From: Peter Wodle (peter_wodle@hotmail.com)
Date: Sun Nov 10 2002 - 19:55:56 GMT-3
Gary thanks
This is what I was thinking. But the isssues with it are that each company
would then need some sort of firewall. The ADSL router is such that there
are 13 Legal addressess on the Internal ADSL LAN. We can give 2 legal IPs to
each company. Each company would then use a firewall to NAT/PAT all hosts.
One email server etc can then be one to one NATed.
Other router trunk options were so that 2621 would do the NAT & leave each
company with whole private IP subnet.
Anyone know if private VLANs are supported on all cats? e.g. 2950s?
>From: "Gary Quinn" <gary.quinn@us.didata.com>
>Reply-To: "Gary Quinn" <gary.quinn@us.didata.com>
>To: "'Peter Wodle'" <peter_wodle@hotmail.com>, <ccielab@groupstudy.com>
>CC: <security@groupstudy.com>
>Subject: RE: Multiple Compnay Connections to Internet Via ADSL
>Date: Fri, 8 Nov 2002 20:41:22 -0500
>
>Dude, the perfect thing for this would be using a catalyst switch with
>private VLANs (PVLAN). Basically you could have a cheap DSL
>Modem/Router that is doing DHCP and set up each business on their own
>PVLAN. All the companies in the building would be on the same
>192.168.1.0/24 but they'd only be able to communicate with switch ports
>that are in their same PVLAN... But all the PVLANs would be able to
>communicate with the port attached to the DSL Modem/Router for Internet
>access.
>
>PVLANs were invented for just this use. Hosting Companies complained to
>Cisco that they didn't want to have to cut their legit space into /30s
>for each customer to have their own secure point to point VLAN (too much
>waste). So Cisco invented PVLANs so they'd be secure and more efficient
>in addressing.
>
>Even though dot-coms have dried up doesn't mean you can't take advantage
>of their feature requests. :)
>
>Gary Quinn
>Network Consultant
>Dimension Data US
>704.973.2043 Office
>704.969.2744 Fax
>gary.quinn@us.didata.com
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Peter Wodle
>Sent: Thursday, November 07, 2002 4:48 PM
>To: ccielab@groupstudy.com
>Cc: security@groupstudy.com
>Subject: Multiple Compnay Connections to Internet Via ADSL
>
>
>Hi All
>
>Can you please help on this. What is a cheap way of serving around 5 (or
>may
>be 6) compnaies in the same building with say 20 PCs so that they can
>connect to Internet with one ADSL line? They must not see each other as
>they
>are seperate companies.
>
>What I'm thinking:
>1) 2621 with 4E NM card. One interafce to ADSL router with legal address
>
>(i.e. External LAN). Others interafces to each compnay hub with Private
>IP
>addressess (i.e. internal LANs). Most private IPs to be NATed with
>overload
>on the exteranl router IP address. Some server IPs to be NATed usind one
>to
>one NAT.
>2) Using may 2621. One interafce to ADSL router with legal address (i.e.
>
>External LAN). Other internal interafce to be trunked to a Catalyst.
>Internal FE to be sliced so that there are as many subinterfaces as the
>companies. Cat to have as many VLANs as companies.
>
>Does this sound ok? Aany better/cheaper way?
>
>
>_________________________________________________________________
>Protect your PC - get McAfee.com VirusScan Online
>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:56 GMT-3