You might want to use a simple switch (2950 or 2960 series) to connect everything that should continue to be available when the first 4500 goes down, as this is now a single point of failure. Such a "simple" switch is more likely to stay up in case of a disaster. This switch should be uplinked via Gigabit to both 4500's.
I guess you could cable the first floor switch to the 3800 and you could then still have internet access if your floor 2 switch fails.
It is very uncommon for these switches to fail but you could buy redundant supervisors if you really want to attempt for a zero downtime model.
It depends what level of redundancey you want. With that checkpoint firewall and all that other equipment in your path it is going to cost lots to be able to duplicate all that.
If you just want ISP redundacy you will need to make that change beyond your checkpoint firewall. I assume there is another router of some kind that you do not show. This is the location you need to put your second ISP in. You can then work your way back toward your network duplicating equipment as your go.
If I link the 4500s together, it will provide redundancy in case one fails, correct? Also, my WAN router handles 2 ISPs for Internet redundancy, unless my IDS/firewall/etc. gear fails? Are there any common practices to mitigate this without duplicating the path?
Does it make sense to put firewall/IDS between switches, etc. to prevent spread of attack? (This is a financial institution).
Ive attached updated diagram and VSD, repost any changes if you feel so inclined :)
When I look at your Internet connection, I find there are quite a lot of systems in a single chain. This will of course increase vulnerability. You might want to look at the Cisco ASA to combine several functions in one device. Please check the attached url if you want some design tips and common practices:
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...