Re: [nsp] questions on 4006, 6509 *SFC cards

From: Zach Wilkinson (zach.wilkinson@sjsu.edu)
Date: Wed Apr 17 2002 - 11:25:26 EDT

Next message: Paul Kohler: "RE: Netflow Collecter and analyser"
Previous message: Tejal Shah: "[nsp] UBR904 giving "Watchdog" error"
Maybe in reply to: K.A. Long: "[nsp] questions on 4006, 6509 *SFC cards"
Next in thread: Zach Wilkinson: "RE: [nsp] questions on 4006, 6509 *SFC cards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

I may not be understanding what you are trying to do but the reason I
found for using VPNs with wireless is because the wireless portion is
unsecure, not so much the wired portion. The VPN needs to start at the
wireless end station (notebook) to be effective. You just need a seperate
VLAN for the access points, depending on whether you trust your usrrs.
-
Zach Wilkinson
Engineering Computer Systems
San José State University
zach.wilkinson@sjsu.edu

"K.A. Long" <klong@UBmail.ubalt.edu>
04/17/2002 07:12 AM
Please respond to klong

        To: cisco-nsp@puck.nether.net
        cc:
        Subject: [nsp] questions on 4006, 6509 *SFC cards
There is talk of implementing wireless nodes on campus.
I'm pretty new to the switch-style of networking
so I have a couple of questions. If this is totally
the wrong forum for this kind of question, I apologize
in advance.

Can a 4006 RSFC and 6509 MSFC support IPSEC and
GRE Tunnels for VPNs?

Can GRE tunnel IP's be virtual interfaces (like Loopback0)?
and if so,
What is the maximum number of virtual interfaces that
can be configured on a 4006/6509 RSFC/MSFC?

Are secondary interface addresses more appropriate for
the IPSEC/GRE implementation?

Reasoning behind the questions: documentation says
having wireless traffic in their own vlan, on their own
subnet a good thing, and also that VPN's can add
security to a wireless network. IPSEc/GRE tunnels could
be implemented all the way to the firewall
(per some Cisco docs I found), if the 4006's and 6509
switches can be configured to support it. Is this a doable
solution? Utilizing existing equipment is probably our
only option.

I've read the SAFE docs, looked at the Tech Talk and
other wireless e-seminars. Also, scanned a bunch of documentation
that turned up when I searched on 'gre, 4006' and 'virtual
interfaces, rsfc'. I didn't find anything that answered
these particular questions. Any URL's, white papers, etc.
type pointers (also pointing out logic flaws) would be a
great help.

Thanks!

Kimberly Long

University of Baltimore
410-837-5021 (w)
1420 N. Charles St.
443-829-6535 (m)
Baltimore, MD 21201
klong@ubalt.edu
kim@pager.ubalt.edu
(subject-line e-mail only)

Next message: Paul Kohler: "RE: Netflow Collecter and analyser"
Previous message: Tejal Shah: "[nsp] UBR904 giving "Watchdog" error"
Maybe in reply to: K.A. Long: "[nsp] questions on 4006, 6509 *SFC cards"
Next in thread: Zach Wilkinson: "RE: [nsp] questions on 4006, 6509 *SFC cards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:41 EDT