Controlling allowed IP addresses and image differences, C3560G

03-24-2007

We're planning the purchase of a number of C3560G-24TS-S and ...-48TS-S
switches to upgrade our backbone to GbE capability. Is there a short document
somewhere which covers the differences between the -S and -E offerings (IP Base
[formerly SMI] and IP Services [formerly EMI] images, respectively)? All we
need is support for a few layer-3 access controls to prevent IP addresses that
aren't defined on our LAN from communicating beyond a port. In particular, we
want to block the addresses used for "private" LANs defined in RFC1918, but if
we can just configure things to say "don't let anything through except IPs in
subnet-a and subnet-b," that would be ideal. (BTW, can anyone comment on how
DHCP could be supported in such a case?) Will the -S series be enough?

Thanks,
Mike
--
| Systems Specialist: CBE,MSE
Michael T. Davis (Mike) | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928

03-25-2007

On 24 Mar, 22:19, DAV...@ecr6.ohio-state.edu (Michael T. Davis) wrote:
> We're planning the purchase of a number of C3560G-24TS-S and ...-48TS-S
> switches to upgrade our backbone to GbE capability. Is there a short document
> somewhere which covers the differences between the -S and -E offerings (IP Base
> [formerly SMI] and IP Services [formerly EMI] images, respectively)? All we
> need is support for a few layer-3 access controls to prevent IP addresses that
> aren't defined on our LAN from communicating beyond a port. In particular, we
> want to block the addresses used for "private" LANs defined in RFC1918, but if
> we can just configure things to say "don't let anything through except IPs in
> subnet-a and subnet-b," that would be ideal. (BTW, can anyone comment on how
> DHCP could be supported in such a case?) Will the -S series be enough?
>
> Thanks,
> Mike

>From memory and with assumptions;
I would be surprised if the standard sw did not meet your
requirements. You need the extended software for BGP
but not for OSPF I seem to recall. For sure ACLs are
in the basic.

www.cisco.co/go/fn
Compare Images

User interface is pretty clunky but there is
no alternative. This is the official list of
features.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Why defining a constant in a method is not allowed but usingself.class.const_set is allowed?	Iñaki Baz Castillo	Ruby	13	05-01-2011 06:09 PM
8k routes on a C3560G?	T. Cam	Cisco	0	05-23-2007 07:11 PM
How to implement a firewall for Windows platform that blocks based on Mac addresses instead of IP addresses	cagdas.gerede@gmail.com	C Programming	1	12-07-2006 04:30 AM
Physical Addresses VS. Logical Addresses	namespace1	C++	3	11-29-2006 03:07 PM
Controlling MAC Addresses	Fatman Superstar	Cisco	2	04-18-2004 08:47 AM