1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My first CCNA network case study - plz critique!

Discussion in 'General Cisco Certifications' started by Kimlechef, Oct 22, 2007.

  1. Kimlechef

    Kimlechef New Member

    Hello all,

    I am new. I have been working on this for hours and hours. Would you be willing to take a look at the IP addressing and network design and critique it for me.

    http://www.flickr.com/photos/[email protected]/1679021691/

    Things you will need to know:

    * This is for a 4 story building.
    * I have to use private IP addressing for the LAN
    * Each switch needs to be on a separate subnet
    * All the servers have to be on one subnet

    I'm not sure if I did this correctly - any critique would be appreciated.

    Brand spanking new to this,

    Kim :)
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    First of all, the diagram is hard to read the way things are laid out.

    Secondly, it looks like all of your servers are connected directly into a Firewall which is odd. If they are all on the same subnet, I'd expect them to connect to a high capacity switch and then to the interface of a router for that subnet. I'd expect the firewall to be between the gateway router and the Internet, which it isn't (as far as I can tell).

    A better way to draw the diagram for readability might be to split the drawing space into quadrants so we can see just how you've set things up floor by floor. You could also split the drawing up by subnets which would be just as helpful (maybe more).

    Everything else seems ok. You have a core switch linked to access level switches for the workstations on each floor/subnet (I'm guessing that each floor gets its own subnet).

    Getting back to the servers, I'm not sure if some of them are supposed to be in the DMZ or not (between the firewall and the Internet cloud). Usually the mail, web, and DNS servers will be in the DMZ and the Print, Apps, and DHCP should be inside the firewall and not accessible at all from the Internet (unless you have mobile workers connecting to them via VPN which doesn't seem to be the case here).

    A lot of times you'll double firewall the DMZ with the Internet cloud, then a firewall, then the servers in the DMZ and then another firewall so that each level of access has to pass through a separate layer of protection.

    That's about all I can say by looking at the current diagram. I hope some of this is helpful.
    Certifications: A+ and Network+
  3. Kimlechef

    Kimlechef New Member

    Thank you for your feedback.

    I'm still a little fuzzy on what the "physical" & "logical" connection looks like for putting the servers in the DMZ. I thought it was to connect them behind the firewall from the rest of the network.

    We were instructed to give each switch its on subnet as opposed to giving one department in the building its own subnet.

    So I gave each switch its own subnet address.
    I kept the router, core switch, and firewall all on the same subnet.
    I kept all of the servers on the same subnet.

  4. Firemouse

    Firemouse Bit Poster

    your DHCP server is assigned a network address
    Certifications: CCNA, MCP
  5. Kimlechef

    Kimlechef New Member

    I updated my visio doc due to comments I got from another source. I left the DHCP server with a static IP as that is the way I want it. :) I changed some of the IP addresses and my firewall is shown to do NAT, not the router.

    Its here: http://www.flickr.com/photos/[email protected]/1683336722/

    Please feel free to post any other comments.


  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    You set yourself up for vulnerabilities using a subnet mask that large.

    How is your Cisco 3800 router going to communicate with your firewall?
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page