Hi. I am setting up a network rack that I will be sharing with 5 customers. Right now, I've been given 5 pubic IP's. Each customer has their own router/firewall/etc. What I need to do is just create a single point of connection that breaks out the public IP's. I don't need NAT or BGP. I've been given a 3750 to use and I think it will work without a router. Can anyone just point me in the right direction how to set this up? 5 Vlans? Thanks
If you create a dedicated VLAN for all 5 customers, then you'll need 5 subnets. Whereas you only have 5 IP addresses within the same subnet.
Presuming one of your 6 usable IPs is for the ISP to assign to their router, then the switch would simply forward traffic between ISP router and each customer firewall. This would all be done within a single VLAN.
You can use VLAN Access Control Lists (VACLs), also known as VLAN Maps, to control traffic within the same VLAN: -
Makes since. But I can use PVLAN correct? Isolation on ports going to servers, and open on the net connection. I tested the one vlan option last night in my rack and worked great. We are not worrying about policing bandwith as of yet.
Personally, I think you should look into putting each customer into a vrf if your switch ios supports it. This would allow them l3 connection and be truly isolated. Since you stated that each customer has their own router/firewall/etc, you could safely presume that they also have different wan addresses and internal subnets. You could use one of your addresses toward the ISP for the global routing table, and then add each interface towards the customer to a vrf with support for their wan addresses. You don't need nat as long as you break out of the vrf for routing through the global routing table (unless the customer will do the natting for their own equipment.
Also, you can definitely use 5 vlans and create an svi for each vlan. The only issue with this is that there is not segmentation of traffic unless you plan on using acls on each svi. This can become a management nightmare. If you have to add another svi later to support another customer, you have to remember to go into all 6 customers svis and add the appropriate ace to the existing acl on their respective svi.
One more question... So I have .49-.54. My gateway (ISP) is .49. Would I set the VLAN to .50 and then clients would be .51 to 54? Or would I even need routing? Just plug the incoming connection in to the switch, each clients gets a address with gateway of .49?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...