[c-nsp] Small office sanity check

Jason Berenson jason at pins.net
Mon Oct 11 22:43:10 EDT 2010 

  Greetings,

I'm trying to come up with a small office router/switch configuration.  
This would be an office with a DSL or T1 with 4-8 IP phones and the same 
in computers.  Requirements are as follows:

- Covad split PVC voice/data for QoS
- LLDP to dynamically assign VLANs to phones and keep computers in VLAN 1
- DHCP with options capability to send config server information to phones
- PoE that can do between 7W and 15W per port
- VRF to split voice/data routing
- As cheap as possible

Here's what I've come up with so far:

- Cisco 1721 with ADSL or T1 module
- Cisco 300 seris SRW208P-K9-NA

Relevant portion of the 1721 config:

ip dhcp pool voice
    vrf voice
    network 192.168.10.0 255.255.255.0
    dns-server 1.1.1.1 2.2.2.2
    netbios-node-type h-node
    default-router 192.168.10.1
    option 66 ascii "config-server"
    lease 30
!
ip vrf voice
  rd 2:1
  route-target export 2:1
  route-target import 2:1

interface ATM0
  no ip address
  no atm ilmi-keepalive
  dsl operating-mode auto
!
interface ATM0.1 point-to-point
  ip address 10.3.5.202 255.255.255.252
  pvc 0/35
   description DATA
   encapsulation aal5mux ip
  !
!
interface ATM0.2 point-to-point
  ip vrf forwarding voice
  ip address x.x.x.x 255.255.255.252
  pvc 0/36
   description VOICE
   encapsulation aal5mux ip
  !
!
interface FastEthernet0
  no ip address
  speed 100
  full-duplex
  no cdp enable
!
interface FastEthernet0.1
  encapsulation dot1Q 1 native
  ip address y.y.y.y 255.255.255.252
  no cdp enable
!
interface FastEthernet0.120
  encapsulation dot1Q 120
  ip vrf forwarding voice
  ip address 192.168.10.1 255.255.255.0
  no cdp enable
!
ip nat inside source list 101 interface ATM0.2 vrf voice overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.3.5.201 name data
ip route vrf voice 0.0.0.0 0.0.0.0 y.y.y.z name voice
no ip http server
ip http authentication local
!
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 any

This should allow for a routed public net on VLAN 1 for their firewall 
and a NAT'd network on VLAN 120 for the phones.  Any pointers, comments, 
recommendations are welcome.

Thanks,
Jason

More information about the cisco-nsp mailing list