Showing results for 
Search instead for 
Did you mean: 

Interesting Edge deployment scenario, looking for suggestions on equipment.

I am working on a proposal for a project. It is for a multi-tenant facility, 60-70 business/offices. The owner of the property wants to bring in internet and include it as part of the lease. I have no issues with the VLAN on the switches and getting data around, but I'm hung up on the edge device. We have certain criteria to meet which I'll list below:

1: Fully manageable and monitor-able (we have software to pull SNMP and get alerts, any cisco device can do this)

2: Bandwidth metering/policing/throttling: They want to say you can pay for 5/5 or 10/10 and that is the max you get. The assumption here is most places won't use more than an average of 1 anyway, but if someone tries to download the internet, they don't fill the pipe. (this is also easy enough with simple service policies and either policing or QoS bandwidth limiting)

3: Security: different compliances will be needed to be met, but with either a firewall or zonebased firewall in IOS, you can segment the VLANs so they can't talk to each other, so this is also (while the configs can get LOOOONG) fairly easy to do. 

4: Be able to provide a "managed firewall service" for the tenant (we do their firewall and natting) or just provide them with their own public IP and they can do their own firewalling. This is the kicker. I'm not sure how I can pass a public IP with out having to subnet a whole class C of routable IPs to meet the needs. Assuming half and half want their own IP/hosted firewall at 70 clients, that's 35 users that I need to subnet, with the smallest subnet being a /30 (network, usable, gw, broadcast) that is 4 IPs used, 35*4 is 140, add in the other 35 and you are at 175 IPs needed, going over 128, which mean a full class C.

5: The property owner isn't looking to spend an arm and a leg for simple internet access, nexus and other high-end stuff is probably out of the question. I have been looking at 5512x, or an ISR router with security.


Any thoughts or ideas welcome.

Everyone's tags (2)
CreatePlease to create content
Content for Community-Ad