Author Topic: Merging two networks (Read 856 times)

stauftm · « **on:** February 19, 2010, 05:44:55 PM »

Hi all, our hospital and clinic are merging our two networks. We are all nortel, they are a mix and match of cisco, netgear, nortel. They have a core that consist of two cisco 3750's. Our core, a stack of 5500 series switches will eventually become the primary core. We simply have a single fiber link between us attached physically to our core's (the two organization are in one building). We created a vlan between us (113), I'm 10.10.113.2, they 10.10.113.1. Each port on the both cores are a tagged port. We put in static routes to communicate between the two networks.
This connection used to be connected via firewalls, we eliminated the firewalls due to integration purposes. Trying to make things as simple and clean as possible for apps, and networking to work. But I'm wondering if this could cause some issues on my core. I just wanted others opinion, or experience in this scenario. I'm actually considering moving the connection back to our firewall right now due to limited knowledge on this network, and possible issues, loops, broadcasts, etc.

Thoughts?
Thanks

Michael McNamara · « **Reply #1 on:** February 19, 2010, 09:39:19 PM »

It's usually a good idea to connect two new networks utilizing a firewall so you can determine if there is any suspicious traffic originating from the new network.

Ultimately it really comes down to security and how cautious you want to be and how risk adverse you are. I recently connected a new hospital to our network and utilized a firewall for that purpose. I slowly opened specific IP networks and ports/protocols reviewing the logs every day for any suspicious activity such as bots/trojans probing via ICMP and SMB. If you have a firewall interface available I would strongly suggest you use it. After you've had a chance to evaluate the new networks security posture you can always move the interface during a scheduled maintenance window. The first thing I usually review is the Antivirus solution that is deployed on the desktops/laptops and servers. If the users have local Administrator rights the things you can find are downright scary.

Good Luck!

stauftm · « **Reply #2 on:** February 22, 2010, 01:46:11 PM »

I have noticed that my STP root has moved over to those 3750's. Not sure if that is a big issue or not. Support hasn't blinked at it being an issue.

Michael McNamara · « **Reply #3 on:** February 22, 2010, 06:33:12 PM »

You probably don't want to run Spanning Tree between the two networks, at least initially... that might definitely create some unforeseen issues. I would advise that you disable STP on the ports connecting the two networks, just remember to leave it enabled globally.

Good Luck!

stauftm · « **Reply #4 on:** February 22, 2010, 07:55:32 PM »

So basically treat the port like a MLT type port in regards to STP, so on a 5500 series.

config t
interface fastethernet 1/19
spanning-tree learning disable

Is that what I'm understanding???
Thanks,
Todd

Michael McNamara · « **Reply #5 on:** February 22, 2010, 08:44:32 PM »

That is the correct command syntax.

Network Infrastructure Forums

Author Topic: Merging two networks (Read 856 times)

stauftm

Merging two networks

Michael McNamara

Re: Merging two networks

stauftm

Re: Merging two networks

Michael McNamara

Re: Merging two networks

stauftm

Re: Merging two networks

Michael McNamara

Re: Merging two networks