we're founding a small consultancy business and therefore I need to setup a network.
I have basic knowledge and experience with Cisco IOS for routers and Catalyst switches as I setup and managed T1-, DSL-, Dialup-, Firewall- and LAN-connections with Cisco systems ranging from 800 to 3600 series. But this was 8 years ago.
As being computer scientists and IT-specialists we want to manage the network by ourselves.
The following diagramm gives a brief overview of network topology and services.
The main idea is to subdevide the hosts into one server LAN and one or more user LANs. For the moment all networks are going to be wired networks.
Basically I need assistance in selecting the right router system. It should be affordable for a small business.
I think a 892 router would do a great job, if
- it supports the PPPoE client protocol on the FE WAN Link
- it can negotiate network configuration from PPPoE and setup the default gateways dynamically while preserving the static routing configuration for local subnets
- the GE WAN interface can be used as LAN link to the servers' LAN
- it can do NAT between the ADSL WAN Link interface and the workers' LAN interface
- it can do port forwarding (PAT) between the FE WAN (ADSL) interface and the LAN interface to the servers' LAN (cf. 3)
- it can perform filtering (ACL) and perhaps statefull packet inspection on connections to the servers' LAN
- it can perform content filtering on the interface to the workers' LAN interface
- the ISDN BRI interface can be used for inbound and outbound PPP connections
It would be nice, if experts give answers on those questions.
In my scenario the interfaces would connect according to the following list:
FE LAN -> Workers' LAN
#1 GE WAN -> Servers' LAN
#2 FE WAN -> ADSL PPPoE Internet Connection
At the beginning I would want to use the 892 router's internal switch and later upgrade with an gigabit switch.
I'm not sure how to deal with the perdiodic connection reset done by the ISP. Specialists at the ISP company said, the IP/PPPoE connection is interrupted by their systems every 24h and can immediatelly be (re-)established by our systems by simply reconnecting to them. Maybe somebody can tell his experience with similar scenarios, especially along with busy WAN connections.
The ISP specialists also mentioned, that their CPE router can be configured to bridge-mode or can be totally substituted by one of our router systems. I think I would need a ADSL over ISDN (Euro) WAN interface, which afaik in the 800 Series routers isn't manufactured along with 2 G-/F-E interfaces.
The 892 routers include one ISDN BRI interface, which I would like to use for inbound PPP connections without having a RADIUS or LDAP service. I think it can be done with basic AAA directly on the router. Is that right?
I'm looking forward to get some feedback from you.
Thanks in advance.
Marcos Otero Garcia