cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1087
Views
0
Helpful
3
Replies

6509 Configuration Question

lreger
Level 1
Level 1

I have a customer that is running a web hosting company and their network consist of a 6509 switch running BGP and no vlans as well as 24 2960 switches with only internal ip address configured for telnet connections. They are hosting over 50 servers each configured with external IP's. They would like to for us to create VLAN's for them for each customer server network for security purposes as well as prevention of Arp poisining. The problem I am having is putting my head around creating Vlans for each customer network and giving them the external static IP needed for them to work properly? I can upload a copy of the 6509 config so you can see their current setup

TIA

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello lreger,

you should look for subnetting:

can you divide the public ip address block into smaller blocks and then assign one block to each customer/vlan?

This can be feasible or not depending on the number of customers and the size of the public address block.

if not feasible  (too many customers):

- if your C6500 has a sup720 on it you could think of using NAT.

- Another possible option to isolate customers is the use of private vlans it will allow you to separate customers without subnetting

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/pvlans.html

Hope to help

Giuseppe

Thanks for the link I will look into this and see what the best solution might be

I was able to go onsite and view the actual network layout.

6509 Core Device running BGP

12 racks and 12 Cisco 2960 switches configured only for telnet access

3-4 customers servers per rack configured with static external IPs

Here is what the client would like after meeting with them again

I know that"  admin "conveyed the desire for a vlan per box.

In addition to this, I am also hoping for some private back end
networks. The vision is simple - Some of our customers would like
access to the DRAC/iLO (out-of-band management) ports on their
systems, and I would like to grant them this access using a VPN
system. This would mean private 10.0.0.0 or 172.16.0.0 space on the
internal network that I can vlan off much the same as our public
network. I'd also like to set up a private network that can
communicate out to the internet for a "kickstart" vlan as well, that I
will be setting up as a DHCP network to allow for automated
provisioning of boxes. In addition to this, I'd also like a private
vlan that can communicate out to the internet that is for our office
systems (desktops), as well as a private network that I will be
employing for our primary systems - email, databases, and so on.
Essentially, I want to have networks for company utility application,
as in addition to our customers I'd really like to set up secure out
of band management that can then be used to limit the need for the on-
call technician to have to come into the datacenter.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco