Solved: what cisco router to choose?

tanzawa38 · ‎06-26-2012

HI every body!

In my office we have 60 Pc, 8 servers, and 4 catalyst 2960 switch.

Actually the switches are configured for port vlan.

Routing, firewalling, proxy are provided by a LINUX server configured with shorewall, trunk 802.Q, and a lot of interfaces for vlan routing.

So, now, I don't like using one machine for all this services. I want separate routing and firewall and in the same time add a VMPS server for dynamic vlan.

What Cisco router serie do you advise for replace my linux gateway. I need this router provide VMPS server and routing trough VLANs. I will install a Linux server only for firewalling.

Regards

Karsten Iwen · ‎06-26-2012

A Catalyst 3560-X could be a good choice for your inter-VLAN-routing but it doesn't support a VMPS-server-role. Have you considered deploying 802.1x? For a new deployment I wouldn't use VMPS any more.

View solution in original post

Karsten Iwen · ‎06-26-2012

The last version of VMPS I'm aware of was running on a Catalyst 4k with CatOS. If I remember right we had to migrate away from VMPS because the IOS-Version of the 4k didn't support that any more.

... I just looked at the Feature-Navigator. Seems that VMPS-Server is really only supported on CatOS.

The other solution you ask for is 802.1x aka Port-Based Authentication. You assign switchport-information like VLAN or ACLs based on Authentication or MAC-Address. When you use 802.1x with MAC-Addresses (named MAB), then the main-difference to VMPS is, that the MAC-to-VLAN-mapping is configured on a RADIUS-Server and not in a textfile that is uploaded to a switch. That's the way to go in 2012 ... ;-)

View solution in original post

Karsten Iwen · ‎06-26-2012

A Catalyst 3560-X could be a good choice for your inter-VLAN-routing but it doesn't support a VMPS-server-role. Have you considered deploying 802.1x? For a new deployment I wouldn't use VMPS any more.

tanzawa38 · ‎06-26-2012

Thank you Karsten!

But does VMPS server capacity is only available for switches?

I think Vmps is a good solution for dynamically attribute vlan depending the mac address.

I don't know how to use 802.1X authentification. Could I use this system with Catalyst 3560-X?

The Catalyst 3560-X seems to be a "switch" and not a "router" but he have routing capacity it is exact?

I think i m in trouble with the good terms.

Karsten Iwen · ‎06-26-2012

The last version of VMPS I'm aware of was running on a Catalyst 4k with CatOS. If I remember right we had to migrate away from VMPS because the IOS-Version of the 4k didn't support that any more.

... I just looked at the Feature-Navigator. Seems that VMPS-Server is really only supported on CatOS.

The other solution you ask for is 802.1x aka Port-Based Authentication. You assign switchport-information like VLAN or ACLs based on Authentication or MAC-Address. When you use 802.1x with MAC-Addresses (named MAB), then the main-difference to VMPS is, that the MAC-to-VLAN-mapping is configured on a RADIUS-Server and not in a textfile that is uploaded to a switch. That's the way to go in 2012 ... ;-)

tanzawa38 · ‎06-26-2012

That's the way to go in 2012 ... ;-)

haha Ok I m ready to change!

So is it obliged to use another hardware as Radius server?

Karsten Iwen · ‎06-26-2012

> So is it obliged to use another hardware as Radius server?

No, for "the Cisco-way" you should use the Cisco ACS or even better the Cisco ISE. But a FreeRADIUS in a VM will be fine. You probably want to make it redundant as it's an important network-component.