! ! ! !
! ! ! !
! !--------------------! !
pls find th above diagram
The two firewall are in Failover mode
sw1 and sw2 are connected two fw1 and fw2 respectively and they are interconnected to each other
sw3 and sw5 are connected to sw6 AND SW4 areCONNECTED TO sw2
all switches belong to 3650(L3) family
firewall are pix535
actually this is the proposed design
The objectives to be achieve in above diagram are mentioned below
we want high availibilty design
we are planning around 10 vlans so we also want redunduncy for vlans
server active links would be terminated to sw1 sw3 and sw5
server redundant links would be terminated to sw2 sw6 and sw4
I dont want to create vlan interface on firewall so how i could achive the above reqiurement
thanks JON ,this had definatly clear my doubt ,can you give advice how can we make the requirements of redundancy more better than above setup .
Pls also take into consideration i will be applying access list on sw1 and sw2 between vlan communication will this increase the load on 3560 switch there would be around access list on max 16 vlan
or should i create vlan on firewall interface and kept all switches at L2 level.firewall usage is 30% max
what would you suggest
Using the firewall for inter-vlan routing is not recommended unless you have very strict security requirements. It makes the config messier and as you already have the 3560s i would use sw1 and sw2 to route between internal vlans.
Keep your acls relatively simple on the L3 switches and you should be fine.
Redudancy wise you should be fine, just make sure that you dual connect all servers. If possible don't connect servers directly into sw1/sw2 although if you have to because of port capacity then it's not the end of the world.