Norman Verona Posted January 23, 2012 Posted January 23, 2012 Ah, it's the giggling pin on the laughing shaft held in place by the long weight and the left handed screwdriver. All of which the new apprentices were sent to the tool store for. Quote
ACW Posted January 23, 2012 Posted January 23, 2012 The patching cabinet is fine, but you are right about it being bl**** narrow! Nout we could do about these as they were provided by the building owner. I actually removed all the cable management in order to allow the patch panels to be closer to the switches as the stack cables (that link the 3750s) are stretched to as far as is reasonable. If we were to get more switches in the stack, I'd re-patch (ideally blanket) and with nice colour coded cables, but this was never going to happen with the budget we had. Whilst there are two vlans (Voice/Data) they are exclusive to that switch setup. Each switchport is given an access vlan and a voice vlan. Dot1Q can be interpreted by the phones and they filter the traffic. Hence you can get away with zero routing I haven't done much with wireless either. I'd love to, but Financial institutions (PCI) tend to not get on with it The only place I know of that used EIGRP was by New Look when I went for a job there. Otherwise, it's OSPF/BGP all the way. Personally, I wouldn't use EIGRP because it really does limit your options. I know you say faster convergence on a limited radius, but it's just not worth it. Let's be honest, how many times is your network going to re-converge? Blatman - do you mean 2600 router? 2900s are switches! You want the 1m, 2m or 3m stacking channel cables rather than the 0.5m ones that come with the switches. Ok so the Voice VLAN is site local or originated at the routers hence layer 2. Clearly you dont have UC so done need PCs to connect via L3 to telephony VLAN. Wireless and PCIDSS is no issue, just means implementing Certficate Auth, user and machine certs and AES - however best avoided if not required or taken outside the PCIDSS network scope if possible. 24x7 transaction networks need v fast convergence hence in some environments EIGRP may be a good choice. lol - off topic thread I can participate in..... (just to annoy) Quote
lippydave Posted January 23, 2012 Posted January 23, 2012 lol - off topic thread I can participate in..... (just to annoy) To be fair Mr Webmaster, Sir.... The off topic posts are one of the things IMHO that makes the boardroom great..... I have no real interest in this one, but some people obviously do and they're helping??? one another so it's another example of boardroom expertise... It always amazes me on here, (Ok hardly surprising we're full of network geeks! :laugh: ) that whenever someone asks an obscure question, there's usually someone with at least a passing knowledge of the subject matter at hand.... :t-up: Quote
rocket_rabbit Posted January 23, 2012 Author Posted January 23, 2012 You want the 1m, 2m or 3m stacking channel cables rather than the 0.5m ones that come with the switches. Ok so the Voice VLAN is site local or originated at the routers hence layer 2. Clearly you dont have UC so done need PCs to connect via L3 to telephony VLAN. Wireless and PCIDSS is no issue, just means implementing Certficate Auth, user and machine certs and AES - however best avoided if not required or taken outside the PCIDSS network scope if possible. 24x7 transaction networks need v fast convergence hence in some environments EIGRP may be a good choice. lol - off topic thread I can participate in..... (just to annoy) Yep, you are dead on again with the cables. My boss thought he had a long one (CABLE!!!), but he'd used it elsewhere. Budget didn't allow for new ones Yes, wireless is allowed by PCI, but it's frowned up. I used to work for the largest online gambling company in the world. They used OSPF. I'm not saying EIGRP is bad, but it really does limit your options. When you are dealing with so many vendors (Radware,Top Layer, Cisco, Citrix, HP, Hitachi, Nokia/checkpoint), you just limit yourself. Anyway, finally finished it off today. I'd made a couple of oversights after compiling the config in notepad and pasting it onto both devices I neglected to change the odd HSRP address. The big one was IP helpers. We had it setup on the router (beyond firewall) and used the firewall itself (Which served as the default gateway for the access network) as a relay agent, but it just refused to pick up a DHCP address from the core network (in a different building over the LES link). Turns out you needed to put IP helpers on the VLANs on the access switch! Who knew?! A good learning experience in any case Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.