I'm coming from a network that uses Cisco 2600 routers and now looking at using the 1812 integrated services router. On the 2600, there is a separate output for a DMZ segment. I don't see that called out as a feature in the 1800 series. Can you configure one of the 8 LAN ports as a DMZ? Is that done using the VLAN features?
I am not sure that I really understand what you are trying to accomplish. When you talk about establishing a DMZ are you trying to use firewall rules on this router? When you talk about routing WAN traffic to the VLAN is this traffic from the inside going toward the WAN that you want to route into the DMZ or is it traffic from the outside WAN that you want to route to the DMZ?
I want is to have 2 segments behind the router / firewall. The LAN segment contains user workstations and internal servers for shares, print, email. The DMZ segment contains web servers, ftp, mail relays, dns, etc. All inbound WAN traffic goes to the DMZ. So, I think it's a combination of routing rules and firewall rules. Routing rules to say send inbound WAN traffic to the VLAN and firewall rules to say just ftp, http, etc. Sound right?
If the inbound WAN traffic has a destination address in the DMZ subnet then routing to the DMZ is easy. I am not quite clear what you want to do with traffic inbound from WAN and whose destination address is in the LAN? If you also want to send that through the DMZ then you probably need to implement Policy Based Routing to identify all traffic arriving on the WAN interface and having destination addresses within the LAN and set the next-hop as an address in the DMZ.
The LAN is a NAT'd / firewalled private network not directly visible to the WAN, so there should be no inbound traffic from the WAN. There are proxies in the DMZ such as email relay that need to be able to send to LAN servers, but hopefully that's just a routing rule. Does that make sense with the 1812?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...