[nsp] ACLs on 2948G-L3
jlewis at lewis.org
jlewis at lewis.org
Sat May 31 13:07:18 EDT 2003
On Sat, 31 May 2003, Mark Vallar wrote:
> I have seen the same behavior of ACL's applied on a FE that was not part of
> a BVI. This was on cat2948g-in-mz.120-10.W5.18g.bin, that also had a
Sorry to hijack the thread, but reading your post, it just occured to me,
that on the new LAN I'm setting up, maybe I should have used IRB.
Consider a customer with multiple servers they want in the same subnet.
When designing the network, I hadn't considered this (had planned to just
config an IP on each switch port for the customer to use as their
gateway), but now I have multiple customers who want it. My first thought
was to set them up as VLANs on the 3550 they're connected to with
subinterfaces on the two gateway routers for the LAN.
Cons: With HSRP, we use 3 of their subnet IPs for the two routers and
virtual IP. For each such customer, I have to configure a VLAN, configure
STP for their VLAN, and then configure a subinterface on each router.
If I create a BVI on the 3550 they're connected to for each such customer,
and just put each of their switch ports into that bridge group, this seems
like a simpler config (less things/devices to make changes on), and fewer
IPs are wasted. The [L3] switch would then route their packets to the
HSRP IP in vlan 1.
Are there other benefits/drawbacks to either of these options that I'm not
thinking of?
Can the 3550 do policing (service-policy) on a BVI interface to limit the
input/output bandwidth of the ports in that bridge group...or does
policing still need to be configured per physical port?
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list