Cisco 6500 as Building Service Provider Help

[geekinanotherlife]

I used to be good at this like 6 years ago and a friend asked if I could help him out and I think I'm in over my head.

We would like to set up a 6500 as a building service provider. We have a 1gig fiber line with a public /24 address space into the supervisor board. The idea is to chop that into a bunch of /29 addresses and have them assigned without natting to ports for the offices to attach their own router/firewalls. We want to apply rate limits to each subnet so they each get 100meg of the line.

We have a 6509 running the adventerprisek9 software with 2 supervisor blades and a 48 port blade. We will need ssh for management and there is a second isp we want use as a back up in case the main fiber goes down so we can troubleshoot. Eventually we would like it as a failover but that can wait.

It seemed like a fairly straight forward deal and I thought I might of had it but I have mucked it up pretty fierce.

I thought it would be a pretty common setup but I can't find any examples to even get me back on the right path.

Any and all help would be appreciated and an example config even if it's just a basic would be awesome for to at least start to build off of.

I can post whatever part of my config but it's probably not very helpful.

Thank you in advance.

 

[imbadatthis]

post config of :
your SSH configuration - and did you generate a key (i know this is a stupid question .. but...god knows how many times i've had to get my guys back to the remote office to do this.. )

post config of at least one of your L3 ports.

post configuration of your QoS ..
if you are just policing everyone to same BW then you probably only have one qos policy, class map...

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[geekinanotherlife]

Nothing is too stupid to ask!
I got the bandwidth sorted out. For the SSH - I did generate the key.

[SSH]
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip domain-name xxx.xxx
line con 0
line vty 0 4
transport input ssh
[/SSH]

For the ports - I have just assigned the IP address spaces to the port itself. No vlans or layer three stuff yet. Just the default route which allows me internet access.

I'm used to the ASA/PIX so this whole thing is weirding me out.

 

[imbadatthis]

so what exactly are you having issues with then ?
you mentioned the BW issues u got sorted out.
and does ssh work ?
sounds like u have internet access already as well ?


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[geekinanotherlife]

Kust because it works doesn't mean it's right or the best way to do it. I'm a bit of a perfectionist and I hate the feeling that I mickey-moused it until it worked. I know there is correct or better way to do it.

I'm just really curious how someone with more experience or who's done this kind of setup a lot would have tackled it.

I know it would be using vlans and more layer 3 features than just using it as a layer 2 device. And I know the UBRL is just a start to bandwidth management and qos. Not to mention actual security.

In the end, I want to know I did it right all the way through.

 

[imbadatthis]

then post config..


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.