On Tue, Jun 03, 2008 at 04:46:36PM -0700, Steven Kurylo wrote:
> > You could do that but 802.3ad (aka multi-link trunking/link aggregation)
> > would probably work better. You double up the available bandwidth but
> > it would continue to work at reduced capacity if a link fails.
>
> But thats only between one switch and the router. As in your diagram
> below, I'd want at least two switches connected to the router; a
> partial mesh network topology at the very least.
Good if you have the physical path diversity to mitigate against the
risk of cable cuts. A hub and spoke is simpler to manage. If you can,
it'd be better IMO to put complexity into redundancy of the core
router first. A failure of that could be a bigger problem than losing
one edge switch because someone sawed through a conduit.
I'm not a big fan of spanning tree in simple networks, it can be more
hastle than it's worth. I'd say it's a must on big networks and nets
with little control over what goes on a physical connection, just not
small, simple networks.
http://www.2000trainers.com/cisco-ccna-03/ccna-spanning-tree-convergence/
>
> > do most of the work. Use iptables if you want funkier allow/deny
> > firewalling functionality between VLANs. Logically it should look
> > equivalent to a router box with a heap of ethernet ports although
> > I've never built anything with more than 4.
>
> Yes for full access, the ip routing is enough. But there will be
> restrictions, one vlan will be public wireless, so only internet
> access. There will be a couple voip vlans - they all need to reach
> the phone system, but have no reason to reach each other. There will
> be a dmz for webservers. Etc. Pretty easy with iptables.
Be sure to use 802.1p if you can. That will carry the VoIP priorities
into the L2 switches (assuming they support it) if they don't support
L3 QOS mechanisms.
Also, if you haven't already purchased the D-Link switches, take a look
at what Dell offers. I've had better experience with them than D-Link
and they're budget priced.
Received on Tue Jun 3 18:08:32 2008
This archive was generated by hypermail 2.1.8 : Tue Jun 03 2008 - 18:08:34 CST