Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
3
Replies

More info on elimination of 7200 router and connection to 4500 core

Go to solution
news2010a
Level 3
Level 3

‎05-08-2007 01:32 PM - edited ‎03-03-2019 04:53 PM

Let me just clarify one more point:

MyHeadQuarters controls Internet access, content filtering, etc as shown below:

(Internet Headquarters)-->[border router Headquarters]-->[firewall HeadQuarters]-->{DS-3 to MPLS provider}++MPLS Cloud++{<---Fiber to ChildCompany}<-ChildCompanyRouter7200 <-4500 Core Switch_ChildCompany

In this case, is it necessary to keep the ChildCompanyRouter7200 as a best practice?

Or instead I should just plug an eventual fiber/ethernet cable which will

replace the {T1 to MPLS provider} directly onto thte 4500 Core Switch_ChildCompany?

We discussed before that it is the best security practice to keep an edge router and not connecting

the "external" connection directly onto the core switch, because in case of DOS attacks, things may

look rough and unstable if plugged directly into the core switch. I totally agree.

However, in this case, to my understanding all my connectivity and filtering is done by MyHeadQuarter edge devices. Am I right or there are other risky factors I am missing here when connecting the ChildCompany to the WAN MPLS provider?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to news2010a

‎05-08-2007 03:23 PM

As mentioned before, I think all boils down to where you run router-like features like NAT or FW, VPN if you have it.

The 4500 unlike the 6500/7600 does not have hardware modules to support these functions, in that case you need a router anyway.

But once again, as you don't need these at the child company, the switch alone will do. The internet has been firewalled / natted already at the headquarter, so there is no attack that you should worry about.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎05-08-2007 01:43 PM

But, to give things a size, what 7200 is yours? Anything less than NPE-400 is probably inadequate for fiber acess speeds.

0 Helpful

Go to solution
news2010a
Level 3
Level 3
In response to paolo bevilacqua

‎05-08-2007 02:11 PM

If the design is right and keeping a router is recommended there, I can put NPE's/NSE's modules which should handle the fiber ethernet speed alright. You can assume that that is the case.

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to news2010a

‎05-08-2007 03:23 PM

As mentioned before, I think all boils down to where you run router-like features like NAT or FW, VPN if you have it.

The 4500 unlike the 6500/7600 does not have hardware modules to support these functions, in that case you need a router anyway.

But once again, as you don't need these at the child company, the switch alone will do. The internet has been firewalled / natted already at the headquarter, so there is no attack that you should worry about.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card