[c-nsp] Network Security.
Josh Atterbury
joshuaatterbury at gmail.com
Tue Mar 6 22:35:29 EST 2012
Technical considerations aside, the answer for that one should come from
company policy regarding byod.
On Wed, Mar 7, 2012 at 1:22 PM, Rich Trinkle <rtrinkle at heartofiowa.coop>wrote:
> I apologize if this seems like a "rookie" question. A colleague and I
> have a stance that neither want to budge on. We have a cisco 861w core
> router for our internal network and a typical domain server/client access.
> All of our internal pc's are part of this domain and our client pc's obtain
> a dynamic ip from an internal dhcp server. The question is this. Should I
> be able to take a personal laptop that is not setup on our domain, plug
> into our network, obtain an ip address dynamically through our cisco router
> and browse the internet?
>
>
> -----Original message-----
> From: Zach Williams <zwilliams360 at gmail.com>
> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Sent: Wed, Mar 7, 2012 03:02:08 GMT+00:00
> Subject: [c-nsp] Question on the Use of Policy Based Routing
>
> Hello. I have a question regarding the use of policy based routing. I've
> always thought of it as a way to selectively change routing in exceptional
> circumstances.
>
> I've come across an implementation where it is being used to explicitly set
> a next-hop ip for 99% of all traffic headed from an application behind a
> pair of of stacked 3750s. The default route on these layer 3 switches is
> set to a 192.168.x.x IP which is part of a management network. The PBR is
> in place to send the outbound application traffic towards a firewall and
> out to the internet.
>
> Part of the reasoning for doing this was because the application will
> require only a few separate class C's and the management network has many
> more routes. A route-map matching an access-list or prefix-list for the
> basis of PBR on the outbound application traffic would contain fewer lines
> of configuration and thus it was deemed more elegant to set up PBR for the
> application traffic rather than the management traffic.
>
> I'm having a tough time finding best-practices information on the use of
> PBR and was wondering what cisco-nsp thought of this setup.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list