Help Setting Up a Cisco Based LAN

P

PawNtheSandman

[H]ard|Gawd
Joined
Mar 13, 2003
Messages
1,410
I need some help for a class project.

I have an to set up the LANs for 4 different office sites and then set up the WAN. An example of a site is:

1000 Users
10 Servers with 10/100/1000 nics
and 128k access to the internet

I am suppose to put together a proposal for the office. I can handle the IP scheme and the routing, but it needs to be set up for IP phones. I know nothing about IP Telephony and we weren't taught anything about it in the class, so I have no idea where to start with this. I also don't know what series switches and routers to use. I'd also have to implement PIX Firewalls.

I am assuming that with say with that one site with 1000 users, I would need like 20 switches and a few routers. And then those go to another switch, then to the router. I'd have the servers in a DMZ behind a PIX firewall with another switch. And link that switch to the router which would then go to the ISP.

This whole project is way over the head of the class, so I'd appreciate if someone could send me some good links on VOIP. If I have 1000 users and want them to have IP phones, does that double the IP's and nodes on my network? Etc..

I really have no clue where to begin on this. Any help pointing me in the right direction is appreciated.
 
* If you read this before my edit please disregard what I said. Somehow I missed the "class project" part when I read it. *

To answer some of your questions:
Yes your IP phones will use an address so you will need double the addresses. You should probably go with 172.16.xxx.xxx/16 addresses. Theoretically you will have 65,534 addresses to work with on each subnet.

Cisco training barely covers VOIP unless you are specifically wanting to pass the VOIP tests. When I was obtaining my CCNP we touch on IP Telephony maybe as 1 page of 1 module in the Remote Access class.

I wouldn't wish 128k access to the net on a company as small as 10 users much less one the size of yours. The circuit will not be able to sustain the Internet needs unless you don't allow them to the Internet for general surfing.
 
Like I said, this project is way over the head of the class. It is for the Introduction CCNA class to prepare for the 640-821 test. At least I have some network experience, at least half the people in the class have never touched a network or a router until this class.

I figured the phones need their own address, but does this mean I now need double the switches?
 
Ack you did read my reply before I edited it. Please accept my apologies but I thought you were tackling this for your own company.

The IP phones have a built-in switch. You plug the phone into your data jack and then your computer plugs into the phone so you don't need to double your ports.
 
Ok, so do I need VOIP capable switches if there is such a thing? So each computer and phone will have 2 ips but use one cable that goes into 1 port of the switch? Would I have to assign 2 consecutive IP's to each user IE: one ip to UserA's phone, and the next ip to their PC?

Also what series Switches should I be looking in?
 
Yes, you will only need 1 switchport for each IP phone and computer.

You don't need consecutive addresses. Just use DHCP to handle addresses. If there is any reason for the phone and computer to communicate then the phone knows what MAC address is plugged into it and then the Cisco software on the computer can communicate with that phone.

The switches and routers will need to be capable of QoS and VLANs. Catalyst 3550 and better would be good choices.

I have actually been looking into Cisco VOIP for my company. On Monday I can look at the quotes I have and tell you what equipment is on them. I have a corporate office with 3 regional offices and then some other satellite offices so my scenario sounds close to what you have.

Theoretically how many sites and how many users do you have at each site?

This is pretty deep stuff for the CCNA level but if you can learn at this level then the CCNA/CCDA will be a breeze.
 
PawNtheSandman said:
Ok, so do I need VOIP capable switches if there is such a thing? So each computer and phone will have 2 ips but use one cable that goes into 1 port of the switch? Would I have to assign 2 consecutive IP's to each user IE: one ip to UserA's phone, and the next ip to their PC?

Also what series Switches should I be looking in?
Click to expand...

No, you do not need "VoIP capable switches"... however, you might think about spec'ing out switches that support "Power over Ethernet". Many VoIP phones support PoE; in this case, the switch puts power over the network cable so that you dont need to use a power adapter on the end device itself.

Many phones also have a built in 2-pt switch, so the phone can be plugged into the LAN and the PC into the phone, so both devices only use a single network line. If I were spec'ing out a new project, I would run a line for each device those and not share in this manner. This might be going beyond the skills for the CCNA course, but I would also put the VoIP phones on their own switches and subnets, so that problems with the normal LAN are less likely to affect the phones.

I'm in a hurry, so I'll end this here.... just a couple of thoughts.

Good luck.
 
Thanks for the help. Here are some specifics

Main Office
10 Servers with 10/100/1000 nics
1000 Users
128kb internet access

Field Office
2 Servers with 10/100/1000 nics
100 Users
56kb internet access

Field Office
3 Servers with 10/100/1000 nics
200 Users
128kb access

Out of State Field Office
5 Servers with 10/100/1000 nics
250 users
128kb

The internet access is my partners problem, they will be calling local isps to get quotes for access to set up the wan. I am thinking we would have T1 backbones in each office, with T1 internet access.
 
Yea those Internet speeds are so mid-90's ;)

So are you thinking a point-to-point T1 connecting each office to corporate and then an additional T1 for Internet access at corporate and each office?

My setup is not as large as yours so the equipment I have been quoted may not be enough.

I have 100 at my corporate and the remotes have 10 - 20 each.

A T1 is still a little skinny for that many users at each office. It probably will not work for VOIP purposes even with QoS unless it the only data going over the T1.

What you might do is contact your Cisco representative for the area. He may be able to help you with the basic layout. But remember he is making a living at selling this solution and he is going to go further and put the sell onto your company that you are helping (double-edged sword).
 
This is a school project, money isn't an issue. I don't want to contact a Cisco rep.

I was thinking a T1 connection within each Lan, then a T1 connection from LAN to LAN via the ISP.
 
Ok, looking at my notes:

For my corporate office:
Callmanager Publisher server
Callmanager Subscriber server
Unity 4.0 software with Voicemail
2821 Router with Voice Bundle, 1 PRI, 2 FxS, and 4 FxO ports
3560 48 port router with PoE
7940 IP Phones for general use
7960 for executives and receptionist
7912 phone for front entryway and any outside use areas

For my remote offices:
2801 Router with Voice Bundle, 2 FxS, and 4 FxO ports
3560 24 port switch

I might put in some wifi phones (7920) but I am undecided about that as of yet.

This is the solution put together for me but like I previously stated I have a smaller operation than your project is going for.

I have T1s to the Internet at each office connected back to my corporate office by VPN over a MPLS network. At my corporate office I have 2 Internet circuits - a 2.5 Mbps and then a backup 3 Mbps circuit that also provides my voice lines.

Sometimes my corporate Internet lines get saturated which is why I was saying that you may want to look at either a fractional DS-3 or bonded T1s for at least the location with 1000 users.

Let us know if you have any more questions. I may not know all the answers because I am still learning about the voice side to this.
 
Bean Dip said:
Ok, looking at my notes:

For my corporate office:
Callmanager Publisher server
Callmanager Subscriber server
Unity 4.0 software with Voicemail
2821 Router with Voice Bundle, 1 PRI, 2 FxS, and 4 FxO ports
3560 48 port router with PoE
7940 IP Phones for general use
7960 for executives and receptionist
7912 phone for front entryway and any outside use areas

For my remote offices:
2801 Router with Voice Bundle, 2 FxS, and 4 FxO ports
3560 24 port switch

I might put in some wifi phones (7920) but I am undecided about that as of yet.

This is the solution put together for me but like I previously stated I have a smaller operation than your project is going for.

I have T1s to the Internet at each office connected back to my corporate office by VPN over a MPLS network. At my corporate office I have 2 Internet circuits - a 2.5 Mbps and then a backup 3 Mbps circuit that also provides my voice lines.

Sometimes my corporate Internet lines get saturated which is why I was saying that you may want to look at either a fractional DS-3 or bonded T1s for at least the location with 1000 users.

Let us know if you have any more questions. I may not know all the answers because I am still learning about the voice side to this.
Click to expand...


I recommend using Bean Dips parts list and notes as a general blue-print for your project.

Also, what's the scope of work on your project (full infrastructure or are you assuming a pre-existing setup)? Are you going to need labor for your quote? I know you've got to draw the line somewhere so the project presentation is managable, I suggest you assume a full pre-existing setup similar to this:

Main Office
10 Servers with 10/100/1000 nics
1000 Users
128kb internet access

25-30 CAT 3550's
2 CAT 4506's
2 PIX 515's
At a minimum: 1 T3


Field Office
2 Servers with 10/100/1000 nics
100 Users
56kb internet access

3-4 CAT 3550's
1 2811 Router
At a minimum: 2 T1's


Field Office
3 Servers with 10/100/1000 nics
200 Users
128kb access

6-7 CAT 3550's
2 2811 Routers
At a minimum: 4 T1's


Out of State Field Office
5 Servers with 10/100/1000 nics
250 users
128kb

8-9 CAT 3550's
1 3825 Router
At a minimum: 4-5 T1's


I'm no expert, but I think this may be a somewhat realistic expectation as to what the pre-existing setup might look like (for a company that uses the internet a fair amount and has some webservers). Anyone who see's any mistakes or has some criticism here is encouraged to point it out. Let's make this guy's teacher go :eek: :eek: :eek:
 
The Wi-Fi phones are not known to work well (7920). I've seen only a few select actually work consistently. Just my .02
 
Blitzrommel said:
The Wi-Fi phones are not known to work well (7920). I've seen only a few select actually work consistently. Just my .02
Click to expand...

I use them in a warehouse environment. They work flawlessly.

Surprised I haven't seen many mentions for NVPN connection w/ larger pipes than the standard 1.544 T1 bandwidth they come with.

Megabyte had a good recommendation with exception to the one site having the 3825 router and one site having 2 2811 routers. You can drop the 3825 and move one of those 2 2811's over to that site. You can pack a lot into the 2811's.

The 3550 switches are only capable of Cisco pre-standard PoE. The 3560's are capable of both pre-standard and 802.3af. You don't need the 3560's if you use the 7940/7960 IP phones (they're spec'd for pre-standard poe, not 802.3af). The 7941/7961 use 802.3af and/or pre-standard poe. That would require the CAT 3560.
 
Teacher said there is no current wan. Also assume nothing.

So our group is even pricing server racks, keyless entry into server rooms, then any servers we might need.

This is one of those projects that is way beyond the realm of the class and can prettymuch go on forever as far as what is needed and cost.

I appreciate the help so far.
 
PawNtheSandman said:
Teacher said there is no current wan. Also assume nothing.

So our group is even pricing server racks, keyless entry into server rooms, then any servers we might need.

This is one of those projects that is way beyond the realm of the class and can prettymuch go on forever as far as what is needed and cost.

I appreciate the help so far.
Click to expand...

I would say so, why is the professor making you do this when this is more like ccnp stuff and not ccna sem 1.... Anyway what all do you have so far and what else do you need, maybe i can help you come up with some stuff
 
I will post what we have so far later on tonight.

Right now, I am tackling the LANs and my partner is working on the ISP and WAN situation. Once we settle that, we can tackle the server racks, keyless entry, labor, cabling, etc.
 
megabyte said:
Main Office
10 Servers with 10/100/1000 nics
1000 Users
128kb internet access

25-30 CAT 3550's
2 CAT 4506's
2 PIX 515's
At a minimum: 1 T3


Field Office
2 Servers with 10/100/1000 nics
100 Users
56kb internet access

3-4 CAT 3550's
1 2811 Router
At a minimum: 2 T1's


Field Office
3 Servers with 10/100/1000 nics
200 Users
128kb access

6-7 CAT 3550's
2 2811 Routers
At a minimum: 4 T1's


Out of State Field Office
5 Servers with 10/100/1000 nics
250 users
128kb

8-9 CAT 3550's
1 3825 Router
At a minimum: 4-5 T1's
Click to expand...

Ok, I have some questions. I will split the servers into their own DMZ from their local lan. How come you don't have a Router at the 1000User site? I have the 1000 users connect into the 3550 switches, and then those switches into the 4506. Shouldn't I have the 4506 then go to a pix firewall and then the DMZ pix firewall both go into a router to then go to the ISP?

Shouldn't each site have their own PIX firewall?

Also you recommend 4x T1's to an office. That is 4 T1's from the ISP right? those would go into the router which would then connect to a 3550 switch, which would then go to a 3550 switch that is in theory placed on every floor?

If the LANS are already wired for cat5, would I have to rewire the LANS? Or can I reterminate the existing cabling to be up to cat5e standards?
 
PawNtheSandman said:
Ok, I have some questions. I will split the servers into their own DMZ from their local lan. How come you don't have a Router at the 1000User site? I have the 1000 users connect into the 3550 switches, and then those switches into the 4506. Shouldn't I have the 4506 then go to a pix firewall and then the DMZ pix firewall both go into a router to then go to the ISP?
Click to expand...

The Cat 4506 and 3550 are both Layer 3 switches which means that they are capable of routing IP with the right IOS. In a network that big it takes a bottleneck out because routing is done in the switching fabric without having to transfer the packets to another device.
 
PawNtheSandman said:
I will split the servers into their own DMZ from their local lan.
Click to expand...

You do that, your pix will become the bottleneck for your users. Perhaps simple ACL's will do the trick on your core.
 
so how would the diagram look like?

I have the ISP come into the router then to the firewall, then to all the switches which have both the user switches and the switch which has the servers into it?
 
damn, sounds like your prof is trying to get you to do his job for him and design someones network lol
 
PawNtheSandman said:
Site 1: Main Office
10 Servers with 10/100/1000 nics
1000 Users
128kb internet access

Site 2: Field Office
2 Servers with 10/100/1000 nics
100 Users
56kb internet access

Site 3: Field Office
3 Servers with 10/100/1000 nics
200 Users
128kb access

Site 4: Field Office
5 Servers with 10/100/1000 nics
250 users
128kb
Click to expand...

Ok this is what I have so far, but I still am a long way from done.


Site 1:
1x T3 Connection to ISP and within
26x Cisco 3550EMI 48port Switches
2x Cisco 4506 10port Switches
2x Cisco 515e Pix Firewalls

Site 2:
2x T1 Connections to ISP and within
3x Cisco 2550EMI 48port Switches
1x Cisco 2811 Router
1x Cisco 3550 Series 10port Switch

Site 3:
4x T1 Connections to ISP and within
5x Cisco 3550EMI 48port Switches
2x Cisco 2811 Routers
1x Cisco 3550 10port Switch

Site 4:
4x T1 Connections to ISP and within
7x Cisco 3550EMI 48port Switches
2x Cisco 3825 Router
1x Cisco 3550 10port Switch


Ok now my questions.

1. Should each individual site have their own PIX firewall?
2. How is the layout going to look? IE: for site 4, would each Router recieve 2 T1 connections, then those 2 routers connect to the 10 port switch which goes to the 7 switches? Site 1 is troubling me as I don't know if the T3 should go to the router, then from the router to the firewall then to the 4506 switches then to the 3550's?
3. I know I specified T1 and T3 connections, but that is a direct serial connection? How would the 4 sites be set up so the WAN is a Serial to Serial connection through the ISP. I know the ISP would be the DCE and let me know the clockrate to set the routers to.
4. Cabling. IE: for site 1. If I have all the equipment in one server rack, will the cabling be able to reach the 1000 users without the need for repeaters, or other equipment?
5. I'm assuming the switch to switch connections would be fiber?
6. I plan to use EIGRP as my routing protocol, any problems? Other solutions I should add?
7. I am keeping the the current 56 and 128kb connections as a backup should the T1/T3's go down. Good idea?
8. Although we are not implementing IP Telephony, our project assumes they will do it next year. But we are setting it up so all they need to do is buy the phones. I have the 4506 switches at the main site, would each LAN need their own IP Telephony setup, or could they all just connect to Site 1 through the WAN connection through the ISP?
9. Routing scheme. I will go with the 172.16.0.0/16. I should be using DHCP right? DHCP with a permanate reservation of addresses for the switches, routers, etc. The user PC's and IP phones would be the only nodes recieving random, and revolving IP's.
10. How should I subnet each site? I'm thinking site 1 needs 2500 IP's, site 2 300, site 3 550 and site 4 650 ips. How would using the formula 2^n-2 help me split them properly?
11. Each site would have their own DHCP server with reservations and then a range using the answer to question 10?


I am pulling my hair out with this project. I could read the cisco book and study for a month or 2 and probably pass the beginning CCNA half exam, but this project is for a college class so I need to complete this in a few weeks.

I appreciate all help, suggestions and even chewing my ass out.
 
Wow that is a lot of technical info that you are asking.

Is your teacher requiring this? You need to scale back and focus on learning the basics before jumping into the deep end or you are going to burn out and fail the CCNA.

The fact that you are asking us how to subnet confirms this. That should be the easy part.

If your teacher thinks you are ready for this then I don't know what to say but I used to be a high school teacher and I knew what level my students were at so I could challenge them in a stairstep fashion without overloading them.
 
PawNtheSandman said:
1. Should each individual site have their own PIX firewall?
2. How is the layout going to look? IE: for site 4, would each Router recieve 2 T1 connections, then those 2 routers connect to the 10 port switch which goes to the 7 switches? Site 1 is troubling me as I don't know if the T3 should go to the router, then from the router to the firewall then to the 4506 switches then to the 3550's?
3. I know I specified T1 and T3 connections, but that is a direct serial connection? How would the 4 sites be set up so the WAN is a Serial to Serial connection through the ISP. I know the ISP would be the DCE and let me know the clockrate to set the routers to.
4. Cabling. IE: for site 1. If I have all the equipment in one server rack, will the cabling be able to reach the 1000 users without the need for repeaters, or other equipment?
5. I'm assuming the switch to switch connections would be fiber?
6. I plan to use EIGRP as my routing protocol, any problems? Other solutions I should add?
7. I am keeping the the current 56 and 128kb connections as a backup should the T1/T3's go down. Good idea?
8. Although we are not implementing IP Telephony, our project assumes they will do it next year. But we are setting it up so all they need to do is buy the phones. I have the 4506 switches at the main site, would each LAN need their own IP Telephony setup, or could they all just connect to Site 1 through the WAN connection through the ISP?
9. Routing scheme. I will go with the 172.16.0.0/16. I should be using DHCP right? DHCP with a permanate reservation of addresses for the switches, routers, etc. The user PC's and IP phones would be the only nodes recieving random, and revolving IP's.
10. How should I subnet each site? I'm thinking site 1 needs 2500 IP's, site 2 300, site 3 550 and site 4 650 ips. How would using the formula 2^n-2 help me split them properly?
11. Each site would have their own DHCP server with reservations and then a range using the answer to question 10?
Click to expand...

2) Your router will have 2 WAN interfaces so you only need 1 router. You can either bond the T1's together or configure one as the primary and the other as a backup.
3) Usually you contact your provider and find out what they provide. Most will give you a serial connection that you plug into your CSU/DSU card. Some with give you an Ethernet connection and you have to change your modular equipment for that.
4) For site 1 with 1000 users you probably will not be able to cable everything from the MDF. You will need to provide IDF distribution points so you do not go over the 300 meter range.
5) Switch to switch should be gigabit - you can use ethernet or fiber
6) EIGRP is the preferred protocol unless you are talking with non-Cisco equip. In that case OSPF is the next best to use.

I need to get back to work. I'll see if I can answer the others later.
 
Thanks alot.

This is the beginning to CCNA which is the class for the first test for the 2 part CCNA exam. Like I keep saying, all of this is required for the project and it is over many people's heads.
 
Sorry to hear that it is required. Being in the shoes before I always try to give the teacher the benefit of the doubt but in this case I cannot.

1) I have never messed with Pix before. I typically use ACL to block everything incoming except necessary services.

3b) Most ISPs provided the clocking nowadays. The latest IOS's typically autodetect and set the clockrate off this.

7) If you want backup lines then they need to be capable of supporting the network. 56/128Kb and T1/T3 are in a whole different class. Those small lines will not support the infrastructure and I would not bother with them.

8) You could do it either way. You can either run it all from the main site or have Unity servers at each site. This is where it becomes cost vs complexity... you can save money by only putting servers at the main site but what if you lose connectivity to it, or you can spend the $$$ and put servers at all sites but then you have to do all the extra programming for them.

9) DHCP is only for the workstations/non-dedicated devices. Servers, routers, switches, access points, print devices, etc should all have a static address based on some type of grouping scheme. I would hardcode static addresses and not depend on DHCP reservations because sometimes that goes fruity or your DHCP server may be down.

I'll answer #10 in another post. <need a break>
 
10) Ok if you are using 172.16.0.0 /16 you have 1 subnet with 65534 hosts

172.16.0.0 network
172.16.0.1 first address
172.16.255.254 last address
172.16.255.255 broadcast

To subnet you "borrow a bit" from the subnet mask. That is what the n in 2^(n-2) is. If you haven't learned how to convert to binary and seen the relationship then I would definitely put everything else aside and focus on that. Once you understand it (the light bulb goes on) then it all makes sense and is much easier. Easiest to use the Class C 192.168.xxx.xxx to learn it.

For example you can subnet your 172.16.0.0/16 network by borrowing a bit and you have 172.16.0.0/17 which splits the /16 network into 2 subnets with 32766 hosts.

1st subnet
172.16.0.0 network
172.16.0.1 first address
172.16.127.254 last address
172.16.127.255 broadcast

2nd subnet
172.16.128.0 network
172.16.128.1 first address
172.16.255.254 last address
172.16.255.255 broadcast

Now that you have the 2 networks then you could further "borrow a bit" to segment the networks.

Such as for the 1000 user site you can have a network with 2046 or 4094 hosts. Since you specify 2500 then you need to use a minimum of 20 bits (255.255.240.0) for 4094 hosts. For the simplicity I would recommend using 19 bits (255.255.224.0) for all 4 sites.

Site 1
172.16.0.1/19
172.16.0.0 network
172.16.0.1 first address
172.16.31.254 last address
172.16.31.255 broadcast

Site 2
172.16.32.0/19
172.16.32.0 network
172.16.32.1 first address
172.16.63.254 last address
172.16.63.255 broadcast

Site 3
172.16.64.0/19
172.16.64.0 network
172.16.64.1 first address
172.16.95.254 last address
172.16.95.255 broadcast

Site 4
172.16.96.0/19
172.16.96.0 network
172.16.96.1 first address
172.16.127.254 last address
172.16.127.255 broadcast

Then you also have 4 more networks for future sites plus future growth at the current sites. There are a variety of ways you can do this as long as you do not overlap any subnets.
 
PawNtheSandman said:
1. Should each individual site have their own PIX firewall?
2. How is the layout going to look? IE: for site 4, would each Router recieve 2 T1 connections, then those 2 routers connect to the 10 port switch which goes to the 7 switches? Site 1 is troubling me as I don't know if the T3 should go to the router, then from the router to the firewall then to the 4506 switches then to the 3550's?
3. I know I specified T1 and T3 connections, but that is a direct serial connection? How would the 4 sites be set up so the WAN is a Serial to Serial connection through the ISP. I know the ISP would be the DCE and let me know the clockrate to set the routers to.
4. Cabling. IE: for site 1. If I have all the equipment in one server rack, will the cabling be able to reach the 1000 users without the need for repeaters, or other equipment?
5. I'm assuming the switch to switch connections would be fiber?
6. I plan to use EIGRP as my routing protocol, any problems? Other solutions I should add?
7. I am keeping the the current 56 and 128kb connections as a backup should the T1/T3's go down. Good idea?
8. Although we are not implementing IP Telephony, our project assumes they will do it next year. But we are setting it up so all they need to do is buy the phones. I have the 4506 switches at the main site, would each LAN need their own IP Telephony setup, or could they all just connect to Site 1 through the WAN connection through the ISP?
9. Routing scheme. I will go with the 172.16.0.0/16. I should be using DHCP right? DHCP with a permanate reservation of addresses for the switches, routers, etc. The user PC's and IP phones would be the only nodes recieving random, and revolving IP's.
10. How should I subnet each site? I'm thinking site 1 needs 2500 IP's, site 2 300, site 3 550 and site 4 650 ips. How would using the formula 2^n-2 help me split them properly?
11. Each site would have their own DHCP server with reservations and then a range using the answer to question 10?
Click to expand...

1. I would avoid the PIX at each site as that's that many more points of Ingress to your network from the Internet to monitor. It's much easier monitoring a single WAN link than it is 4.

2. Typically you're going to run Router-> Switch (assuming you're across WAN links not the Internet, otherwise you're putting Router>PIX/ASA>Router>Switch

3. Ask the ISP.

4. Without a physical drawing of the building it's impossible to say. I'd recommend carrying a sideline cost for some GBIC's and Fiber runs to some remote switches if you really want to cover yourself.

5. With Gig-copper it's really up to you. If you're supporting 1000 users in a single building and can run all your cables to a single distribution point, I'd probably look at a 6500 of some sort with the required blades. It's going to be much more compact and you get to run everything through the backplane instead of the occasional 100/1000 bottleneck between fiber etc. Barring that, the 3750 series fo switches are super sweet. They come with stacking cables that run at the full backplane speed of the switch and you can add more switches on the fly. Once added they all look and behave like one ginormous switch.

6. EIGRP is fine. Assuming it's a completely homogenous Cisco network anyway. If you start throwing other vendor's gear in you might want to consider something a bit more vendor neutral- ie. OSPF. Really however, given the topology (star) you should be able to do all of this with some static routes.

7. If the T3 goes down, I'm not sure what you'd push across the 56/128k link that would be meaningful. Redundancy is good, but a 56k link requires a completely different type of WIC card than does a T-1, which is different than a T-3. Tracking that many different pieces of gear internally to the company can be a PITA. Truly robust back-up's for WAN connections are tough. You can get 2 T-1's but you can't do it from the same Vendor (if 1 is dead the 2nd probably is too). You can get it from 2 Vendor's but 1 of they can't be a ILEC and a CLEC (the CLEC is just going to lease lines from the ILEC and you're back to problem 1). If you get to T-1's from two Tier-1 providers, they're probably coming in the same Conduit, from the same pole, on the same street... a single bad swipe of a back-hoe still knocks everything out despite all the efforts taken. Depending on physical site layouts- you might consider some redundant point-to-point wireless links.

8. Depends on the IP Telephony Solution. Cisco has gear that will all talk back to some centralized servers at a site of your choice (probably 1 since it's the hub of the network/company). Other providers, like Nortel, will talk back to a central site but will require additional gear to site at the remote sites in-case of a WAN failure (Cisco might need you to bump some code on your routers to support SRST, but that's it... actually, depending on phone counts the routers at the remote sites may or may not support all the phones in the even the WAN dies). Also, if you're planning on using the Cisco gear to terminate your PSTN connectivity at the remote sites you might be SOL on WAN slots, etc. Configuring a router for Voice capabilities vs. Data is significantly different (hardware wise, all the software config work is done the same way).

9. Personally I'd avoid handing DHCP to the switches and routers, I'd manually assign them. DHCP to all the other stuff is fine, the only real question is where to hand it out. You can run a single master server that all sites/networks talk back to but if the WAN is dead for an extended period of time you run the risk of DHCP leases expiring on you and PC's dropping off the network into uselessness until the WAN link is restored. Alternativly, if you configure a DHCP server at each site, you've got that many more DHCP servers to maintain.

10. Yes, the (2^n)-2 formula will help you decide how big a block of IP's you need and you can work backwords from there regarding IP subnet sizes. Realistically however, you're probably going to end up with smaller subnets within each site. For example, in site 3 you decided you need 550 IP addresses. If that were a single block you'd need a /21 mask and have a large flat network. While it might work, that's stretching the number of devices on a single subnet before the whole thing blows up (broadcasts, etc.) More realistic is a separate voice and data subnets which at minimum cuts your network in half so now you're down to 275 hosts per subnet and you get to move to a /22 mask. Depending on the company- you might further subdivide users by job function, etc. At schools it's common to have a students, admin, and servers, all on separate subnets. It helps with security because you can touch traffic as it flows from the student subnet to the servers, the servers to admin, etc. Granularity can be helpful. If you massage all your stuff into things like that you might end up with 3-4 class C subnets that still serve your 550 IP address requirements!

11. See my answer to 9.
 
I am not sure why you would want to have so many little switches. It is generally better to run fewer, larger switches. Easier to manage, you can keep spare modules on hand, and with dual sup engines they are more fault tolerant. That being said, here is what I would do:

Site 1: Main Office
10 Servers with 10/100/1000 nics
1000 Users

2 Cat 6509s with dual Sup IIs or Sup720s and flexwans with ATM DS3 PAs
(or save money with a pair of 3800s)
5-10Mbps Internet PVC, 10-15Mbps combined internal PVCs
2 Cat 6513s with 6348 ethernet modules

***********************************
Site 2: Field Office
2 Servers with 10/100/1000 nics
100 Users

3745 or 3640 with 2-4 IMA T1s (depending on utilization)
PVCs built to each core router at Corp HQ.
2-3 POE Switches of choice - You could get away with 2 here and have some users plugged into the router
(particularly if using a 3745) but I don't like doing that.
***********************************************

Site 3: Field Office
3 Servers with 10/100/1000 nics
200 Users

3745 or 3640 with 2-4 IMA T1s (depending on utilization - can do up to 8, but at that point an ATM PVC is usually more cost efficient)
Optional: Dual 3745s/3640s

Cat5500 (Note: EOL) or 4507 w/dual sup engines (new 4500 switches are nice gear). Or two to support future growth

****************************************

Site 4: Field Office
5 Servers with 10/100/1000 nics
250 users

2x2800 w/ ATM DS3 module
5-10Mbps PVC to each HQ core router

2x4507 switches with dual Sup's



You can replace the 3745s or 3640s with 2800s or 3800s, depending. I just work with the 3745s on a regular basis, and theyre a pretty nice unit. The 2800s look nice though, good mix of options, particularly on the higher end units.
 
My opinions on your 11 questions
1. No, put your PIX at the corporate internet DMZ. The other sites shouldn't have direct internet access, and should not need them. Too many firewalls become a horrible pain.

2. The best model, for redundancy, looks like a bow tie. So each router at a site would have connectivity to each of the 2 core switches, and the 2 core switches have connectivity between them. The PIX doesn't necessarily have to be physically between the internet and the network, it can be done logically by routing all inbound and outbound traffic through the firewall.

3. I believe DS3s are coax. You don't need to worry about the WAN stuff generally. The telco specifies how they need it to be set, and you set it how they tell you. They handle clocking, etc. Only thing you may have to do is set the # of time slots, but if you are getting full T1s you shouldn't even need to mess with that.

4. This is why you run two core routers/switches, and run fiber or copper (if it will reach) out to access switches in closets nearer the floor.

5. Not necessarily. You can run gig copper just fine if they're within a reasonable distance.

6. OSPF is the way to go. Even Cisco is moving away from EIGRP.

7. No. If you want backup, put another Internet PVC in the 2nd largest option. If you run OSPF, you can have it originate a type-2 default route, which will only be used if your primary goes out of comission. The little 56k-128k connections are pretty worthless.

8. You could do it either way from what I understand, but I am not a telephony guy.

9. Use DHCP for users, statics for everything else (switches, routers, servers).

10. This was already answered well.

11. This is really a design choice, it can be done either way. With good WAN redundancy, you might as well centralize the DHCP servers. Then again, if you expect or can tolerate the WAN being down/flaky, DHCP servers at each location would be best.
 
Blitzrommel said:
One of the few I've seen work well was also in a warehouse environment. :eek:
Click to expand...

I've found that they work flawlessly in any office environment that I bring them in. They're a bit of a pain to initially get running (in comparison to a 79x0), but after that they're great. We always use Cisco AP's though, so I don't know if maybe you're using something different or not.

This might sound like a really stupid question, but are you sure you're joining them to a voice VLAN that has QoS? I know that for the Cisco AP's I configure, that the client wants both data and voice traffic passing through, so it's important to have different SSID's.
 
Ok new problem.

My partner went through Time Warner to get the ISP and the highest they are offering are T1. And they can't help the out of state branch office.

If I had the 3 instate offices use Time Warner as an ISP, and the branch office use Comcast, the comcast office should have no problem with a direct VPN connection to the Time Warner ones right?
 
Your switched LAN should be set up like this in order to support voice properly.

Hardware:
Catalyst 3750's w/ PoE running the Standard Image. These are stackable switches so they can give you a higher port density while utilizing the switches backplane should the need arise.

Configuration:
You will need seperate VLAN's for voice and data. The following
shows what a typical port configuration would look like. In this example the native VLAN is left at the default of VLAN 1, thus the reason it does not show up in the config. The native VLAN is used for your data traffic.

interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 20
mls qos trust device cisco-phone
mls qos trust cos
no mdix auto
spanning-tree portfast
spanning-tree guard root

You will need seperate IP networks for voice and data. For example, 192.168.1.0/24 is used for voice and 10.1.2.0/24 is used for data.

You will need a seperate DHCP server for your voice and data
network, usually a box in your CallManager cluster will provide DHCP
for your phones. Either that or a Voice Gateway (Router).

Those are the three basics when setting up a LAN to support voice traffic properly.

P.S. - Look at using ASA's instead of PIX's if that is an option. They provide a lot more services (IPS, Anti-X) and have better overall VPN performance.

Another observation would be getting away from Point-to-Point circuits and going with an MPLS solution, especially if you are going to be implementing voice down the road.
 
dr_debauch said:
8. Depends on the IP Telephony Solution. Cisco has gear that will all talk back to some centralized servers at a site of your choice (probably 1 since it's the hub of the network/company). Other providers, like Nortel, will talk back to a central site but will require additional gear to site at the remote sites in-case of a WAN failure (Cisco might need you to bump some code on your routers to support SRST, but that's it... actually, depending on phone counts the routers at the remote sites may or may not support all the phones in the even the WAN dies). Also, if you're planning on using the Cisco gear to terminate your PSTN connectivity at the remote sites you might be SOL on WAN slots, etc. Configuring a router for Voice capabilities vs. Data is significantly different (hardware wise, all the software config work is done the same way).
Click to expand...

If this guy is looking at deploying 1000+ IP Phones at each location then each location should have a CallManager cluster, you can not use SRST to support that many IP Phones in a failover scenario...
 
You must log in or register to reply here.
Back
Top