network6.jpg |
(Realized again that this forum doesn't seem to keep drafts! So, here goes again!)
After Hellfire's notes regarding the Cisco 867 interfaces I realized I could create a layout much better suited to my needs and one utilizing the Cisco much more completely. I enclosed an abbreviated scan, BTW.
This layout uses the switched interfaces (FE0 - FE3) for the public subnetwork. It feeds the WiFi zone, the DMZ and other NEs I use or may add. The routed interfaces (GE0 - GE1) are then used for the private subnetwork. In previous layouts, the 867 was used mostly as an ATU-R and was situated on the edge. This layout moves the ATU-R concept to the edge but moves the 867's capacities into the center of the networks' functions.
At the same time, the 867 moves as close to the DSLAM (at least in logical form) as possible. That means I may be able to utilize LCAP (or whatever those letters may be...) and still use NIC bonding within my network. It requires using IOS NAT/PAT, ACL, and firewall capacities but that's an efficiency as long as I also can use iptables within these two subnetworks.
The 867 now functions as a managed switch, as a router, and as a gateway (I think), and I suspect it's the way it's intended. If I decided to increase throughput and/or speed in the future, this is a concept I can retain even if I need to replace CPE with more capacity. This layout also offers more security.
I still won't be able to keep out the Chinese and the NSA (as if they care...) but I can buttress security in the future. Besides, this is complex enough that I'm think of starting a "Networking School" with the NSA as students... Nah, just kidding!!