Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Network Topology Question

Network Topology Question 7 years 8 months ago #29821

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
I'm a little confused on the topology of the schematic attached.

The HP switch is the core switch of the network. Connected to the switch is pretty much the entire network.

The network shown is correct and fully functional, which is where my curiosity and confusion arise.

1.) How does the firewall work? Both the internal and external interfaces are connected to the HP switch.
I've always setup firewalls with the pass through topology.

2.) You have the Cisco 1700 for Internet and the Cisco 3800 for MPLS. How does that work? No conflicts occur or traffic related problems? Does each router just hold its routing tables and use the HP switch as the medium for communication? (duh!) But I still can't grasp how that works.

3.) The Cisco VPN Concentrator has both the public port and private port connected to the HP switch. How does that work?

4.) Having multiple switches trunking off the core switch. Doesn't this lead to bandwidth problems and overhead? I believe the max numbers of switches you can trunk, per Cisco is 3 (3 switches being at its best performance, it can exceed that but performance would be degraded).


Some guidance would be much appreciated.






Thanks,

ZiPPy
ZiPPy
The administrator has disabled public write access.

Re: Network Topology Question 7 years 8 months ago #29830

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
It is not the most usual way of settings up a topology, but probably.. what I think.

The Firewall is used as a router in this case, the switch is used to create the VLAN's and the firewall for security.

So... internet is on VLAN10 for instance.. no routing on the switch possible (no ip address on the SVI) and so on for the rest of the VLANS.

It's a bit strange,... but i could work :)
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: Network Topology Question 7 years 8 months ago #29835

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
To add a little more, the three cascaded switches could be 'stacked' using the manufacturer's proprietary stacking cables. This provides a high-bandwith backplane connection which shouldn't impact performance as long as you stick to the guidelines on the maximum number of devices. Stacking them yourself using trunked links is probably not a good idea, it would be better to trunk each switch separately to the core switch instead
The administrator has disabled public write access.

Re: Network Topology Question 7 years 8 months ago #29893

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I agree with chojin that the HP Switch most probably has VLANs configured. Once you imagine VLANs placed there, most of the confusion will clear out. Say you have 4 VLANs configured, the HP Switch will act like 4 totally disconnected switches.

The internal link from the firewall goes to say VLAN1 swtich, The external link from the firewall goes to say VLAN2 switch. The Public & Private links from the concentrator connect to VLAN3 & VLAN4 switches, or may be VLAN1 & VLAN3. And so on for router interfaces too. By switches here I don't mean real physical switches, but virtual switches (i.e VLANs). Thats the only way I could imagine it working.

Regarding your 4th question. Trunking is probably not the best way to do it as TheBishop noted.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Network Topology Question 7 years 8 months ago #29910

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
I did some more research and found out exactly how the core switch is configured.

The switch as S0lo mentioned is indeed broken up into VLANs.



Orange - VLAN101 - External Interfaces
Green - VLAN201 - Internal Interface
Blue - VLAN301 - Internal Interfaces - VoIP

So being that they are separate VLANs acting as different switches, clears up the confusion.

Thanks,

ZiPPy
ZiPPy
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup