Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
4
Replies

Best Network Layer to place a 6500 with FWSM Module on Routed AccessNetwork

edwardwaithaka
Level 1
Level 1

‎12-06-2007 05:23 AM - edited ‎03-11-2019 04:39 AM

Hi,

Where is the best place to position a 6500 switch with FWSM module in Routed Access LAN (Layer 3 to the Access Layer).

We have a layered network with Core/Distribution/Access Layers. The core consists on 2 x 6500 with FWSM+IDSM, dist consists of 2 x 3750-12, access consists of 20 x 3750-48 switches.

We are migrating to a routed (layer3)access design and would like to reposition the 6500s so that the Security modules can be utilized.

What are the implications of placing the 6500 in the Distribution and the 3750s in the Core?

Thanks!

Labels:
0 Helpful
4 Replies 4

richf
Level 1
Level 1

‎12-13-2007 03:09 PM

If you are running EMI code on the 3750's I do not think it would be an issue. Keep in mind that you will only have a total of 4 fiber connections from the core. The distribution layer is exactly where you want to place your 6500's with the FWSM and IDSM.

BTW. Good job migrating to the layer three design. I would be careful about going L3 to access though. It really limits your options.

0 Helpful

edwardwaithaka
Level 1
Level 1
In response to richf

‎12-13-2007 09:45 PM

Hi Rich,

What are the limitations?

Thanks,

Ed.

0 Helpful

richf
Level 1
Level 1
In response to edwardwaithaka

‎12-13-2007 10:38 PM

SMI code only allows for static routes and RIP. EMI allows BGP, OSPF, and EIGRP. It is also a lot more for the code but well worth it when looking at a L3 network.

0 Helpful

richf
Level 1
Level 1
In response to richf

‎12-13-2007 10:50 PM

Sorry, I thought you were talking about EMI vs. SMI.

L3 to the access is something that we thought about but decided against. It gets a little deep and there were a number of arguments for and against but it really came down to management. For User Access if you want to get to a model where you create ACL's for role based access (HR vs. IT vs. AP etc.) and you are going to a NAC option that can VLAN for roles then maybe you will want to categorize functions to VLANS. Try to do that when you are L3 to the access layer. It will be a bit tougher. Doable but tougher.

E-mail me directly if you would like to talk about it. I would be happy to give you the arguments we had when deciding.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card