need help in setting up a new network.
hello all
need your help in setting up a new network, internal lan users need internet access..
Equipment For this network
1) 140 x Cisco 2960 Access Switches
2) 1 x 4500 Core Switch
3) 1 x Cisco 2911 Router
4) 1 x ASA5500 firewall
==============================
Access Switches have been configured
==============================
hostname Switch<xx>
Vlan 10
Name data
Vlan 1
Name management
Interface vlan 1
Ip address 192.168.1.x 255.255.255.0
Interface range fastethernet 0/1 – 24 (or 4
description <TO-END-USERS>
switchport access vlan 10
switchport mode access
speed 100
duplex full
spanning-tree portfast
Interface gigabitethernet 0/1
Description <Uplink-to-Core-Switch>
Swithport mode trunk
No shut
Ip default-gateway 192.168.1.1
Line vty 0 4
Transport input telnet
Login local
==============================
Core Switch Partially Configured
==============================
ip dhcp excluded-address 172.16.0.1 172.16.0.10
ip dhcp pool data
network 172.16.0.0 255.255.0.0
default-router 172.16.0.1
vlan 1
name management
vlan 10
name data
interface vlan 1
description **Management Interface**
ip address 192.168.1.1 255.255.255.0
no shut
interface vlan 10 (doubt over this)
description **Data Interface**
ip address 172.16.0.1 255.255.255.0
no shut
Interface range gigabitethernet 1/1/1 – 48
description <TO-access switches>
switchport mode trunk
**Router and Firewall not yet configured.
=================================
Router Configuration what i have thought of
=================================
int gig 0/0
description ##to-core-switch##
ip nat inside
int gig 0/1
description #to-service provider#
ip address <wan address>
ip nat outside
access-list 16 permit 172.16.0.0 0.0.255.255
ip nat inside source list 16 interface gig 0/1
ip route 0.0.0.0 0.0.0.0 <destination address>
how should the core-switch and router be connected ?
what should be the configuration of the core-switch port that will be connected to the router int gig 0/0 ?
++++++++
option-1
++++++++
i remove the int vlan 10 address from core switch and assign it to router inte gig 0/0
=> router
int gig 0/0
description ##to-core-switch##
ip address 172.16.0.1 255.255.0.0
ip nat inside
=> core switch
int gig 1/0/10
description ##to-router##
switchport mode trunk
ip route 172.16.0.0 255.255.0.0 172.16.0.1
please guide how can this be done ? is this the correct way ?
have never configured firewalls before, will be studying asa5500. can anyone provide some info on how the firewall will be connected in this network ?
need your help in setting up a new network, internal lan users need internet access..
Equipment For this network
1) 140 x Cisco 2960 Access Switches
2) 1 x 4500 Core Switch
3) 1 x Cisco 2911 Router
4) 1 x ASA5500 firewall
==============================
Access Switches have been configured
==============================
hostname Switch<xx>
Vlan 10
Name data
Vlan 1
Name management
Interface vlan 1
Ip address 192.168.1.x 255.255.255.0
Interface range fastethernet 0/1 – 24 (or 4
description <TO-END-USERS>
switchport access vlan 10
switchport mode access
speed 100
duplex full
spanning-tree portfast
Interface gigabitethernet 0/1
Description <Uplink-to-Core-Switch>
Swithport mode trunk
No shut
Ip default-gateway 192.168.1.1
Line vty 0 4
Transport input telnet
Login local
==============================
Core Switch Partially Configured
==============================
ip dhcp excluded-address 172.16.0.1 172.16.0.10
ip dhcp pool data
network 172.16.0.0 255.255.0.0
default-router 172.16.0.1
vlan 1
name management
vlan 10
name data
interface vlan 1
description **Management Interface**
ip address 192.168.1.1 255.255.255.0
no shut
interface vlan 10 (doubt over this)
description **Data Interface**
ip address 172.16.0.1 255.255.255.0
no shut
Interface range gigabitethernet 1/1/1 – 48
description <TO-access switches>
switchport mode trunk
**Router and Firewall not yet configured.
=================================
Router Configuration what i have thought of
=================================
int gig 0/0
description ##to-core-switch##
ip nat inside
int gig 0/1
description #to-service provider#
ip address <wan address>
ip nat outside
access-list 16 permit 172.16.0.0 0.0.255.255
ip nat inside source list 16 interface gig 0/1
ip route 0.0.0.0 0.0.0.0 <destination address>
how should the core-switch and router be connected ?
what should be the configuration of the core-switch port that will be connected to the router int gig 0/0 ?
++++++++
option-1
++++++++
i remove the int vlan 10 address from core switch and assign it to router inte gig 0/0
=> router
int gig 0/0
description ##to-core-switch##
ip address 172.16.0.1 255.255.0.0
ip nat inside
=> core switch
int gig 1/0/10
description ##to-router##
switchport mode trunk
ip route 172.16.0.0 255.255.0.0 172.16.0.1
please guide how can this be done ? is this the correct way ?
have never configured firewalls before, will be studying asa5500. can anyone provide some info on how the firewall will be connected in this network ?
