Guys I just cracked something great I would like to share with you…
All the posts I put up regarding the limitations of the SM, well no more…
Check this out… NAT disable an SM put it on a VLAN.
You need a VRF-Lite capable switch (4500/3750) or a router (2811) to do this.
SM1 = VLAN 11
SM2 = VLAN 12
SM3 = VLAN 13
etc…
on the router
int fa 0/0
no ip address
int fa 0/0.1
encap dot1q 11
ip address 192.168.1.1 255.255.255.0
ip nat inside
int ra 0/0.2
encap dot1q 12
ip address 192.168.1.1 255.255.255.0
ip nat inside
[ you can run DHCP for all these guys ]
offer proper DMZ solutions
<and so on>
this allows different VLANS on your network to have the same IP addressing schemes
I can use ACL on each vrf interface to customise firewalls for the customer (using IOS firewall)
Check this out… customer has 4 sites with 50 machines at each site, wants to create a WAN link but keep IP’s on different schemes
site 1 192.168.1.0
site 2 192.168.2.0
site 3 192.168.3.0
site 4 192.168.4.0
normally you need to put a router at each site…
no more…
int fa 0/0.4
encap dot1q 55
ip address 192.168.1.254 255.255.255.0
ip address 192.168.2.254 255.255.255.0 secondary
ip address 192.168.3.254 255.255.255.0 secondary
ip address 192.168.4.254 255.255.255.0 secondary
ip nat inside
[trying to figure out if i can get DHCP to deal with all the networks… can’t see it working yet]
Still testing more stuff… but this is well cool… Don’t know how much load the box can handle… (yes single point of failure, but to me it is well worth putting in the extra redundancy… we can now offer customers way better service and features without asking them to spend silly money…