[c-nsp] Design question

David Prall dcp at dcptech.com
Thu Jul 21 19:49:47 EDT 2005


Eric,
Why not just use Auth Proxy for the end users. Then you can just
authenticate them and let them run with it. I didn't keep the original
message. Will you be charging for this access? If not then Auth Proxy will
do it.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration
_example09186a0080094655.shtml

David

--
David C Prall dcp at dcptech.com http://dcp.dcptech.com
 

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Eric Helm
> Sent: Thursday, July 21, 2005 5:05 PM
> To: Kevin Graham
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Design question
>
> Kevin Graham wrote:
> > The main concern to me would be separating out the wireless access
> > from the corporate traffic that the network is (apparently) already
> > carrying.
> >
> > First step would be to separate control plane on the
> Airopoints -- use
> > .1q on the fastether port and specify a VLAN for the SSID
> that will be
> > used for hotspot access (Use the native-vlan for management
> via BVI1).
> >
> >>From there, break out a separate interface on the router
> and stick it
> > in a VRF for the hotspot access. From there, you can stick whatever
> > your uplink (ie. GRE) to the service gateway in the VRF as well and
> > not have to worry about the policy routing or any leaking
> between the
> > two.
> >
> > Depending on the data Rodney asked for, there might be cleaner ways
> > then GRE (ie. if its traditional PtP T1's, use frame relay encap and
> > replace the GRE tunnel with a DLCI-mapped sub-interface; if you're
> > dealing w/ IPSec back to the home site, consider a parallel set of
> > tunnels).
> >
>
> Actually, there will not be any corporate traffic on this
> network. It is
> all only for Internet access to the apartments. And, for cost
> concerns I
> need to use 871 routers.
> I also forgot to mention that PPPoE will be the connection method at
> most of the sites.
>
> /Eric
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list