Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


network design

By monarshrivastava ·
I want to design cisco network to connect 20 sites with leased line as primary and ISDN as back up connectivity. suggest me the router with modules at central site and remote site also firewall, IDS,switch and NMS . suggest me the network design

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshavrov In reply to network design

For Remote Sites:
1. Cisco 2611XM/2621XM routers
2. T1/E1 card (either WIC-1DSU-T1, or WIC-1T if you have external CSU/DSU unit)
3. WIC-1B for ISDN (appropriate model depends on ISDN provider).

For Central Site:
1. Cisco 3745 Router
2. Combination of NM-4T, NM-8A/S, and NM-16A/S to connect to 20 external CSU/DSUs
3. NM-1CT1-CSU module to connect to ISDN PRI.
separate routers to provide same functionality.

Cisco PIX515e for remote sites and Cisco PIX525 for Central Site

Cisco IDS 4250 Sensor

Remote sites:
PCs connected to small switch (16/24 ports depending on number of users)
Router (described above), connected to the same switch.

Central Site:
1. Router(s), described above, connected to PIX Firewall.
2. Servers, should be accessible from outside should be in DMZ. IDS should be connected into DMZ as well.
3. Users and Servers connected to Layer3 switch.

Good luck,

Michael Shavrov
CCNP, CCDP, CCSP, Security+, MCSE W2K, MCSE+I, CheckPoint CSSA, ...

Collapse -

by mshavrov In reply to

In reply to Answer#2

First, client is requested "Leased Lines". It may be Frame Relay, Sonet, T1, PRI, etc. In previous posts he mentioned "real time services", so, it means that ALL remote sites may talk simultaneously and performance may be an issue.

Second, if they will have 20 remote offices, with hub-and-spoke topology they will have effective bandwidth for each site equal to T1/20, which will give ~80Kbit. It's less than ISDN. If they will get T3, it may cost more on both, hardware and monthly fee for line. Plus, it will be single point of failure - if you loose this link, you loose all sites.

And concerning a consultant... Finally he will come to this conclusion, that if you want to get something good, you have to pay appropriate price, either in money to somebody, or in self-education.


Collapse -

by monarshrivastava In reply to

Poster rated this answer.

Collapse -

by -Q-240248 In reply to network design

What does he need all of those serial interfaces for?

On central route (we'll call it the hub)Get one T1 inteface, and one ISDN interface. In the hub router, the Frame-relay T1, you will create subinterfaces to the "spoke" sites, while with the ISDN, you do the same thing..

Implemnet an ECMP routing protocol between the sites, giving the frame-relay priority routing. So that when it goes down, the ISDN will take over. IOW, hire a consultant if you don't know what you're doing, because the whole thing is complicated and you will fail if you do it yourself. Then once the nework is setup, you will learn by it's configuration, and start to learn the intracacies of networking. That's my suggestion.

Collapse -

by -Q-240248 In reply to

Now for my response:
In your 20-office-per T1 scenario, this is exactly what frame-relay was designed to do and is the most efficent, non-expensive solution. If you attach 20 serial lines, You'll need 20 seperate circuits and that is not realistic. THat is really ancient thinking. Todays circuits work as follows: Bring one big one into the main office, and sub-interface, and provide PVCs to the spoke sites. That's one line, one csu/dsu, and one not-so-powerful router.

Hub and spoke with 10, 20, 30 or more sites on a frame-relay t1 circuit works wonders, and is in wide use today. It's what frame-relay was designed to do. The user should get an ATM circuit, an ATM OC-3 interface on his router, start out with a 5MB ATM circuit and create PVCs to the spokes (they can be T1's or whatever). This would be the most cost effective way to go with today's technologies. Then, if he thinks he needs more bandwith, he tells the provider and merely increases the traffic shaping on his end. Simple.


Collapse -

by monarshrivastava In reply to

Poster rated this answer.

Collapse -

by uffe.sommerlund In reply to network design

maybe consider failover (Load Balanced network)
the price would be cheaper if u choose Load Balanced instead of failover + the failover would cost more because of all those second NMP (Engines) and u still end up with a Cold standby

Collapse -

by monarshrivastava In reply to

Poster rated this answer.

Collapse -

by monarshrivastava In reply to network design

This question was closed by the author

Related Discussions

Related Forums