Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
1
Replies

routed port on 3560 switch?

hoffenheim
Level 1
Level 1

‎04-08-2009 02:25 AM - edited ‎03-06-2019 05:03 AM

My network covers central and several branch offices. All connections to regional offices and internet is through MPLS. Thus some of the private addresses comunication are passed through isp router and together with comunication to internet it goes to peer router at their premises, and backwards.

The company has several servers to put in the DMZ zone. I have to administer my own central router - firewall, which is used for VPN communication and some routing functions. My VLANS in the central location are 192.168.20.X - 192.168.40.X).

What I need is the way to separate private from public communication straight after the ISP router. That ashould be done on my switch 3560.

Therefore It needs to separate private traffic 192.168.x.x( regional offices 192.168.100.x - 192.168.109.x - they are not in VLAN structure) from the traffic to and from internet.

Do I need to inlude some form of routed ports and on the top of that some input access lists( to put them in differnet direction). It sound complicated and believe that it might have some simler way to do that.

My cisco switch L3 3560 with standard instruction set Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1).

Labels:
0 Helpful
1 Reply 1

hoffenheim
Level 1
Level 1

‎04-08-2009 11:48 PM

It is MPLS technology. Put it simply, one has to have:

private address -- router-firewall -- (DMZ optional) -- ISP router -- internet

what I should have:

private address -- router-firewall -- DMZ --- ISP routers --- internet

plus at the same time

private address -- router- firewall - DMZ --ISP routers -- regional offices -- private address at branch offices

So, that "mix" communication is what I have at the input point of their router. I do not have ip vrf command or such under my control. The idea was that Catalyst could separate private and internet communications for input and for output. Bear in mind that I have ensure that input and output part have to the the same.

I do know that I can put vlans and even vlan for DMZ. But I want to see whether the routing functionality of Catalyst 3560 could do the job.

Can I do it with Catalystonly or maybe some additional device such as Mikrotik router will do the job?

Just to add thatCatalyst's command set is standard.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card