Interesting Edge deployment scenario, looking for suggestions on equipment.
I am working on a proposal for a project. It is for a multi-tenant facility, 60-70 business/offices. The owner of the property wants to bring in internet and include it as part of the lease. I have no issues with the VLAN on the switches and getting data around, but I'm hung up on the edge device. We have certain criteria to meet which I'll list below:
1: Fully manageable and monitor-able (we have software to pull SNMP and get alerts, any cisco device can do this)
2: Bandwidth metering/policing/throttling: They want to say you can pay for 5/5 or 10/10 and that is the max you get. The assumption here is most places won't use more than an average of 1 anyway, but if someone tries to download the internet, they don't fill the pipe. (this is also easy enough with simple service policies and either policing or QoS bandwidth limiting)
3: Security: different compliances will be needed to be met, but with either a firewall or zonebased firewall in IOS, you can segment the VLANs so they can't talk to each other, so this is also (while the configs can get LOOOONG) fairly easy to do.
4: Be able to provide a "managed firewall service" for the tenant (we do their firewall and natting) or just provide them with their own public IP and they can do their own firewalling. This is the kicker. I'm not sure how I can pass a public IP with out having to subnet a whole class C of routable IPs to meet the needs. Assuming half and half want their own IP/hosted firewall at 70 clients, that's 35 users that I need to subnet, with the smallest subnet being a /30 (network, usable, gw, broadcast) that is 4 IPs used, 35*4 is 140, add in the other 35 and you are at 175 IPs needed, going over 128, which mean a full class C.
5: The property owner isn't looking to spend an arm and a leg for simple internet access, nexus and other high-end stuff is probably out of the question. I have been looking at 5512x, or an ISR router with security.
Re: Unable to SSHDiane, The difference you are seeing is that an ASA is a firewall first and a VPN product second. The VPN Concentrators just did VPN and didn't concern themselves with routing, switching, or firewalls. ...
Topic: Auto-Summarization in IGP (EIGRP and RIP)
I know you may know about Auto Summary, but there are very few documents about Auto Summary. I decided to describe it in simple words. I saw that many CCNA and CCNP students face diff...
The template editor is a standalone application that can be used to Build your Day-0 (PnP) or Day-N configurations.
•Day-0 (PnP) : Is your PnP/Onboarding Template . This is a one-time Template that used while you onboard your ...