Question on Network Design

Hello, Im trying to figure out how my design should look as I've just
aquired some equipment and want to practice building a network at
home.

I have a Cisco PIX 501, a 2600 Router and a Catalyst 3550 Switch that
are new to me. (somebody elses discarded equipment)

Do I go Cable modem to my PIX, then to my switch that houses my vlans,
and then just hang my router off of my switch for the internal routing
of the vlans? There is a wireless dlink router hanging off one of the
switchports of my PIX and the PIX is doing dhcp.

Someone suggested that rather, the setup should be: firewall, router,
switch.

I have seen many diagrams but few put the firewall in the diagram and
I'm just not sure of the correct setup.

Any help would be appreciated.

(E-Mail Removed) wrote:
> Hello, Im trying to figure out how my design should look as I've just
> aquired some equipment and want to practice building a network at
> home.
>
> I have a Cisco PIX 501, a 2600 Router > and a Catalyst 3550 Switch that
> are new to me. (somebody elses discarded equipment)
>
> Do I go Cable modem to my PIX, then to my switch that houses my vlans,
> and then just hang my router off of my switch for the internal routing
> of the vlans?

I'm not a Cisco expert, but the Catalyst itself supports VLANs, right? You
don't need a router for VLANs.

> There is a wireless dlink router hanging off one of the
> switchports of my PIX

I'd use a wireless access point, not a wireless 'router' device.

> and the PIX is doing dhcp.
>
> Someone suggested that rather, the setup should be: firewall, router,
> switch.

>
> I have seen many diagrams but few put the firewall in the diagram and
> I'm just not sure of the correct setup.
>
> Any help would be appreciated.

Sounds to me like you don't need the 2600. What would you use it to route
between? Your PIX is your firewall and will do NAT. It sits between your
internet connection & your LAN switch. I guess this mainly depends on how
complex a network you want to build.

"Lanwench [MVP - Exchange]"
<(E-Mail Removed) hoo.com> wrote in message
news:(E-Mail Removed)...
> (E-Mail Removed) wrote:
> I'm not a Cisco expert, but the Catalyst itself supports VLANs, right? You
> don't need a router for VLANs.

It supports them but cannot route between them. The takes a LAN Router or a
Layer3 Switch (Switch & Router Combo within same hardware device). I don't
know that the Catalyst is Layer3 or not,...I'd assume not unless told
otherwise.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

<(E-Mail Removed)> wrote in message
news:bdc20727-daa9-40fe-a615-(E-Mail Removed)...

> Do I go Cable modem to my PIX, then to my switch that houses my vlans,
> and then just hang my router off of my switch for the internal routing
> of the vlans? There is a wireless dlink router hanging off one of the
> switchports of my PIX and the PIX is doing dhcp.

Switches cannot "house" VLANs. They can be partakers of the "action" but
cannot create or control the action.

The 2600 Router would "own" the VLANs and they would never exist "outside"
the Router unless you used one interface (and the line comming from it) as
a Trunk Line that ran between it and the switch. This would be the "Router
on a Stick" concept. This is not a performance thing,...just to
opposite,... the performance will degrade because you are running multiple
subnets over a single physical line instead of 1 subnet = 1 line.

The Switch would be setup the same way, and then would have various ports
associated with a particular subnet and the subnets would "break out" from
there.

There is really no good reason (performance or otherswise) to do any VLANs
in this situation other than to able able to pat your self on the back for
your enginuity.

If you want to learn networking,..then learn networking first,...deal with
VLANinng when networking becomes second nature and you can do it without
thinking about it. The most logical approach would be to have this
equipment (with no VLANs):

1. One Firewall (PIX is fine)
2. One LAN Router with at least 2 Ethernet ports (serial ports will be
unused)
3. Two Switches (yep, 2)

Lay them out like this:

[Internet]
|
<PIX>
|
<Switch #1> (This is the first subnet)
|
| {E0 interface}
<LAN Router>
| {E1 interfeace}
|
<Switch #2> (This is the second subnet)

-- The Hosts (PCs) simply run off of the Switches
-- Everything uses the LAN Router as the Default Gateway
-- LAN Router uses the Firewall as the Default Gateway
-- Firewall needs a Static Route telling it to the the LAN Router and the
"gateway" to get to Subnet #2
-- Most likely the PIX cannot provide DHCP for two subnets (I dunno). Use
a Windows Server as a Domain Controller running DNS, DHCP, and WINS for
handling LAN infrastructure. Configure the LAN Router to forward DHCP
Queries to the DHCP Service. Consider it an opportunity to learn Active
Directory Domain design and maintainence while you are learning your
networking.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Phillip Windell <(E-Mail Removed)> wrote:
> "Lanwench [MVP - Exchange]"
> <(E-Mail Removed) hoo.com> wrote in
> message news:(E-Mail Removed)...
>> (E-Mail Removed) wrote:
>> I'm not a Cisco expert, but the Catalyst itself supports VLANs,
>> right? You don't need a router for VLANs.
>
> It supports them but cannot route between them. The takes a LAN
> Router or a Layer3 Switch (Switch & Router Combo within same hardware
> device). I don't know that the Catalyst is Layer3 or not,...I'd
> assume not unless told otherwise.

Thanks, Phil. I suspected I was getting out of my depth here. ;-)

"Lanwench [MVP - Exchange]"
<(E-Mail Removed) hoo.com> wrote in message
news:(E-Mail Removed)...
>
> Thanks, Phil. I suspected I was getting out of my depth here. ;-)

It just depends if it is a Layer3 switch or not,..I don't know what model of
Cisco's stuff has what features.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------