This article guides you with how to design network that is efficient, scalable, and secure. When designing network there are wide variety of aspects to consider which varies according to every network requirement. Here are few design tips that will help you design network.
- VLAN is the logical separation of network devices into different broadcast domains while in the same physical infrastructure. Typically, if paired with an appropriate subnetting, proper VLAN assignment can reduce network overhead, improve security and makes administration simple. This approach would provide protection to network data by limiting user access to few network devices.
- A subnet is another way to separate a network logically on the basis of location or department. Proper subnetting can ease administration and reduce network overhead. A clear subnetting of network will easily identify sites, departments and secured organizational areas as separate subnets. Subnetting not only aides network security, it also reduces network overhead by limiting network traffic to designated areas only when used with appropriate VLAN design. When designed by considering future growth in planning, subnetting provides your network scalability.
- A firewall provides extra protection to networks. It can be configured to allow or deny communication based on different parameters. Securing a database that holds credit card information or putting the crucial systems behind a firewall can protect a company’s intellectual property and other sensitive data from attackers.
- A DMZ (demilitarized zone) is a segment of the network that users can access using internet. This allows external users to access a service such as a website or an email without accessing the company’s internal network. A DMZ adds security to the network by segmenting the systems frequently accessed by external resources. This limits outsider’s from accessing your internal network, where you have implemented a firm security policy.
- You can use quality of service on routers and switches to prioritize one VLAN over another which is useful in situations when the network is at high utilization as the voice traffic will receive priority over data.
- Designing your network in a hierarchy will allow you to scale the hardware requirements and ensure your network operates at optimal speed. It is recommended by Cisco to use a 3-tier design consisting of core, distribution, and access layers with most expensive and feature-rich switches in the core and distribution layers and less expensive switches can be used for the access layer, where end users will connect.
- Spanning tree protocol allows a network to have multiple connections to single point by eliminating loop formation. When designing a hierarchical network, you need to take care of spanning tree settings on the network. The default settings will work, but most likely won’t be the most efficient solution. Best practices suggest that the root switch of spanning tree implementation must reside in the core layer of the network. In case when network isn’t clearly tiered, the root switch must be situated close to the Internet or the servers with most traffic.
- Port channel, also known as Ether channel, NIC teaming or link aggregation groups multiple network cables into a single link. This increases the speed of the link between two devices on the network and also provides redundancy.
- Port Security feature allows a computer or multiple computers to use that port on the switch. If the switch notices a violation, it disables the port and shuts off network access.
Learn more about Cisco Certification Exam