I apologize if this seems like a "rookie" question. A colleague and I have a stance that neither want to budge on. We have a cisco 861w core router for our internal network and a typical domain server/client access. All of our internal pc's are part of this domain and our client pc's obtain a dynamic ip from an internal dhcp server. The question is this. Should I be able to take a personal laptop that is not setup on our domain, plug into our network, obtain an ip address dynamically through our cisco router and browse the internet?
-----Original message----- From: Zach Williams <[email protected]> To: "[email protected]" <[email protected]> Sent: Wed, Mar 7, 2012 03:02:08 GMT+00:00 Subject: [c-nsp] Question on the Use of Policy Based Routing Hello. I have a question regarding the use of policy based routing. I've always thought of it as a way to selectively change routing in exceptional circumstances. I've come across an implementation where it is being used to explicitly set a next-hop ip for 99% of all traffic headed from an application behind a pair of of stacked 3750s. The default route on these layer 3 switches is set to a 192.168.x.x IP which is part of a management network. The PBR is in place to send the outbound application traffic towards a firewall and out to the internet. Part of the reasoning for doing this was because the application will require only a few separate class C's and the management network has many more routes. A route-map matching an access-list or prefix-list for the basis of PBR on the outbound application traffic would contain fewer lines of configuration and thus it was deemed more elegant to set up PBR for the application traffic rather than the management traffic. I'm having a tough time finding best-practices information on the use of PBR and was wondering what cisco-nsp thought of this setup. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
