- Posts: 500
- Thank you received: 0
Network Topology Question
 16 years 7 months ago #29821
by ZiPPy
ZiPPy
Network Topology Question was created by ZiPPy 
        I'm a little confused on the topology of the schematic attached.
The HP switch is the core switch of the network. Connected to the switch is pretty much the entire network.
The network shown is correct and fully functional, which is where my curiosity and confusion arise.
1.) How does the firewall work? Both the internal and external interfaces are connected to the HP switch.
I've always setup firewalls with the pass through topology.
2.) You have the Cisco 1700 for Internet and the Cisco 3800 for MPLS. How does that work? No conflicts occur or traffic related problems? Does each router just hold its routing tables and use the HP switch as the medium for communication? (duh!) But I still can't grasp how that works.
3.) The Cisco VPN Concentrator has both the public port and private port connected to the HP switch. How does that work?
4.) Having multiple switches trunking off the core switch. Doesn't this lead to bandwidth problems and overhead? I believe the max numbers of switches you can trunk, per Cisco is 3 (3 switches being at its best performance, it can exceed that but performance would be degraded).
Some guidance would be much appreciated.
 
Thanks,
ZiPPy
The HP switch is the core switch of the network. Connected to the switch is pretty much the entire network.
The network shown is correct and fully functional, which is where my curiosity and confusion arise.
1.) How does the firewall work? Both the internal and external interfaces are connected to the HP switch.
I've always setup firewalls with the pass through topology.
2.) You have the Cisco 1700 for Internet and the Cisco 3800 for MPLS. How does that work? No conflicts occur or traffic related problems? Does each router just hold its routing tables and use the HP switch as the medium for communication? (duh!) But I still can't grasp how that works.
3.) The Cisco VPN Concentrator has both the public port and private port connected to the HP switch. How does that work?
4.) Having multiple switches trunking off the core switch. Doesn't this lead to bandwidth problems and overhead? I believe the max numbers of switches you can trunk, per Cisco is 3 (3 switches being at its best performance, it can exceed that but performance would be degraded).
Some guidance would be much appreciated.
 
Thanks,
ZiPPy
ZiPPy
 16 years 6 months ago #29830
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
        Replied by Chojin on topic Re: Network Topology Question 
        It is not the most usual way of settings up a topology, but probably.. what I think.
The Firewall is used as a router in this case, the switch is used to create the VLAN's and the firewall for security.
So... internet is on VLAN10 for instance.. no routing on the switch possible (no ip address on the SVI) and so on for the rest of the VLANS.
It's a bit strange,... but i could work 
 
The Firewall is used as a router in this case, the switch is used to create the VLAN's and the firewall for security.
So... internet is on VLAN10 for instance.. no routing on the switch possible (no ip address on the SVI) and so on for the rest of the VLANS.
It's a bit strange,... but i could work
 
 CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
 16 years 6 months ago #29835
by TheBishop
        Replied by TheBishop on topic Re: Network Topology Question 
        To add a little more, the three cascaded switches could be 'stacked' using the manufacturer's proprietary stacking cables. This provides a high-bandwith backplane connection which shouldn't impact performance as long as you stick to the guidelines on the maximum number of devices. Stacking them yourself using trunked links is probably not a good idea, it would be better to trunk each switch separately to the core switch instead    
 16 years 6 months ago #29893
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
        Replied by S0lo on topic Re: Network Topology Question 
        I agree with chojin that the HP Switch most probably has VLANs configured. Once you imagine VLANs placed there, most of the confusion will clear out. Say you have 4 VLANs configured, the HP Switch will act like 4 totally disconnected switches.
The internal link from the firewall goes to say VLAN1 swtich, The external link from the firewall goes to say VLAN2 switch. The Public & Private links from the concentrator connect to VLAN3 & VLAN4 switches, or may be VLAN1 & VLAN3. And so on for router interfaces too. By switches here I don't mean real physical switches, but virtual switches (i.e VLANs). Thats the only way I could imagine it working.
Regarding your 4th question. Trunking is probably not the best way to do it as TheBishop noted.
The internal link from the firewall goes to say VLAN1 swtich, The external link from the firewall goes to say VLAN2 switch. The Public & Private links from the concentrator connect to VLAN3 & VLAN4 switches, or may be VLAN1 & VLAN3. And so on for router interfaces too. By switches here I don't mean real physical switches, but virtual switches (i.e VLANs). Thats the only way I could imagine it working.
Regarding your 4th question. Trunking is probably not the best way to do it as TheBishop noted.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
 16 years 6 months ago #29910
by ZiPPy
ZiPPy
        Replied by ZiPPy on topic Re: Network Topology Question 
        I did some more research and found out exactly how the core switch is configured.
The switch as S0lo mentioned is indeed broken up into VLANs.
 
Orange - VLAN101 - External Interfaces
Green - VLAN201 - Internal Interface
Blue - VLAN301 - Internal Interfaces - VoIP
So being that they are separate VLANs acting as different switches, clears up the confusion.
Thanks,
ZiPPy
The switch as S0lo mentioned is indeed broken up into VLANs.
 
Orange - VLAN101 - External Interfaces
Green - VLAN201 - Internal Interface
Blue - VLAN301 - Internal Interfaces - VoIP
So being that they are separate VLANs acting as different switches, clears up the confusion.
Thanks,
ZiPPy
ZiPPy
        Time to create page: 0.090 seconds    
 
 
 
 
 
 
 
  
  
 
 
 