At our Colo center our ISP is giving us two lines. Each going to their own router and are configured as HRSP. I have two firewalls that will be running in HA mode as Active/Passive failover. I need to connect the two lines first to a L2 switch and then out to the firewalls.
I will be using a pair of switches for redundancy. As I only need a few ports for this should I get two small switches, like something from the SG300 line and place them as WAN switches that go to the WAN side of the firewall? Or shoudl I just connect the lines to my existing LAN switches (cat 3650s) and then out to the firewalls WAN side and then back down to the switches from the LAN side of the firewall?
Personally i think is using the same switches for the internal and external side of the firewall is a bad idea. It does come down to cost but if there was misconfiguration on your 3560 switches it could have unexpected consequences.
It does depend on what you what you do with the internet but basically if you connected your routers to the internal switches all packets from the internet hit your switch before they go to the firewall. So imagine if someone did a denial of service against the public IP of your firewall. All the traffic would first have to go via your internal switch and the firewall is there to protect your internal network in the first place.
Like i say it does come down to cost and it could be unlikely you would ever see problems but to my mind if the firewall is there to protect your LAN you should not allow traffic from the internet to go via your LAN to get to the firewall.
This was my thinking as well. The cost is not that much of a problem. I'm curious as to what model of switchs I should use for this WAN side switching. I'm use to the Cat serires but obviously dont need many ports. Any recommnedations?
I am exactly the same as you ie. i am only used to the Catalyst switches so i can't really recommend any others. Obviously they only need to be L2 switches and probably don't need much functionality except basic vlan support. The only other consideration is the throughput needed.
If cost is not a problem maybe a pair of 6500s for future proofing
On a more realistic note if you want to stick with Catalyst switches you only need the most basic L2 model which should do everything you need. However there is a Small Business switches forum on CSC so you may want to ask there -
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.