I'm really in over my head. What do you mean by "sup engine"?

Hi

The modular switches like the 4500 & the 6500 are based on a chassis in which you can insert linecards or service modules. These chassis switches have something called a Supervisor Engine which is the "brains" of the switch.

In your 4500 chassis the supervisor engine should be in the top slot. Have a look at it and it should tell you what type it is eg

Sup 2+, Sup 3, Sup V.

Most of the more recent 4500 switches are also capable of routing so as Narayan has said you might be able to use your 4500 to do the routing.

HTH

Jon

I explained my situation too vaguely. I don't actually have any of this equipment. I need to design it on paper for a final term paper assignment for the class I am taking.

Here are the requirments that were set forth for this:

with 4 subnets

and 50 host addresses.

One subnet will be the HR Department.

All inbound and outbound traffic from the other subnets will be denied access to the HR Subnet.

Make sure to list where all static IP Address will be places,

and the commands needed to create your Access List.

I have the subnets addresses figured out.

I can use the 4500 with one 48 port card each, (or two if I actually have to have 50 hosts on each subnet..).

It is trying to figure out what router to use at the top of each subnet and what router to tie the other four together.

PLEASE HELP ME

Basically, what is being stated is that the 4500 switch can, with the correct supervisor module, work as a router as well as a switch...and can route each subnet to the others or, in your case, also block a subnet from another. This eliminates the need for an external router (external to the 4500's supervisor module, that is). In the event the supervisor module for the 4500 isn't capable of routing, then you would need an external router to do the routing for you.

It sounds like you need to create VLAN interfaces on the router and some ACLs to isolate the HR network from the others. The ACLs might be tricky because the HR people might need some access to devices outside their network (ie. domain controllers or file servers) but it isn't too complicated.

Thankyou. Now I do remember that an ACL has to be specific to the router it resides on.

If I have individual WS-X4148-RJ 48 port cards plugged into the switch, then i can configure them separately?

And on one of the cards, I can specify an ACL?

Well, in this case, you would probably configure each port separately. Each port will be in the VLAN it is supposed to be in. Let's say HR is VLAN 10 and IT is VLAN 20, you might have 20 ports in VLAN 10 and 28 ports in VLAN 20 on a given module. Hosts on each VLAN cannot communicate with other VLANs unless they go through the router...which is where the ACLs would be placed and would come into play.

What you propose can easily be done on one router. The switch side would likely be 5 48 port modules (assuming all hosts are connected to this switch) and one router...either integrated into the supervisor module or separate from the switch. Most of the 240 ports would be configured to be in one of the four VLANs (you'd have some ports left over). The ACLs would probably be a few permits to and from the HR subnet (for any external resources they need access to) and then a deny and would be applied on the router to the VLAN interface for that VLAN.

Thanks Dan, let me work on this for a while and see what I come up with !!!

Feel free to email me any questions.

I can?t figure out how to do the commands for an ACL list to protect the first subnet from the other three while still allowing the first one to have outbound traffic.

Here are the addresses:

IP 221.221.221.0

Sub 1 221.221.221.0

Host 221.221.221.1 > 62

Sub 2 221.221.221.64

Host 221.221.221.65 > 126

Sub 3 221.221.221.128

Host 221.221.221.129 > 190

Sub 4 221.221.221.192

Host 221.221.221.193 > 254

The specs of what I am designing is as follows:

(4)WS-X4548-GB-RJ45-Cisco Catalyst 4500 Enhanced 48-Port 10/100/1000 Mod (RJ-45)

WS-C4507R Cisco Catalyst 4507R Chassis 7 slot Maximum 240 Ports

WS-X4013+ Cisco Catalyst 4500 Series Supervisor Engine II-Plus

Cisco IOS Software Release 12.1(19)EW or later

Can anyone help me with this, Please????