T1 coming into an office complex terminating at a Cisco 1751 running IOS Firewall software. Office complex has multiple separate companies with varied and separate internal network segments. Need to share T1 between these disparate network segments.
Can this be done using only the existing router, terminating the T1 and performing NAT, and a Layer 3 switch with separate VLAN's for each corporate network? How might that be implemented? Assuming that it were possible to completely assign the IP numbering scheme for each of the companies, how might this be distributed?
Any advice on designing an appropriate solution would be greatly appreciated.
If there are only a few users, could do it on the cheap with a layer 2 cat 2950 (or similar) and create separate vlans on this switch for each company. Then between the switch and router (1751) you could trunk all vlans. On the single router ethernet port you would in effect create the gateway for each network and then default route out the T1. Access lists applied to the ehternet sub-interfaces could then restrict inter-network access.
If there are more users, you probably want to put in a separate layer 3 switch, maybe a 3550 or 4000/4500. This would provide extra bandwidth and scalability. This switch could have users directly plugged in or privide links to floor access switches. Access lists apply again.
The 1751should be performing nat and usuall firewall duties.
Thanks for the reply. That's basically what I was envisioning, but I was concerned I was missing something. The access lists are something I hadn't considered in my initial thoughts, but are obviously critical in this multiple organization environment.
There are approximately 10-15 companies represented with most having 2 or 3 nodes at most. It's all one floor, and I will be in a position to provide or at least dictate the network equipment to be provisioned.
Would this same configuration also allow me to provide access to a single shared server resource for all networks? There is the possiblity of a shared server-based phone switch for all offices as well.
You could buy a 3550 24 port with routing enabled (WS-C3550-24-EMI) and connect extra 2950G's via the GBIC slots (need to populate slots with stacking or std. SX. connections) Then give 2/3 ports across the switches per customer.
Or you could buy a single 3550 and just give the customer 1 port - they then provide they own mini hubs/switches.
You could have a vlan for each customer (gateway of 3550), a vlan for the shared servers (gateway of 3550) and a vlan for the internet (gateway of 1700)
By using a layer 3 3550 you would offload the need to head to the 1700 each time you wish to access services on the shared server (on different network)
The router probably will be busy enough with internet routing and firewalling.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...