hi! currently i've the following config in my core sw. We're deploying a new software based FW + a SSL GW in my network. I've attached a diagram with sample wan ip segments to illustrate the scenario. Eg. In the public DMZ segment 18.104.22.168/29, i;ve added in an umanaged sw to enable 3 connections from this segment. My question is that can this work by turning one of my core switch's port to L3 using the command no switch port and set the ip to 22.214.171.124 + add a route "ip route guest 0.0.0.0 0.0.0.0 126.96.36.199" to the core sw? (of course the existing ip route guest 0.0.0.0 0.0.0.0 172.16.252.1 command will be removed). Will this route enable clients from the VRF network to go to the internet?
I would also add a route to enable traffic to 10.10.10.1/24 segment by adding another route to the core sw "ip route 10.10.10.10.1 255.255.255.0 10.10.11.1".
Is the routing required for this public/private dmz being done correctly? Any additional route required in the static route or routing protocol?
My last question is why there's a need to have a private dmz with a private address in this case?
Thanks in advance
ip vrf guest
description guest internet access
route-target export 100:1
route-target import 100:1
ip vrf forwarding guest
ip address 172.16.255.255 255.255.255.255
interface vlan 11
ip vrf forwarding guest
ip address 172.16.252.2 255.255.255.0
standby 1 ip 172.16.252.1
standby 1 priority 150
standby 1 preempt
router ospf 11 vrf guest log-adjacency-changes passive-interface default no passive-interface Vlan123 network 172.16.252.0 0.0.0.255 area 0 network 172.16.255.255 0.0.0.0 area 0 !
hi! ANyone has any comment or know how do i enable my client in the vrf network to be routable to 188.8.131.52 and able to access the internet from there based on my scenario? Do i need to add in the command "ip vrf forwarding guest" in my physical interface where the ip 184.108.40.206 is configured? pls advise. thks
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...