Hi there, I have never really use these, in a network do you put the router on the edge and then pix then lan, and are these layer 2 devices, and if so why does each interface have its own ip address, also does it route in between each interface ?
Carl, this is a more a security question than a lan question. However, I will try to answer you.
Accoring to Cisco's SAFE blueprint, networks should be have a perimiter router on the edge of the network. The provider edge module of the SAFE model contains a packet filtering router, with the emphasis on packet. It does not filter the contents of the conversation, just the IP address. In the case of a Internet security threat, such as a worm or trojan the router could do CBAC to prevent malicious data from entering the network.
Behind the router you'll find a firewall. This firewall is mostly a layer three firewall. Since the release of PIX code 7.0, Cisco firewall and security appliances can run in stealth mode. This occurs on layer 2 of the OSI model.
That firewall is segmented in at least three networks: outside, DMZ and inside. Where the permiter router connectes to the outside the DMZ is a network containing bastion (hardened) hosts. The inside interface connects to either a private DMZ or the internal network.
All these interfaces are have their own small subnets. It is customary to see 28-29 bits of subnetmasking.
The reason for the seperate addresses are that it are different subnets. Just as with VLANs you have different subnets and need some kind of routing to communicate between them. The same can be said for firewalls, to communicate between the different subnetworks you'll need to route packets throug the firewall.
If a VLAN was assigned to one of the interfaces it would be created as a sub-interface.
For instance if I have DMZ1 on interface E0/1 that would be a different subnet than DMZ2 on E0s subinterface E0/1.1. Both subnets use the address assigned to the (sub-)interface as the default gateway.
ip address 192.168.0.1 255.255.255.248
ip address 192.168.0.9 255.255.255.248
I hope this clarifies the concept of VLANs and gateways.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.