Help with network design for school wan

Unanswered Question
Jun 14th, 2009
User Badges:

Hi There,

I'm not entirely sure about what solutions are available for this design. Any guidance would be greatly appreciated.

[school wan] ---> [3560G] --> (P1_7606) [MPLS Cloud] (P2_7606) --> WWW

The school wan encompasses a number of schools. They want to use us (the service provider) for Internet traffic but have all school traffic not go beyond the Cisco 3560G switch unless it's Internet traffic.

My Manager suggested we create a "virtual router" for them - by this I wasn't sure if he meant that we use vrf-lite or if we set them up on our MPLS network.

Are we best to we use vrf-lite and create a vrf locally on the 3560G and establish some route leaking for internet traffic or do we encompass them into our MPLS network (not sure which way is better). We run a mixture IP and MPLS within our core network if that helps. Or is there a better solution out there?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Edison Ortiz Sun, 06/14/2009 - 14:55
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

How about outbound filtering on the school private subnet with a permit ip any any at the end of the ACL?

For instance, school private subnet 10/8

ip access-list extended INTERNET

deny ip any

permit ip any any

interface fx/x or svi x/x

ip access-group INTERNET out




This Discussion