Cisco Support Community
Community Member

Vlan redundancy, segmenting public ip block 3750x

I'm building a new colo presence with a full class C of public IP's. The idea is to connect to our ISP with a 3750x switchstack and they will be providing two ethernet drops that conect directly into two seperate switches on their side with HSRP and BGP at the routing level, so we will just point to their virtual IP (gateway address).

I'm not sure how to either segment the public ip block or statically route each ip address and the interaction of vlans/svi with HSRP groups. Just use the switch at layer 2 or handle the internal routing with eigrp or ospf at layer3?

Of course we have no budget to do things right, someone must have tried this to some degree already any config examples or suggestions out there?

I'm concern about security and secondly attaining as much redundancy as possible


VIP Super Bronze

Vlan redundancy, segmenting public ip block 3750x

If this is small network with only 2 switches, than you can run the 3750s as layer-2 with vlans and use the ISPs routers with HSRP as the default gateway for your users.  The other solution would be to have the default gateway on your 3750s and also a default route to the virtual IP to your service provider.  You really don't need any type of routing protocols, if the network is small.


Community Member

Vlan redundancy, segmenting public ip block 3750x

I plan to segment our customers and services with their own firewall and lan switching once past this connectivity to the isp, each customer or service firewall will connect to this 3750 stack with their own vlan/svi. IP routing is enabled with a def route to the isp at this time.

Are there any better choices when it comes to subnetting the public IP block into smaller blocks at the vlan/svi level? To me this isn't very flexible when it comes time to add more IP's to a service or customer that has used the predefined subnets I'm making

I should also mention they are providing two eth drops which are connected to two separate switches on their side running hsrp. so I'm pointing two interfaces, one from each switch to their virtual IP (Gateway) with the switchport mode set to access. How will the redundancy of the switch stack play with the two separate ethernet drops at the isp in this active standby hsrp setup? Is there something I can do with HSRP groups and vlans on our switching to create a more resilient network?

CreatePlease to create content