cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3658
Views
0
Helpful
3
Replies

Firewall Interfaces...Portfast or Trunk?

bob.mckinley
Level 1
Level 1

I'm installing 2 new 3560 switches to replace 4 2950 switches. The firewall is current doing all the routing and will continue, I will not be using the new switches for any routing.

My question is do I setup the ports that connect my firewall interfaces as PortFast or Trunk? I know I use Truck on the ports that connect to the other switch, but wasn't sure about the interfaces that would do the routing. I believe its PortFast, but wanted to confirm.

Thanks..

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Hi Bob

The answer is it depends. If you only have one subnet and the L3 interface for the subnet is on the firewall then use set it up as an access port and use portfast.

If however you have multiple internal subnets and your are running 802.1q between your firewall and your switch then the firewall port needs to be a trunk.

From the sounds of what you say i would guess you are using just one subnet ?

Jon

Hey Jon,

Yes and No, I have multiple subnets but only one subnet is configured per interface of the FW.

So it sounds like I do set it as PortFast.

Thanks!

There seems to be two orthogonal issues here:

-1- trunk vs access: this depend on whether you have more than one vlan on the links between the switch and the firewall. Here, it seems that you want an access port.

-2- porfast vs no portfast on the switch ports. If the firewall is doing L3 (which is the case here), then portfast is appropriate. Else, there should be no portfast.

OK, my post is not of great use, as it just repeats what you have already concluded;-) But I just wanted to say that "trunk and portfast" could have been a valid solution in some scenarios;-)

Regards,

Francois

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: