Design Network for 500 Staff/Employees

networker050184

Who is "eating the guy up"? Everyone has told him he's in over his head and needs to do some research. I don't think thats overly harsh.

pitviper

Wait, your clouds appear to say "airport"…please tell me that this is a totally hypothetical scenario.

Stotic

Your diagram looks just like one I'd expect from a newly minted CCNA. A gripe I have about the CCNA books is that they teach you to segment by function rather than location. This helps explain VLANs, but actual production networks aren't designed like this. For user subnets, you want to localize subnets and switches by location. You want to localize layer 2 traffic. You don't want a host within a vlan passing traffic across your core. You should have a DMZ or some other segmented network for all of your server traffic. And I hope that that network isn't using 5 separate mainframes lol.

A key concept in network design is Core/Distribution/Access. Think of it like a tree. You have your big core routers at the center, your distribution routers, and then your access switches (users hang off access) And remember, redundancy redundancy redundancy. Each of your routers/switches should have 2 up-links to 2 separate devices. I could go in more depth here but I think this is something you have to research yourself before I start to write a book.

Your requirements lists 500 users. I didn't see anything about servers, etc. I think he wants you to practice your subnetting as well so keep that in mind.

btowntech

You might want to take into consideration port density. Also, Cisco does make a few other products then the ones normally used in a home CCNA lab. You might want to check into other product lines to better serve your requirements. Good luck!

dynamik

ColbyG wrote: »

Dia? Or is there something new I don't know about?

OS Alt is great for this type of stuff: Visio | Open Source Alternative - osalt.com

mikej412

GPU wrote: »

then use mac address to set access lists and restrictions

Um.... wouldn't that be a little "admin intensive" to setup and maintain?

GPU wrote: »

What do you think about my design?

A 2651XM couldn't handle my home network -- so the only way those 2600XMs would work in your design would be at night when no one was using the network.

You might want to consider using current hardware -- unless it was stated that the network will be built from hardware bought on eBay.

You may want to hit up the Cisco Web Site and check out router & switch product pages to find out what the current devices available are....

These Guides should also be reasonably current....
Cisco Catalyst Switch Guide PDF
http://www.cisco.com/en/US/prod/swit...cd805f0955.pdf

Cisco Router Guide PDF
http://www.cisco.com/en/US/prod/coll...cd8019dc1f.pdf

The Cisco Partner Central Portable Product Sheets include some of the older devices -- and may not have been updated yet for the newer hardware like the ISR G2s -- but you you can get a quick overall comparison of performance (and capacity) of the various devices.

Portable Product Sheets - Partner Central
Router Performance, Switch Performance, Router Memory, Modules Cross Reference, etc

Stotic wrote: »

A key concept in network design is Core/Distribution/Access. Think of it like a tree. You have your big core routers at the center, your distribution routers, and then your access switches (users hang off access) And remember, redundancy redundancy redundancy. Each of your routers/switches should have 2 up-links to 2 separate devices. I could go in more depth here but I think this is something you have to research yourself before I start to write a book.

Good point -- current hardware AND standard network design practices. A picture is worth a 1000 words.....

Cisco Design Zone: Design Zone/SRND - Main Page - Cisco Systems

You can follow the View All Design Guides link there if you want to "shop" all the available designs.

These pictures are from the Enterprise Campus 3.0 Architecture -- the collapsed core (which is probably your best bet with just 500 users in one location) and the standard impressive enterprise multi-node core that all CCNPs hopefully will get to know and admin and manage and love.








If you drink a beer or two and ponder those diagrams you may notice they are just slightly more complex than what you should have started with (and remembered) from the CCNA --

hypnotoad

I was jsut going to say, if you have 100 IP cameras, you don't want to use 2950-24 switches. 3560-48 with PoE is probably what you want. And like Mike said, the 2600XM series won't work. Plus, if all of this is in the same building, then use ethernet for the backbone and not serial links. Get a 'core switch' or two and build out from there.

mikej412

If you need help deciphering some of the icons used in the drawings, you can download a printable reference pdf file on the Cisco Network Topology Icons web page:
Network Topology Icons - Cisco Systems

It's that "Featured Item" on the right side of that page.

Bl8ckr0uter

mikej412 wrote: »

If you need help deciphering some of the icons used in the drawings, you can download a printable reference pdf file on the Cisco Network Topology Icons web page:
Network Topology Icons - Cisco Systems

It's that "Featured Item" on the right side of that page.

Cool find. I think I found my new avatar.

pitviper

knwminus wrote: »

Cool find. I think I found my new avatar.

Hmmm, I must find a use for that "turret" icon in the next Visio that I do for work

Bl8ckr0uter

pitviper wrote: »

Hmmm, I must find a use for that "turret" icon in the next Visio that I do for work

I cannot believe how bad ass that thing looks.

peanutnoggin

knwminus wrote: »

I cannot believe how bad ass that thing looks.

That's a bit narcissistic don't you think!! J/K

I like that avatar as well...

-Peanut

Bl8ckr0uter

peanutnoggin wrote: »

That's a bit narcissistic don't you think!! J/K

I like that avatar as well...

-Peanut

LOL it's in black in white so that automagically means it's art.

peanutnoggin

knwminus wrote: »

LOL it's in black in white so that automagically means it's art.

Yeah, that is really cool and gets away from the default blue router icons. I'm actually thinking of redoing my network drawings using the black and white icons. That'll give me a reason to review documentation and it'll look cool to display!

-Peanut

dynamik

knwminus wrote: »

LOL it's in black in white so that automagically means it's art.

I didn't think yours was emo enough...

za3bour

The thread is really becoming helpful thanks for all the info

networker050184

dynamik wrote: »

I didn't think yours was emo enough...

I hate it......

Bl8ckr0uter

dynamik wrote: »

I didn't think yours was emo enough...

I like lol.

ColbyG

dynamik wrote: »

I didn't think yours was emo enough...

That is fantastic! I loled.

"You must spread rep blah blah Dynamik again."

Ryuksapple84

Hey,

I looked at your diagram and even though I do not have my CCDA (which I will be studying for soon), it is apparant that you do not have enough knowledge yet to accomplish a design of this magnitude.

I would suggest this to you. Find an entry level job in a place that fosters learning or just a networking job where you will get experience. 2) Study my friend. Study your ass off and really try to understand what you are reading. If you are just a Cert monkey that only gets the certs without a deep understanding, you will be useless and people will pick up on that.

I think people on this thread were a little more caustic to your request because everybody here has worked really hard for their certs and jobs and it is an insult to that dedication.

Even if you were to get this job, you would eventually be found out as a novice and then you would be out of a job. I also am a newbie and I am in the same boat. I work the night shift at a NOC and study on my down time. I also bug the engineers to volunteer my own time on projects so I can learn and I invested money and time into purchasing a lab for my studies.

I would just suggest that you take your time and learn. You will get there as will I. Just gotta put the time in.

Good luck my friend.

AlexMR

OP,

If those you mentioned are the only requirements then they are not expecting even CCDA level design. All that can be done with what you learn for the CCNA certification.

If you feel inconfident about security design read the CCDA chapter on the subject or even better, download the security design guide from cisco.com. It is a great resource.

If you dont feel confident maybe this is not the job for you. Sometimes employers are looking for people who can acquire new cmpetencies along the way but sometimes they need you to deliver inmediately.

Be careful because if you end up landing a job that is way above your head it might hurt you instead of helping you in your career...

PhildoBaggins

GPU wrote: »

Guys I need your help, the manager at a company said in my interview that I have to design a network of 500 staff (note: every single one wont exactly have a PC) which he will compare with 6 other guys and who has the best overall design lands the job.

Help, I'm a CCNA not a CCDP or CCIE or even CCDA

The 5 main areas of the building are 1.Fire Department-2.Security(this has 20 stations)-3.Stores(where everything is tore)-4.Executive Management (HR,General Manager, Chairman, Secretary's,Chief Financial Officer,Accounts, etc...)-5.Energy Management (IT Manager,Network Manager,Electronics repair guys, two secretary's) and they will be communicating the other buildings of its similar structure in other locations but with 1/4 to 1/2 it's amount of people and size.

One Guess
I use one router for the whole network and 5 smart swithes, then use mac address to set access lists and restrictions and dhcp to supply IP address to eg: one batch of ip's for security


Thanks,
Awaiting your responses.

If you want to be successful you can't just ask for answers. You will not learn anything.

They are telling you how many seats there are, how many departments and thus vlans you need. blah blah blah.

If I were you I would pic one of the templated designs already posted then write out the configs and submit the design and configs. I would get specific even about the models of switches, gbics, etc... and give suggestions about where you would put cross connects if you can or where you would attach the phone system.

The sky is the limit on these types of questions. You could submit the basic response or you could come up with creative designs.

You obviously want enough ports +30% for all the seats, routers, switches, devices on the lan. Create vlans, leave vlan 1 native if you want so all untagged traffic can walk the net. Dedicate space for a colo cage and a gbic uplink for vendor gear. I dont know, get creative lol.

alxx

Don't forget security , may want a firewall wall or few

Also include a server for tftp , logging and also networking monitoring tools.
Is NAC needed or is a good idea ? Does internet access need to be logged (who it is and what they accessed) for employees?

Out of band access for routers and switches ?

Hopefully those cameras are H264 (even then you can hit 1 to 4Mbps per camera).
High res cameras with older formats can kill a network.
Are the cameras poe ?
Are any of the cameras voip capable i.e used for help points or entry gates ?

Think about power requirements , ups , surge and lightening protection - especially for all equipment out doors especially the ip camera parts of the network.
If network goes between buildings use fibre so you don't need to worry about grounding , ground loops and isolation.

Is the equipment on Federal land (airport), does this impact on the requirements ?
i.e legislative requirements
Are there any special requirements for wifi equipment operating at airports ?

Sepiraph

pitviper wrote: »

Is that diagram on a napkin???

Hey don't diss on the napkin, they built BGP on that...

jamesp1983

You have to really think about this. Do some research and go from there. Consider your requirements and use what you know. Like others have said, don't forget security either. Read about the hierarchical network model.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html

cisco_trooper

I like the part about using 5 layer 3 switches per section and managing the whole thing with a single router....a SINGLE anything is automatically a bad design.

dirtyharry

I wish this thread was still going. It's so funny!

OP, where did you go? What ultimately happened?

GOZCU

dirtyharry wrote: »

I wish this thread was still going. It's so funny!

OP, where did you go? What ultimately happened?

I agree with you. i wonder the result too ^^