Interesting Edge deployment scenario, looking for suggestions on equipment.
I am working on a proposal for a project. It is for a multi-tenant facility, 60-70 business/offices. The owner of the property wants to bring in internet and include it as part of the lease. I have no issues with the VLAN on the switches and getting data around, but I'm hung up on the edge device. We have certain criteria to meet which I'll list below:
1: Fully manageable and monitor-able (we have software to pull SNMP and get alerts, any cisco device can do this)
2: Bandwidth metering/policing/throttling: They want to say you can pay for 5/5 or 10/10 and that is the max you get. The assumption here is most places won't use more than an average of 1 anyway, but if someone tries to download the internet, they don't fill the pipe. (this is also easy enough with simple service policies and either policing or QoS bandwidth limiting)
3: Security: different compliances will be needed to be met, but with either a firewall or zonebased firewall in IOS, you can segment the VLANs so they can't talk to each other, so this is also (while the configs can get LOOOONG) fairly easy to do.
4: Be able to provide a "managed firewall service" for the tenant (we do their firewall and natting) or just provide them with their own public IP and they can do their own firewalling. This is the kicker. I'm not sure how I can pass a public IP with out having to subnet a whole class C of routable IPs to meet the needs. Assuming half and half want their own IP/hosted firewall at 70 clients, that's 35 users that I need to subnet, with the smallest subnet being a /30 (network, usable, gw, broadcast) that is 4 IPs used, 35*4 is 140, add in the other 35 and you are at 175 IPs needed, going over 128, which mean a full class C.
5: The property owner isn't looking to spend an arm and a leg for simple internet access, nexus and other high-end stuff is probably out of the question. I have been looking at 5512x, or an ISR router with security.
Currently when changing the Authentication Template under the Onboarding section, there is no choice but to remove SGTs, VNs and IP Pools which clearly disrupt existing services.
Hitless Authentication was introduced in...
Hi, I want to redistribute OMP routes to BGP, i have the doubt if all of the OMP prefixes located in the local vEdge will be redistributed to BGP or just the connected+static networks located in the vEdge. Also how can i restrict some OMP prefix...
Let's say we have two routers configured as RP candidates for auto-RP: R1 - "advertising" its loopback0 interface IP address 188.8.131.52 as the RP for these groups:184.108.40.206/32220.127.116.11/3218.104.22.168/2422.214.171.124/16 R2 - "advertising" its loopback0 int...
hi,i just performed an IOS upgrade and got a report that admin can't create L2 VLANs.i noticed the 'vtp primary force' and 'vtp primary mst' was applied to one of the core switch and perhaps got lost after the upgrade.how to keep the VTP primary persisten...