Greetings, i have recently rolled out a scenario such as the one described above to a managed service office, all went smoothly but we have recently been approached by several companies wishing to do the same in light of the recent financial crisis more and more people are moving into rented office space instead of purchasing there own premises or taking out extended leases.
As such im trying to put together a template defining how such an office can be deployed in an efficient manner whilst providing concurrent voice and data services to tenants. Cisco CME w/ CUE or CCM /w Unity will be used for telephony services for all the office and of course isolation of data networks between offices is crucial.
My current design encompasses the following:
10Mb/s Ethernet bearer /w between 4 and 10Mb enabled on the circuit.
Said connection terminates on a Cisco 1841 ISR Router which is in turn connected to the outside interface of either an ASA 5505 or 5510 dependant on the number of users within the centre.
The internal network consists of between 2-9, 48 Port PoE Cat3750 series switches depending on the number of users.
Anything upto 100 offices with between 2-10 people in each office each user is provisioned with a Cisco 7941G IP Phone that will also be used to handle wired desktop and laptop Ethernet connections.
Each office will be assigned a voice vlan and access vlan relating to the office number:
Eg: Office 21 will use Access Vlan 221 and Voice Vlan 321
Each will also be assigned it's own network for voice and data
Eg: Office 21 will use Data Network 172.31.21.0 and Voice Network 172.30.21.0
Now this is the part i am rattling my brains about in regards to how best achieve the end goal.
I want to allow complete separation of the data networks but allow each voice network to be able to talk to the other unhindered so that voice calls can be placed between offices.
For this i have two initial ideas, firstly create an inbound ACL on the switch and apply it to each Data Vlan preventing access from 172.31.21.0 /24 network then creating a less restrictive inbound ACL permitting SCCP, SIP, RTP etc then applying it to the Voice Vlans.
Internet access would be achieved by using a default route on the switch stack pointing to the inside interface of the ASA for example 172.16.1.1
Each office would also use the switch as there default gateway.
Apply the same ACL's as above and create a trunk between the switch stack and the ASA only permitting the DATA vlans on the trunk, then configure each office to use the ASA as the default gateway for internet access. This would give me more flexibility should an office not require internet access or for applying rate limiting etc.
So yes that's where my train of thought is at the moment, any suggestions would be most welcome, I know what id like to achieve but am trying to do my best to keep it simple, stupid!
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...