Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
2
Replies

Design - Layer 3 to the access switches

us10610
Level 4
Level 4

‎05-29-2007 12:21 PM - edited ‎03-05-2019 04:21 PM

We are implementing a new layer 3 design and I am somewhat confused on how/where the FWSM's, ASA's, WISM's, IDSM's, NAM's should be placed. If we are truely only routed and can no longer extend vlan's, what is the best method to contain devices into the DMZ? Also, where would you span ports for the NAM's and IDSM's?

Thanks,

Greg

Labels:
0 Helpful
2 Replies 2

sbilgi
Level 5
Level 5

‎06-04-2007 08:54 AM

To allow Layer 3 switching, the switch must have the routing function enabled and Layer 3 switching is the movement of data between devices using tables or pathways containing Layer 3 network addressing.

I am sending Frequently Asked Questions (FAQ) on the Quality of Service (QoS) features of the L3 switches. Please click following link:

http://www.cisco.com/en/US/products/hw/switches/ps672/products_qanda_item09186a00800a8922.shtml

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎06-04-2007 09:24 AM

Greg

I can answer part of your question re the placement of the FWSM and i suspect this might also be relevant to the IDS as well.

If you go for a routed access-layer then the FWSM may not have visibility of all the vlans you may want to firewall. This would certainly become an issue if you wanted to use the FWSM in transparent mode. We went through the same decision making when we redesigned our main data centre.

L3 access-layer allows you to remove spanning-tree from the uplinks with equal cost routing and is an attractive feature. But it also meant we would have to buy a pair of FWSM's and CSM's (as we run in bridge mode) per access-layer pair to get l2 adjacency. This was one of the key factors that led us to use L2 uplinks with Rapid STP but obviously in your case you may not deem that suitable.

Hope this has helped at least partially

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card