-
Essay / Routers - 801
The president of the company requested a viable solution to implement the network from the newly purchased new building (B2) to the existing network in a building (B1) located 500 meters away. It has been requested that new employees who will be located in B2 have full access to all network resources in B1, including access to the Internet. The new building will be used for research and development. Information processed in this building must be protected and segmented from employees to B1. It was also requested that B1 employees have limited access to B2 level resources. B1 uses a Cisco edge router as a firewall and router. There are several factors I would consider before making a recommendation:1. How many end users are expected to occupy and growth rate2. Should the connection between B1 and B2 be encrypted3. How many VLANs are needed, if any, for the new building. Taking the aforementioned considerations into account, I would choose a secure Virtual Private Network connection between B1 and B2 using between routers. There must be at least one VLAN connection from B2 extending to B1. This VLAN connection will be protected through the VPN connection while IPsec is enabled. Inter-VLAN routing will be configured on internal switches located in B1 so that B2 network traffic is segmented from B1 production data. All relative switches in the network will be configured for sharing so that all VLAN data can traverse the entire network domain. Security mechanisms such as port security will be enabled on network switches for an additional layer of security. In order to complete this type of connection from B2 to B1, a high power switch, for example like a Catalyst 6500 series which has a layer...... middle of paper ...... AN data to propagate to all related switches with having to create separate VLANs on each of them. The VTP or VLAN trunking protocol reduces administration on the switched network. VLAN configuration data is shared through the VTP. This data is encapsulated between switches, therefore B2 data will not be accessible to B1 employees. Port security and ACL will be configured on the switches. Port security allows exclusivity to be granted to specific nodes by the MAC address of a switch port on a network switch. If a device is plugged into the network configured for another device, that port will be automatically disabled. VPN, VLAN, VTP, trunking, nating and port security are the methods I recommend to meet the president's request. These protocols ensure the establishment, segmentation and security of communication between B1 and B.2.