At the moment we are using a flat network with out any VLANS. Since we are going to install some 150 CCTV's we are planning to implement VLANS in the existing network.
At the moment none of the switches are connected using Gig ports. Instead they are connected each switch using the Fast Ethernet ports. In my design is opted for using GIG ports to provide optimal B/W and also for redundancy purpose. I also planned for configuring the Spanning tree protocol.
Can any one suggest me that proposed design will work???. You can also let me know if you have a better ideas or design than this.
One thing I would strongly recommend (and which I do not see in your diagram) is to use a Demilitarized Zone (DMZ) for your servers. This provides a "neutral" zone that can be used for communications between your servers and the public Internet. You can do this by hanging your servers directly off one of your firewall's LAN segments. The advantage of doing this is so that you can:
1. Configure policy on your firewall that will deny connections from the public Internet directtly to your private hosts.
2. Configure policy on your firewall that will let users on the public Internet to connect to your servers on the DMZ network in order to access any public info that you may have.
3. Configure policy on your firewall that will prevent outgoing connections from the DMZ network into the private network and also the Internet.
You gain 2 things by the point 3 above:
1. If your servers are compromised by someone on the Internet, they cannot be used to attack your private hosts behind the firewall.
2. If your servers are compromised by someone on the Internet, they cannot use your server to cause damage to other public internet sites.
With your current setup, you would have the following vulnerabilities.
Thanks for your quick reply Paresh. Highly appreciated for your suggestions. Will work out for the DMZ zone.
Apart from this, just want to know whether the attached VLAN design is feasible??
If its feasible, I am thinking of using STP and Eather channel aggregation. But dt have a clear idea whether the communication will be proper since, this is the first time I am going to implement ether channel??
If you guys have any more suggestion plz let me know .
design is feasible & it works for VLAN, but you havn't mentioned about the main switch & access-layer switch. i would recommend you to use Main switch as Cisco 3550 or 3750, since they have got all gibic ports & access-layer switches as cisco 2950T-24 which has got 24 100Mbps & 2 gibic, so that all access-layer switches can be connected to the main switch with the gibic ports for better performance, also you can implement HSRP for redundant,
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...