In a corporate LAN, where office employees are connected to the inside network; how is the redundancy maintained.
For e.g. if the overall network setup is Active/Passive such as
1. FrontEnd Firewalls (Active/Passive)
2. Firewall DMZ Server farm - Mail/Web Servers
3. Backend Firewalls (Active/Passive)
4. Redundant switches connected on the inside of Backend Firewalls
5. Client PCs connected to the inside switches that are connected to Backend firewalls.
So for point 5, how is the client redundancy maintained with regards to switch pair. Should half of the clients be connected to switchA and other half to switchB. Or should all clients be connected to switchA and switchB be left with empty ports. And whenever switchA fails, all cables be removed and connected to switchB.
As Giuseppe says a client connected with a single NIC is always going to be a single point of failure.
However in answer to your point 5, yes it would make sense to spread the clients across both switches. If your internal users are in different departments it also makes sense to spread the dept pc's across the 2 switches so no one dept is isolated if there is a switch failure.
Note that there is a lot to be said about switch/firewall redundancy, whole books have been written on those subjects, but that wasn't what you were asking.
And in the end it all boils down to money, i.e. how much money will your company be willing to spend on duplicate switches in the access layer etc. compared to the statistical risk of switch failure and time to have a spare switch installed.
So in the end, there's no simple answer to this question. For some situations a downtime of half an hour is acceptable while it will cost tens of thousands of dollars for other companies to have a downtime for users in half an hour (perhaps exaggerated a little to make the point...).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...