Advice in my first "mission"

gouki2005

Hi I just started today my new job so my welcome present was this

http://www.mediafire.com/view/?2m5365w8cp23y3c

for security I painted the public addresses. this was the old topology you see the switch in the middle is gone. the router is our access to the inter we are using fiber my question is.

I going to add another switch to replace the old is a new one both ASA has full configuration the tunnel is working so if I connect the new switch do I need to do some config in the switch to keep the functionality the same?

and what switch should I get they dont want to spend to much money so I need a cisco switch complete enoguh to do the job.

and they want add a Wireless access point to create a network alone to connect to the internet withouth pass the tunnel. All what i need to do is

1- add the new AP
2- create the pool
3 and because the network is connected to the same router the default route 0.0.0.0 0.0.0.0 is enough to get that traffic to the internet

I am right?

please advice baptism of fire .

sratakhin

Sorry for not contributing to the topic, but what did you use to draw this diagram?

gouki2005

The old technician did it. yeah is pretty good diagram Im wondering the same.

lantech

Are you talking about replacing the 2924XL?

If so what was the switch doing before it got removed? There are several configuration items that might need to be done. You might need to configure the VLANs and ACLs just to name a couple. I guess it would depend on what the configuration of the old switch was. If someone had just plugged it in and let it run without doing any configuration then it might very well have worked. But things might have been better if someone had taken the time to design a proper configuration for it.

GOZCU

this diagram can not help us to provide real answer for you.poorly drawn diagram.
I suggest you to determine the current configuration very well before you change something. Maybe, there is bandwidth control implementation for each client at switch(ingress-engress), or ACL, even port mirroring. a guy may have 2 ports for packet analyzing. If so, you have to do the same things at new switch. i also assume there are different vlans for Ip phones and computers for QoS. so you may have to configure vlans...


For access point. you dont have to do anything magical. a direct connection to switch will provide wireless to clients. rest is your wish (guest ssid, different vlan, QoS). for a network like this Cisco WAP321 will provide enough performance. or something from Aruba.

Roguetadhg

I didn't open your media fire file because I'm paranoid like that.

Just make sure the WAP doesn't hand out IP addresses, and has a static IP itself. So you can manage it later. Both I've learned through experience using Linksys home router.

For that, look into using a RADIUS server. Of course, WPA2-Personal is easy enough, to setup. I just wouldn't use it in the business world if you needed. Keep in mind that there's channels too. You don't want to have interference with another WAP close by.

There's a lot you can do with Wireless. It's definitely different and can be dangerous gateway to your wired network. My wireless password is really long and complex - I can't configure a radius server... so.. It's very long (14) and all character types minimal of 3 of each type.


I wouldn't go messing around with anything until after you've documented how things are work, copied configurations, analyzed the configurations, possibly checked the changes in GNS3 by having a small lab to replicate the real world.

But then again, you wouldn't be in IT if you made the company go down in some point!

gouki2005

lantech wrote: »

Are you talking about replacing the 2924XL?

If so what was the switch doing before it got removed? There are several configuration items that might need to be done. You might need to configure the VLANs and ACLs just to name a couple. I guess it would depend on what the configuration of the old switch was. If someone had just plugged it in and let it run without doing any configuration then it might very well have worked. But things might have been better if someone had taken the time to design a proper configuration for it.

The main problem is that the old technician removed the switch and he didnt left any conf sheet for the switch. my best guess is correct if Im wrong check the router config and see if it have inter-vlan right.

RouteMyPacket

Woot! Trial by fire...the real world has begun!

Anyway, as mentioned before...document current configurations and develop a comprehensive plan on how you will replace or reconfigure things.

RouteMyPacket

gouki2005 wrote: »

The main problem is that the old technician removed the switch and he didnt left any conf sheet for the switch. my best guess is correct if Im wrong check the router config and see if it have inter-vlan right.

Ouch! Old tard removed the switch and there are no backup configs? Typical lazy douchebag IT guy...aargh! Looking at the router config will give you some insight into how the switch was configured for that connection.

Looking at your ASA's will also help, I don't know how this is cut up but those should also shed some light on how things were configured previously.

Once you have things solid, look at CatTools so you never have this issue again, also you can make mass config changes via CatTools (in case you don't already use it).

I can only guess how things were cut up, i'd think at least VLAN 254 and VLAN 253 and perhaps a VLAN for Mgmt of the switch (VLAN 1)? Let us know how things progress.

Good luck!

Roguetadhg

gouki2005 wrote: »

The main problem is that the old technician removed the switch and he didnt left any conf sheet for the switch. my best guess is correct if Im wrong check the router config and see if it have inter-vlan right.

Pretty harsh. I'd make sure to let the managers know what happened. In case something is screwy.