I have a 3560G connected to an ASA FW, both running layer 3 and hosting 6 or so VLANs. The switch is the default gateway for all VLANs (client request) and therefore see's all networks as connected. I used route maps to push the traffic from the switch to the FW so that it got firewalled before being delivered, but I cannot use one of the commands for failover should the FW fail (I wanted to route locally should the FW fail).
So, my question is this. If I placed all VLANs in their own vrf, NETA would not longer see NETB as a connected network and would follow the route to the FW's NETA interface. I could then inject the connecteds into each vrf but adjust theirf metric so that they are less preferable than the route to the FW. Should the FW route die, the next route would become active and traffic would route internally to the switch.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...