Advertisement
- Home
- Networking
- Network Management
- Network Design & Methodology
- Starting point for fiber Conversion
Advertisement
- 1. lrmoore 72,115
- 2. from_exp 48,552
- 3. kdearing 47,313
- 4. JFrederic... 47,300
- 5. donjohnston 46,748
- 6. mikebernh... 44,890
- 7. that1guy15 35,052
- 8. harbor235 31,820
- 9. RobWill 27,950
- 10. DevilWAH 20,918
- 11. ebjers 18,750
- 12. _jesper_ 17,775
- 13. bkepford 16,400
- 14. donmanrobb 15,915
- 15. giltjr 15,674
- 16. tigermatt 15,000
- 17. Quori 13,300
- 18. uetian1707 13,219
- 19. pseudocy... 13,050
- 20. naughton 11,375
- 21. ryansoto 10,600
- 22. tfowles 10,500
- 23. Pugglewu... 10,300
- 24. Chris-Dent 8,950
- 25. decoleur 8,800
- 1. lrmoore 133,679
- 2. donjohnston 69,968
- 3. mikebernh... 53,640
- 4. from_exp 52,752
- 5. JFrederic... 51,100
- 6. kdearing 47,313
- 7. harbor235 38,420
- 8. RobWill 37,750
- 9. that1guy15 36,802
- 10. pseudocy... 25,521
- 11. DevilWAH 21,918
- 12. _jesper_ 21,775
- 13. giltjr 21,774
- 14. ebjers 20,750
- 15. uetian1707 16,919
- 16. bkepford 16,400
- 17. KCTS 16,368
- 18. donmanrobb 15,915
- 19. tigermatt 15,000
- 20. keith_ala... 13,789
- 21. Quori 13,300
- 22. Chris-Dent 12,310
- 23. leew 12,268
- 24. batry_boy 11,695
- 25. naughton 11,375
| 09.04.2008 at 08:53AM PDT, ID: 23703126 |
|
[x]
Attachment Details
|
||
|
[x]
The Solution Rating System
|
||
With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.
Your Input Matters If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support. Thank you! |
||
8.4
Starting point for fiber Conversion
Asked by CityofKerrville in Network Routers, Network Switches & Hubs, Network Design & Methodology
Tags: Cisco, 2821, 2811, 3560, VLAN Trunking and Metro Ethernet
This is a question regarding the starting point for the following bigger picture
http://www.experts-exchang
...where to start. We are about to begin our migration from a T1 infrastructure to Time Warner's Metro Ethernet. 4 of our 15 sites including our main site are already on the fiber. I would like to get the core configurations done with these site first before I start moving others. Being a local government entity, with police and fire and EMS, I am sure you can understand that down time is a major issue. I have attache a diagram of the initial plan but will lay out a few minor requirements and some of what I have done so far for review and critique.
We will start with 4 Sites
Site A - This is our City Hall where most of our servers are located and where our internet comes in. We will have a Cisco 2821 Router with 2 - GigabitEthernet, 4 FastEthernet, and 1 DSU. I and pretty sure I need to configure a trunk port on this router to connect to the Metro-E. Here a what I have done so far for the configuration of the router.
!
interface FastEthernet0/0 <--------MGMT on Diagram
description VLAN10 MGMT-IT
ip address 192.168.96.1 255.255.255.0
!
interface FastEthernet0/1
description ASA FIREWALL
ip address 192.168.110.1 255.255.255.224
!
interface FastEthernet0/2 <--------SITE A users on Diagram
description VLAN20 CITYHALL
ip address 192.168.99.1 255.255.255.252
!
interface FastEthernet0/3 <--------To existing network where site to be migrate are
description TEMPORARY LINK TO EXISTING ROUTERS
ip address 192.168.109.1 255.255.255.252
!
interface GigabitEthernet0/0 <--------SITE A on Diagram
description VLAN30 SERVERS
ip address 192.168.101.1 255.255.255.0
!
interface GigabitEthernet0/1
description dot1q trunk port to METRO ETHERNET
no ip address
!
interface GigabitEthernet0/1.1
description VLAN 10 NATIVE
encapsulation dot1q 10 native
!
interface GigabitEthernet0/1.2
description VLAN80 UNUSED
encapsulation dot1q 80
ip address 192.168.98.1 255.255.255.254
!
interface GigabitEthernet0/1.3 <--------SITES B and C on Diagram
description VLAN COURT, FIREADMIN, LIBARY, KSP, STREETS, GOLF
encapsulation dot1q 20
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/1.4
description VLAN40 WATER
encapsulation dot1q 40
ip address 192.168.104.1 255.255.255.0
!
interface GigabitEthernet0/1.5
description VLAN50 WASTERWATER
encapsulation dot1q 50
ip address 192.168.105.1 255.255.255.0
!
interface GigabitEthernet0/1.6
description VLAN90 UNUSED
encapsulation dot1q 90
ip address 192.168.107.1 255.255.255.254
!
interface GigabitEthernet0/1.7
description VLAN100 UNUSED
encapsulation dot1q 100
ip address 192.168.109.1 255.255.255.254
!
interface GigabitEthernet0/1.8 <--------SITE D on Diagram
description VLAN70 KPD
encapsulation dot1q 70
ip address 192.168.109.1 255.255.255.254
!
interface dsu0/1
description VLAN60 AIRPORT
ip address 192.168.1.25 255.255.255.248
!
We want to implement VLANS for are site that require extra security (i.e. Waster Plant and Police). Aside from the site was really want to isolate, most everyone else will be on the same VLAN.
VLAN10 (I think this is the native but not sure about that)
This is our management VLAN Everything on this VLAN is physically located at SITE A. out IT staff will be on this VLAN and also our back-end Virtual Server management is here. Devices on this VLAN should be able to access anything on the entire network. Devices on the VLAN will have static ip addresses on the 192.168.96.0 network
VLAN20
Is the primary VLAN for most of the city's regular users. For today's purposes, the users at SITE A, All of SITE B, and all of SITE C will be on this VLAN. There will be more sites added to this VLAN, but our hope is to have everything ready so we easily transition them over when their time comes. Devises on the VLAN should pull DHCP from our Domain controllers using the 192.168.100.0/24 address pool.
VLAN30
All of our Servers (Physical Machines and Virtual Front-ends) are on this VLAN. Servers should be accessible from all devices on the network. All addresses are static on the 192.168.101.0 network. Management will be done through the back-end through the management network (VLAN10).
VLAN70
The is our Police Department and SITE D on the diagram. This site has Cisco 2811 router. The reason for the router is Police specific to resources outside our network. Not sure how to configure the access port here. All users and department specific server are on this VLAN. Certain users on SITE C will need access to the servers on this VLAN.
The switches at all of the site are Cisco 3560 (port count varies) Here is a sample config for the access port on each switch.
!
interface FastEthernet0/24
description VLAN20 traffic from fe0/2 on CHR1
switchport mode access
switchport access vlan 20
!
interface VLAN10
description MGMT ACCESS
ip address 192.168.96.50 255.255.255.0
!
Obviously the VLAN tags and descriptions will change accordingly.
Like I said before, this a live migration and all the devices on the T1 site still need to be active while the migration is underway. That being said, I think you have enough information to answer a few starting questions.
1 - What is the Native VLAN? Is it the VLAN provided by the ISP for the Metro-E? Should my management Network be on the native?
2 - When we migrate the Servers and put them on their new VLAN, will the devices on the old network not yet migrated to fiber still be able to access them? Should I move them last?
3 - I know there is 1 access port on the remote switches to connect to the Metro-E. Do the rest of the ports on these switches need VLAN tags too?
4 - From what you have looked at so far, are we on the right track? Are we missing something? Is there a better way? What are some of the best practices for what we are trying to accomplish? Please let me know any ideas or concerns you have with my design.Start Free Trial
http://www.experts-exchang
...where to start. We are about to begin our migration from a T1 infrastructure to Time Warner's Metro Ethernet. 4 of our 15 sites including our main site are already on the fiber. I would like to get the core configurations done with these site first before I start moving others. Being a local government entity, with police and fire and EMS, I am sure you can understand that down time is a major issue. I have attache a diagram of the initial plan but will lay out a few minor requirements and some of what I have done so far for review and critique.
We will start with 4 Sites
Site A - This is our City Hall where most of our servers are located and where our internet comes in. We will have a Cisco 2821 Router with 2 - GigabitEthernet, 4 FastEthernet, and 1 DSU. I and pretty sure I need to configure a trunk port on this router to connect to the Metro-E. Here a what I have done so far for the configuration of the router.
!
interface FastEthernet0/0 <--------MGMT on Diagram
description VLAN10 MGMT-IT
ip address 192.168.96.1 255.255.255.0
!
interface FastEthernet0/1
description ASA FIREWALL
ip address 192.168.110.1 255.255.255.224
!
interface FastEthernet0/2 <--------SITE A users on Diagram
description VLAN20 CITYHALL
ip address 192.168.99.1 255.255.255.252
!
interface FastEthernet0/3 <--------To existing network where site to be migrate are
description TEMPORARY LINK TO EXISTING ROUTERS
ip address 192.168.109.1 255.255.255.252
!
interface GigabitEthernet0/0 <--------SITE A on Diagram
description VLAN30 SERVERS
ip address 192.168.101.1 255.255.255.0
!
interface GigabitEthernet0/1
description dot1q trunk port to METRO ETHERNET
no ip address
!
interface GigabitEthernet0/1.1
description VLAN 10 NATIVE
encapsulation dot1q 10 native
!
interface GigabitEthernet0/1.2
description VLAN80 UNUSED
encapsulation dot1q 80
ip address 192.168.98.1 255.255.255.254
!
interface GigabitEthernet0/1.3 <--------SITES B and C on Diagram
description VLAN COURT, FIREADMIN, LIBARY, KSP, STREETS, GOLF
encapsulation dot1q 20
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/1.4
description VLAN40 WATER
encapsulation dot1q 40
ip address 192.168.104.1 255.255.255.0
!
interface GigabitEthernet0/1.5
description VLAN50 WASTERWATER
encapsulation dot1q 50
ip address 192.168.105.1 255.255.255.0
!
interface GigabitEthernet0/1.6
description VLAN90 UNUSED
encapsulation dot1q 90
ip address 192.168.107.1 255.255.255.254
!
interface GigabitEthernet0/1.7
description VLAN100 UNUSED
encapsulation dot1q 100
ip address 192.168.109.1 255.255.255.254
!
interface GigabitEthernet0/1.8 <--------SITE D on Diagram
description VLAN70 KPD
encapsulation dot1q 70
ip address 192.168.109.1 255.255.255.254
!
interface dsu0/1
description VLAN60 AIRPORT
ip address 192.168.1.25 255.255.255.248
!
We want to implement VLANS for are site that require extra security (i.e. Waster Plant and Police). Aside from the site was really want to isolate, most everyone else will be on the same VLAN.
VLAN10 (I think this is the native but not sure about that)
This is our management VLAN Everything on this VLAN is physically located at SITE A. out IT staff will be on this VLAN and also our back-end Virtual Server management is here. Devices on this VLAN should be able to access anything on the entire network. Devices on the VLAN will have static ip addresses on the 192.168.96.0 network
VLAN20
Is the primary VLAN for most of the city's regular users. For today's purposes, the users at SITE A, All of SITE B, and all of SITE C will be on this VLAN. There will be more sites added to this VLAN, but our hope is to have everything ready so we easily transition them over when their time comes. Devises on the VLAN should pull DHCP from our Domain controllers using the 192.168.100.0/24 address pool.
VLAN30
All of our Servers (Physical Machines and Virtual Front-ends) are on this VLAN. Servers should be accessible from all devices on the network. All addresses are static on the 192.168.101.0 network. Management will be done through the back-end through the management network (VLAN10).
VLAN70
The is our Police Department and SITE D on the diagram. This site has Cisco 2811 router. The reason for the router is Police specific to resources outside our network. Not sure how to configure the access port here. All users and department specific server are on this VLAN. Certain users on SITE C will need access to the servers on this VLAN.
The switches at all of the site are Cisco 3560 (port count varies) Here is a sample config for the access port on each switch.
!
interface FastEthernet0/24
description VLAN20 traffic from fe0/2 on CHR1
switchport mode access
switchport access vlan 20
!
interface VLAN10
description MGMT ACCESS
ip address 192.168.96.50 255.255.255.0
!
Obviously the VLAN tags and descriptions will change accordingly.
Like I said before, this a live migration and all the devices on the T1 site still need to be active while the migration is underway. That being said, I think you have enough information to answer a few starting questions.
1 - What is the Native VLAN? Is it the VLAN provided by the ISP for the Metro-E? Should my management Network be on the native?
2 - When we migrate the Servers and put them on their new VLAN, will the devices on the old network not yet migrated to fiber still be able to access them? Should I move them last?
3 - I know there is 1 access port on the remote switches to connect to the Metro-E. Do the rest of the ports on these switches need VLAN tags too?
4 - From what you have looked at so far, are we on the right track? Are we missing something? Is there a better way? What are some of the best practices for what we are trying to accomplish? Please let me know any ideas or concerns you have with my design.Start Free Trial
Attachments:
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628
