My first CCNA network case study - plz critique!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello all,

I am new. I have been working on this for hours and hours. Would you be willing to take a look at the IP addressing and network design and critique it for me.

http://www.flickr.com/photos/15694156@N08/1679021691/


Things you will need to know:

* This is for a 4 story building.
* I have to use private IP addressing for the LAN
* Each switch needs to be on a separate subnet
* All the servers have to be on one subnet

I'm not sure if I did this correctly - any critique would be appreciated.

Brand spanking new to this,

Kim

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

First of all, the diagram is hard to read the way things are laid out.

Secondly, it looks like all of your servers are connected directly into a Firewall which is odd. If they are all on the same subnet, I'd expect them to connect to a high capacity switch and then to the interface of a router for that subnet. I'd expect the firewall to be between the gateway router and the Internet, which it isn't (as far as I can tell).

A better way to draw the diagram for readability might be to split the drawing space into quadrants so we can see just how you've set things up floor by floor. You could also split the drawing up by subnets which would be just as helpful (maybe more).

Everything else seems ok. You have a core switch linked to access level switches for the workstations on each floor/subnet (I'm guessing that each floor gets its own subnet).

Getting back to the servers, I'm not sure if some of them are supposed to be in the DMZ or not (between the firewall and the Internet cloud). Usually the mail, web, and DNS servers will be in the DMZ and the Print, Apps, and DHCP should be inside the firewall and not accessible at all from the Internet (unless you have mobile workers connecting to them via VPN which doesn't seem to be the case here).

A lot of times you'll double firewall the DMZ with the Internet cloud, then a firewall, then the servers in the DMZ and then another firewall so that each level of access has to pass through a separate layer of protection.

That's about all I can say by looking at the current diagram. I hope some of this is helpful.

 

Thank you for your feedback.

I'm still a little fuzzy on what the "physical" & "logical" connection looks like for putting the servers in the DMZ. I thought it was to connect them behind the firewall from the rest of the network.

We were instructed to give each switch its on subnet as opposed to giving one department in the building its own subnet.

So I gave each switch its own subnet address.
I kept the router, core switch, and firewall all on the same subnet.
I kept all of the servers on the same subnet.

Kim

 

your DHCP server is assigned a network address

 

I updated my visio doc due to comments I got from another source. I left the DHCP server with a static IP as that is the way I want it. I changed some of the IP addresses and my firewall is shown to do NAT, not the router.

Its here: http://www.flickr.com/photos/15694156@N08/1683336722/


Please feel free to post any other comments.

Thanks!

Kim

 

You set yourself up for vulnerabilities using a subnet mask that large.

How is your Cisco 3800 router going to communicate with your firewall?