My question is related to the implematation of dynamic routing between the brances.
The current situation is as follows:
Our network consists of a Catalyst 4507 at our main location and 3560's at our branches. For the employee workstations we've created vlans. Every branch has it own vlan. Our servers are together in a server vlan.
At our main location, at the 4507, there are vlan interfaces in each vlan and ip routing is enabled for routing between the vlans. The brances are connected via trunks in one ring-like network.
Internet for our employees is supported by a hardware firewall which is connected with one of its interfaces to a switch interface at the 4507. This firewall interface is configured as gateway-of-last-resort with the ip route command.
To provide our patients with an internet connection we've created a company-wide vlan. This vlan doesn't have a vlan-interface at the 4507 so traffic to
and from this patients-vlan cannot be routed to and from our other vlans. We have done this for security reasons.
The firewall has a 2nd interface in this vlan and at this interface dhcp is enabled and acts as the routed interface (default-gateway) for this patients vlan.
In the nearby furure we want implement dynamic routing between our brances with ospf. We want to get this done by setting up the trunking interfaces of the 3560's to be routing interfaces. This means that at every branch a employee vlan and a
patients vlan need to be created.
What is the best way to keep the patients ip traffic seperated from the other traffic? I was thinking of create ACLs on the patients-vlan. But is this the best way?
interface which denies traffic to private networks (10.x.x.x in our case) so only traffic to the internet is allowed.
Is there a way to route our patients internet traffic directly to a chosen interface at the firewall?
Is there a technique to span a vlan or in other words to span the same ip subnet over multiple brances in this configuration?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...