of the firewall or router?  If this were a 'real world' network you'd likely have a /30 network between you and you're ISP (unless you needed more external addresses for whatever reason).  You'd then have another network (again probably /30) between your Router and the fe0/0 interface of the Firewall.  The Firewall would be the Default Gateway for all devices Internal to it.  You'd use an Internal network range for everything this side of the fe0/1 interface.  You can then use the Firewall to filter inbound or outbound traffic as you see fit or do PAT, depending on what you need.

I hope my answers make sense, if they don't please just ask.

Nick.

Good luck with the rest of your course.  Do as MANY labs as you can, do you have Packet Tracer?  This will help massively with your understanding of how networks work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card