Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Physical Connections

I have a design attached.

My question is if I do not want to purchase any additional switches can I connect the devices to the 6509 and put them in their own separate vlans?

I am a little fuzzy about the physical connections needed to make this design work as it is, any help is appreciated.

Thank you.

9 REPLIES
New Member

Physical Connections

Hi Desmond,

So are you talking about having each FW and router in its own VLAN?

Normally you would have a VLAN for the outside DMZ, a VLAN for the inside DMZ, then an external VLAN for the routers and multiple internal VLANs.

If you connect the network as you have physically detailed, not all VLANs will be on the switch.

Normally, all devices would be connected to the switch and then your routing would take care of traffic flows.

If you can be a little more specific about what you want to achieve, I can help you put together a design.

Thanks,

Dan

New Member

Physical Connections

Daniel thanks for the response.

The vlans on the document needed to be moved up one level to show how I want to segment everything. I know I can purchase additional switches to make this happen but I wanted to try and accomplish this without spending any additional funds.

Thank you.

New Member

Physical Connections

Daniel

For clarity 6 physical connections to 6509.

HSRP 2951

HSRP Cisco FW

HSRP Checkpoint

Are there any physical connections from the checkpoint directly to the Cisco Fw and from the Cisco Fw to the 2951 as designed?

New Member

Physical Connections

there doesnt have to be, no. You can logically seperate these devices without the need to physically seperate.

New Member

Physical Connections

Dan

Thank you!

You have been a great help!

Like I said I was fuzzy about how to connect the devices and you have cleared that up in a matter of minutes.

I hope this site continues to have great resources such as yourself to assist myself and others with issues that have us up at night scratching our heads....

New Member

Physical Connections

you will also need your routers and FW's all directly connected to your switch for VRRP/HSRP to work (if that is how you will configure them).

Dan

New Member

Physical Connections

Would it not suit your needs if you directly connected all devices to the 6509 and then VLAN'ed them off there? For example, as long as each of your required networks sit in their own dedicated VLANs, you have no need to purchase any additional switches.

I would have your 6509 as the only switch, then an inside DMZ VLAN, an outside DMZ VLAN, an OUTSIDE VLAN (WAN), management, internal networks etc. Then by configuring your routing correctly, traffic passing through the network layers would be firewalled as you would like.

Basicially you are segregating it logically instead of physically.

Dan

PS - feel free to ask me if I havent explained anything too well.

New Member

Physical Connections

Daniel

For Clarity, 6 physical connections to the 6509.

HSRP 2951 connections

HSRP Cisco FW connections

HSRP Checkpoint connections

Logically Vlan everything and no physical connections from one device to another.

New Member

Physical Connections

yeah. If you want to run HSRP and VRRP you will have to connect them to the switch so that the hello traffic can be sent to the other host.

Dan

PS - any other questions, drop me a line at danbowen@email.com

Dan

309
Views
0
Helpful
9
Replies
CreatePlease to create content