Layer 3 switch with AT&T Metro Ethernet

jgranda · ‎03-23-2009

How to configure a Layer 3 switch to support two Metro Ethernet load balance and have a Cisco ASA firewall on the inside. Is there any sample configuration.

Giuseppe Larosa · ‎03-23-2009

Hello Jose,

you need to take some design decisions:

are you going to use a dynamic routing protocol on the metro ethernet links to be able to detect remote end failure ?

example with OSPF:

assign two IP subnets one to each Metro ethernet link

metro E link1: 10.10.10.0/24

metro E link2: 10.10.20.0/24

client vlan with ASA: 10.10.30.0/24

internal client vlans behind ASA:

10.100.0.0/16

router ospf 10

network 10.10.10.0 0.0.0.255 area 0

network 10.10.20.0 0.0.0.255 area 0

network 10.10.30.0 0.0.0.255 area 0

the ASA can talk OSPF too or it can use static default route

in any case some device, the ASA or the L3 switch needs to advertise in OSPF the client/server vlans behind the ASA.

if it the ASA and the ip subnets are connected you can use the network area command

if you decide to use static routes between the ASA and the L3 switch the L3 switch has to redistribute the static routes in OSPF

router ospf 10

red static subnets

note: OSPF automatically load balances and perform fail-over over up to 4 paths.

on the remote site devices at the other ends of the metro ethernet links you should do the same using the same commands

Hope to help

Giuseppe

jgranda · ‎03-23-2009

Thanks for the quick response. I still have a question. Since these circuits are going to be to the Internet the provider is going to assign two external address and the address that I assign to the ASA will need to be external.Do I nat the ASA interface? Let me know.

Thanks,

Jose

Giuseppe Larosa · ‎03-23-2009

Hello Jose,

usually metro ethernet links are seen as L2 services if this is not the case my previuos post is useless.

so you have two internet links with public ip addresses you need to think to some form of tunneling to avoid to expose your internal traffic

Hope to help

Giuseppe

jgranda · ‎03-23-2009

Thanks, Let me ask the provider and I will get back to you.

jgranda · ‎03-25-2009

Here is the scenario. is a point to point Metro E. One end will have a Cisco 3750 and the other end will have a Cisco 2821. Both Data and voice is going to pass over this circuit. Is there any special IOS I need to get to 3750 to be able to run this application with Qos. Let me know.

Giuseppe Larosa · ‎03-25-2009

Hello Jose,

the configuration of my first post should apply to your scenario.

you need an IOS that allows to use a routing protocol on c3750

OSPF and BGP requires ip services image:

IP routing protocols for load balancing and for constructing scalable, routed backbones:

-RIP Versions 1 and 2

>> -OSPF (requires the IP services image)

-Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 to utilize IPv6 transport, communicate with IPv6 peers, and advertise IPv6 routes

-Border Gateway Protocol (BGP) Version 4 (requires the IP services image)

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swintro.html#wp1549037

modular QoS is supported.

Hope to help

Giuseppe