Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

6509 Configuration Question

I have a customer that is running a web hosting company and their network consist of a 6509 switch running BGP and no vlans as well as 24 2960 switches with only internal ip address configured for telnet connections. They are hosting over 50 servers each configured with external IP's. They would like to for us to create VLAN's for them for each customer server network for security purposes as well as prevention of Arp poisining. The problem I am having is putting my head around creating Vlans for each customer network and giving them the external static IP needed for them to work properly? I can upload a copy of the 6509 config so you can see their current setup


Hall of Fame Super Silver

Re: 6509 Configuration Question

Hello lreger,

you should look for subnetting:

can you divide the public ip address block into smaller blocks and then assign one block to each customer/vlan?

This can be feasible or not depending on the number of customers and the size of the public address block.

if not feasible  (too many customers):

- if your C6500 has a sup720 on it you could think of using NAT.

- Another possible option to isolate customers is the use of private vlans it will allow you to separate customers without subnetting


Hope to help


New Member

Re: 6509 Configuration Question

Thanks for the link I will look into this and see what the best solution might be

New Member

Re: 6509 Configuration Question

I was able to go onsite and view the actual network layout.

6509 Core Device running BGP

12 racks and 12 Cisco 2960 switches configured only for telnet access

3-4 customers servers per rack configured with static external IPs

Here is what the client would like after meeting with them again

I know that"  admin "conveyed the desire for a vlan per box.

In addition to this, I am also hoping for some private back end
networks. The vision is simple - Some of our customers would like
access to the DRAC/iLO (out-of-band management) ports on their
systems, and I would like to grant them this access using a VPN
system. This would mean private or space on the
internal network that I can vlan off much the same as our public
network. I'd also like to set up a private network that can
communicate out to the internet for a "kickstart" vlan as well, that I
will be setting up as a DHCP network to allow for automated
provisioning of boxes. In addition to this, I'd also like a private
vlan that can communicate out to the internet that is for our office
systems (desktops), as well as a private network that I will be
employing for our primary systems - email, databases, and so on.
Essentially, I want to have networks for company utility application,
as in addition to our customers I'd really like to set up secure out
of band management that can then be used to limit the need for the on-
call technician to have to come into the datacenter.

CreatePlease to create content