Technical considerations aside, the answer for that one should come from company policy regarding byod.
On Wed, Mar 7, 2012 at 1:22 PM, Rich Trinkle <[email protected]>wrote: > I apologize if this seems like a "rookie" question. A colleague and I > have a stance that neither want to budge on. We have a cisco 861w core > router for our internal network and a typical domain server/client access. > All of our internal pc's are part of this domain and our client pc's obtain > a dynamic ip from an internal dhcp server. The question is this. Should I > be able to take a personal laptop that is not setup on our domain, plug > into our network, obtain an ip address dynamically through our cisco router > and browse the internet? > > > -----Original message----- > From: Zach Williams <[email protected]> > To: "[email protected]" <[email protected]> > Sent: Wed, Mar 7, 2012 03:02:08 GMT+00:00 > Subject: [c-nsp] Question on the Use of Policy Based Routing > > Hello. I have a question regarding the use of policy based routing. I've > always thought of it as a way to selectively change routing in exceptional > circumstances. > > I've come across an implementation where it is being used to explicitly set > a next-hop ip for 99% of all traffic headed from an application behind a > pair of of stacked 3750s. The default route on these layer 3 switches is > set to a 192.168.x.x IP which is part of a management network. The PBR is > in place to send the outbound application traffic towards a firewall and > out to the internet. > > Part of the reasoning for doing this was because the application will > require only a few separate class C's and the management network has many > more routes. A route-map matching an access-list or prefix-list for the > basis of PBR on the outbound application traffic would contain fewer lines > of configuration and thus it was deemed more elegant to set up PBR for the > application traffic rather than the management traffic. > > I'm having a tough time finding best-practices information on the use of > PBR and was wondering what cisco-nsp thought of this setup. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
