I am wanting to splice out a T1 to be used by 10 different businesses in a complex. I want to keep each internet line to each business inaccessible from the next at the hardware (router) level. Which is the best Cisco Router to use and what specific function allows this to happen? Much obliged,
I imagine doing this with a 2600 series router, running IP Plus IOS software image; plus a Cisco Catalyst 10/100 switch that does VLANs.
On the router, set up the LAN interface to do 802.1Q trunking using subinterfaces; and assign ten VLANs, each with a private Class C IP network address. For example, VLAN 10 is IP network 192.168.10.0, VLAN 20 is IP network 192.168.20.0, etc. (mask 255.255.255.0 on each). "Plus" version of the IOS lets you do LAN subinterfaces.
Do network address translation and/or port address translation, such that each Class C network maps to one of your real-world IP addresses. (This assumes you have at least 12 real-world IP addresses: one for PAT for each of the ten VLANs, one for the router's WAN interface, and one for the router's default gateway on the other end of that T1. Any extra real-world IP addresses can be reserved for static mapping through to web servers, e-mail servers etc. located behind the router on the VLANs.) "Plus" version of the IOS gets you NAT/PAT.
On the router, run extended access control lists that deny traffic among the private IP networks, but permit all other traffic to come in and go out the T1. Any router IOS version can do this. (Or, if you get a 3550 or 3750 switch with IP routing capability, you can do the EACLs on the switch at "wire speed" and let the router keep its CPU cycles for routing out the WAN interface.)
On the switch, configure at least one access switch port per business in the complex, and run a Cat5 or better cable to their network. (This assumes the businesses are within 100m of the router and switch, and there is UTP cable to them. If distances are further and you must use fiber, use media converters to go from copper to fiber, ride the fiber, and break it back out to copper at the other end.)
Only one port on the switch should be configured as a VLAN trunk port, the one connected to the router.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...