We are redesigning our network from scratch. We are hosting our devices at a datacentre which is around 500-700 mtrs away from the HO. There will be a fiber running from the DCR to the HO. Total Users on the network will be around 70-100 and they will be in a windows domain environment. I am planning the following at the DCR:
1. Install a cisco ASA for firewall and VPN services.
2. I will install a Cisco L3 switch. I will be creating 01 vlan for the Servers, 01 vlan for the Data Circuits and 01 vlan for clients at the HO.
Issue: I am not sure what switch should I install at the HO? Currently there is a unmanageable 3com switch at the HO. Also should I have separate subnets for the HO users and the restaurants users or should I put them all on one class B network.
I would just put another 3560 with the correct fiber module at the HO. I suggest the 3560 if you wanted to subnet the hosts in that building it could be done on that switch. If there is just 75-100 users, it's really a matter of opinion to break them up into subnets. I would subnet based off either department or each floor of the HO building.
For the restaurant users connecting via a VPN they should most definitely be separate subnets. If they are not it may cause routing issues, as in the remote host will think that the server is local and not try to send the packet thru the router to the DCR.
while looking at your diagram, It is possible to manage your network with one 4506 followed by couple of 3550 switch. Its better to design the network after studying traffic load, corporate policies and the functional area within your company.You can configure your 4500 switch to route traffic among the vlan in the network and can apply access lists as well. But this is the just simple design that you can go with.
It's good to have a 3560 switch, you can have a lot of security features that come with it and moreover you can apply filtering also.
To separate users into groups really depends on whether you have different access policies for the HO Users and the restaurant users. To group them into different subnets/vlans would help you to have policies for each vlans, if the access policies are same then there's no need to have different subnets.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...