Studying otions - Design issues

Unanswered Question

We have been provided with two options by our technology consultants to cater for Network Infrastructure in our new office building that spans across 20 floors with data center on 10th and IDFs on each floor.

*Attached Diagram Option I is using Cisco Cat 3750E at the access layer and Core and Distribution collapsed into a pair of 6509s.

* Option II is more high end with 4509s on the access layer and separated distribution and core layer (redundant).

But glaring in the diagram is the way two ASA 5540 are connected in failover mode. Seems like in both options I and II the consultants have multihomed it.

Is this possible? Is the representation right? I need to be sure of this point before I take this up for technical feasibility.

Also, any other concerns based on this diagrams that I should have..please advise!!

Rgds

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Sun, 10/14/2007 - 03:39

They can be multihomed for redundancy. You might want to have your consultants create a detailed diagram for the firewall infrastructure; explaining how they connect to the switches, why, and what scenarios provide redundancy and what scenarios won't.

HTH and please rate.

Collin Clark Mon, 10/15/2007 - 05:12

On the ASA you'll use an SVI (VLAN interface) instead of a physical interface. You can assign two or more physical ports to the 'inside' VLAN and connect each port back to the core/distribution layer.

HTH and please rate.

I understand that the current ASA code does not allow the same VLAN ID to be used across two interfaces. This maybe doable in the future but an ASA expert also tells me that not today. Can you provide please provide me with the link on this site that describes how this can be done so that I can test it on one of our ASAs?

Actions

This Discussion