Best Network Layer to place a 6500 with FWSM Module on Routed AccessNetwork

Unanswered Question
Dec 6th, 2007


Where is the best place to position a 6500 switch with FWSM module in Routed Access LAN (Layer 3 to the Access Layer).

We have a layered network with Core/Distribution/Access Layers. The core consists on 2 x 6500 with FWSM+IDSM, dist consists of 2 x 3750-12, access consists of 20 x 3750-48 switches.

We are migrating to a routed (layer3)access design and would like to reposition the 6500s so that the Security modules can be utilized.

What are the implications of placing the 6500 in the Distribution and the 3750s in the Core?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

If you are running EMI code on the 3750's I do not think it would be an issue. Keep in mind that you will only have a total of 4 fiber connections from the core. The distribution layer is exactly where you want to place your 6500's with the FWSM and IDSM.

BTW. Good job migrating to the layer three design. I would be careful about going L3 to access though. It really limits your options.

Sorry, I thought you were talking about EMI vs. SMI.

L3 to the access is something that we thought about but decided against. It gets a little deep and there were a number of arguments for and against but it really came down to management. For User Access if you want to get to a model where you create ACL's for role based access (HR vs. IT vs. AP etc.) and you are going to a NAC option that can VLAN for roles then maybe you will want to categorize functions to VLANS. Try to do that when you are L3 to the access layer. It will be a bit tougher. Doable but tougher.

E-mail me directly if you would like to talk about it. I would be happy to give you the arguments we had when deciding.


This Discussion