need help in setting up a new network.

raza1

hello all

need your help in setting up a new network, internal lan users need internet access..

Equipment For this network

1) 140 x Cisco 2960 Access Switches
2) 1 x 4500 Core Switch
3) 1 x Cisco 2911 Router
4) 1 x ASA5500 firewall

==============================
Access Switches have been configured
==============================
hostname Switch<xx>

Vlan 10
Name data

Vlan 1
Name management



Interface vlan 1
Ip address 192.168.1.x 255.255.255.0




Interface range fastethernet 0/1 – 24 (or 4
description <TO-END-USERS>
switchport access vlan 10
switchport mode access
speed 100
duplex full
spanning-tree portfast



Interface gigabitethernet 0/1
Description <Uplink-to-Core-Switch>
Swithport mode trunk
No shut


Ip default-gateway 192.168.1.1

Line vty 0 4
Transport input telnet
Login local

==============================
Core Switch Partially Configured
==============================


ip dhcp excluded-address 172.16.0.1 172.16.0.10

ip dhcp pool data
network 172.16.0.0 255.255.0.0
default-router 172.16.0.1


vlan 1
name management


vlan 10
name data

interface vlan 1
description **Management Interface**
ip address 192.168.1.1 255.255.255.0
no shut


interface vlan 10 (doubt over this)
description **Data Interface**
ip address 172.16.0.1 255.255.255.0
no shut

Interface range gigabitethernet 1/1/1 – 48
description <TO-access switches>
switchport mode trunk


**Router and Firewall not yet configured.

=================================
Router Configuration what i have thought of
=================================

int gig 0/0
description ##to-core-switch##
ip nat inside

int gig 0/1
description #to-service provider#
ip address <wan address>
ip nat outside

access-list 16 permit 172.16.0.0 0.0.255.255

ip nat inside source list 16 interface gig 0/1


ip route 0.0.0.0 0.0.0.0 <destination address>


how should the core-switch and router be connected ?

what should be the configuration of the core-switch port that will be connected to the router int gig 0/0 ?

++++++++
option-1
++++++++

i remove the int vlan 10 address from core switch and assign it to router inte gig 0/0

=> router

int gig 0/0
description ##to-core-switch##
ip address 172.16.0.1 255.255.0.0
ip nat inside

=> core switch

int gig 1/0/10
description ##to-router##
switchport mode trunk

ip route 172.16.0.0 255.255.0.0 172.16.0.1



please guide how can this be done ? is this the correct way ?

have never configured firewalls before, will be studying asa5500. can anyone provide some info on how the firewall will be connected in this network ?

SteveO86

I'd look at the Cisco Design and check out some configuration guides for the Hardware/Software you are running.

That should give you a great starting point.