Router Connectivity

Unanswered Question
Apr 8th, 2010

Dear Experts,

It is a design related query. Please find the attached Diagram.

I have 2 firewall & 2 Routers & 2 Switches to be operated in redundancy.

My customer is asking connected the cables and configure the setup as shown in the diagram marked with yellow colour. Now to achieve this I have used a Layer 2 switch to connect the cables between Firewall and Router and another Layer 2 switch to connect the cables between the firewall and Switches.

Is this is a best practice and only option to connect the Devices in this fashion (as shown as Yellow colour in the Diagram attached). Wont it bring the latency or Single point of failure??

Expecting your help in clarifying this concept


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Thu, 04/08/2010 - 08:11


I think a better way would to be use the (2) layer 2 switches as a redundant pair and create two vlans; one for firewall to router and another for firewall to switches. This will eliminate a single point of failure and still provde enough switching for both areas.

Hope it helps.

snarayanaraju Fri, 04/09/2010 - 00:16

Hi Clark,

Thanks for your reply. Is this the best Industry practice? I am not able to gather information on the other Datacenter this wiring is been made and how they are using.

Thanks in advance


Collin Clark Fri, 04/09/2010 - 06:15

If you want to design according to Cisco, you'll be putting in 4 switches. You can find Cisco design guides by searching for "solution reference design guide".

shailesh.h Fri, 04/09/2010 - 08:04

1..I also agree with Colin but VLAN should be non-routable (no ip address to configure VLAN interfaces of the switch.

2. You may free to user the existing switch you your security policy advise for Layer-3 seperation

3. If your policy states that internal network and external network should have Layer-1,2,3 seperation then you have to deploy additional switches between router and firewall. (this is best practice as well)

Best practice depends on your organization security policies...

Hope this clarifies you.

With regards,



This Discussion