Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm unsure if I understand correct, but what you want is that traffic from the LAN side behind SPOKE2 is only allowed to communicate with certain IP's?
Or do you mean all lan clients behind both spokes?
If you only want to limit traffic from SPOKE2...
You might do this: passive-interface default no passive-interface GigabitEthernet0/1.90Since the subnet and subinterface's are directly connect I see no reason for the neighbor statement.
That wouldn't work since he is managing downstream devices, which is why he needs vlan 50 tag'ed - on the upstream ISP ports you are correct though, they should be access ports only.Considering the setup you could also apply an incoming ACL on the IS...
You are missing router 1 and the multilayer switch.From this output I can see that replies would go from router 0 to router 1, if the traffic is going all the go there.
Service, support, hardware quality and features all make the catalysts more expensive.If you bought lan base lite you would also get closer in pricepoint.If you are not missing any features, you would probably not notice the difference in upgrading t...
