?
Solved

Public IPs for tenants

Posted on 2009-02-19
9
Medium Priority
?
308 Views
Last Modified: 2012-05-06
I have been put into a mess of a situation that I don't think should be so complicated.  An ISP has given a building a /28 (13 Useable) public IP's with an ethernet hand off from their equipment.  The plan is then to send 1 public IP to each apartment for the tenant to connect their own firewall/ wireless box.  In the mechanical room they have 2 cisco routers and 2 cisco 2900 switches that they have been monkeying around with.  From what I can see is that all that is needed is 1 2900 switch.  Port 1 goes to the ISP equipment and the rest of the ports go to each tenants location.  We could notify each tenant of what their IP should be.  Is there anyway to restrict the proper IP to the proper port of the 2900 by means of a VLAN or ACL?  Can you think of any reason that I need more than just a switch here?
0
Comment
Question by:etechit
  • 5
  • 3
9 Comments
 
LVL 5

Accepted Solution

by:
bswinnerton earned 2000 total points
ID: 23688772
Well if you had the money, you could purchase a layer 3 switch and configure all of the vlan's and such for each specific port so that you could have different IP's coming from each port on the switch.

http://www.cdw.com/shop/search/results.aspx?key=layer+3+switch&searchscope=All&sr=1&Find+it.x=0&Find+it.y=0
0
 
LVL 5

Expert Comment

by:bswinnerton
ID: 23688775
And if you do decide to go that way, my preference is usually on HP switches.
0
 
LVL 5

Expert Comment

by:bswinnerton
ID: 23688782
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:etechit
ID: 23688806
Depending on the exact model of 2900, it may be layer 3.  If it is, or I get a layer 3, does each port cosume and IP for the VLAN?  Such as port 2 VLAN would be 200.200.200.12, would that IP belong to the physical port itself or the equipment plugged into it?
0
 
LVL 5

Expert Comment

by:bswinnerton
ID: 23688828
Well, for example you would have multiple ports with multiple VLANS. So let's say port 5 will be vlan1, port 6 vlan2 etc etc.  You could specify that you want a specific IP assigned to port 5, and a different to port 6.

From there, anything below that point should pick up an IP from the switch (much like DHCP). And if your users were to use routers, they would just need to know the IP information to configure further below their routers.

Hopefully that answers your question. So no, the actual port does not consume the ip address, but anything plugged into that port does.
0
 
LVL 1

Author Comment

by:etechit
ID: 23688862
Great, thank you for clarification.
It sounds like a layer 3 switch will do the trick.
0
 
LVL 5

Expert Comment

by:bswinnerton
ID: 23688874
No problem :)
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23690238
I hate to rain on the parade here, but there is absolutely no reason you need a layer 3 switch.
If you cut the /28 block up into /30 sections and you route through the switch, you can only service 3 apartments. This is a massive waste of the /28 block!

See this guide on applying ACLs on the inbound interface of a layer 2 switch:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html#wp1043840

What I would do is configure the switch with one of the IPs for management purposes then apply ACLs on the inbound interface of the switchports that are bound for the end customers Eg:
ip access-list 10 permit ip host x.x.x.93 any
ip access-list 11 permit ip host x.x.x.94 any
etc etc Obviously with the IP address being the IP allowed b that apartment.

There is absolutely no benefit in a layer 3 switch for this application.
0
 
LVL 1

Author Closing Comment

by:etechit
ID: 31549101
Used a Cisco 2950 XL switch, but had to go to IOS 12 to get VLAN support.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question