I was looking at the Catalyst 500 for a specific purpose, but I am not sure if it will work or not.
We are wanting to set up a small network in one of our buildings for our clients to be able to access the internet, but we do not want them to have access to the rest of our network. At first glance, putting them behind a Catalyst 500 on a Guest Smartport sounds ideal, restricting their routing only to the gateway, but there are two HP switches between where the clients will be and the Internet gateway.
Will this matter? Does the route have to be all-Cisco, or can it be mixed like this?
No, the other switches don't matter. When the clients want to go outside of their internal network, they will go to the DFGW. However, you want to make sure that on the DFGW that you setup acl's to make sure that they are blocked from anything else.
I think port security (I took a quick look at 'guest smartport') is just mac filtering so I'm not sure (without digging further) that it will actually firewall/acl your traffic.
To do it fairly securely, you need to create a separate subnet on your network for this guest network. Make your router's ethernet interface a trunk and configure subinterfaces on the router's ethernet interface with ip addresses in your various subnets. Example:
no ip address
description Internal network
ip address 192.168.1.1 255.255.255.0
encapsulation dot1q (may have to define native vlan here)
description Guest network
ip address 192.168.10.1 255.255.2550
ip access-group 101 in
Access-list 101 would deny any traffic to your internal network but then allow all, to let them get to the Internet.
You will have to make the switchport that the router's ethernet currently plugs into is a trunk port running the same encapsulation (dot1q or isl, just make the necessary adjustments on the ethernet interface).
You will also need to setup a dhcp scope and then also the vlan ports on the switch they are behind so when they do a dhcp request, they get an ip out of the correct subnet.
If you want to make it to where they can plug in anywhere on the network and still only get to the Internet, look into dot1x.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.