1. It should not be a trunk. Having the firewall connected in each vlan is not rely usefull and will only make everything harder to troubleshoot. Route traffic to it. If the firewall support OSPF and your table are not too big, use it to load balance trafic on your to router. Remenber to track those link in your HSRP.
2. If your VLAN host are only in one switch(one vlan / switch ) use that switch as the root and use GLBP, not HSRP. (It might be hard to keep all your vlan in only one switch overtime, management can be hard to deal with :))
If your vlan host are not all in the same switch : For STP, use the 2 core router as STP root bridge. Half the vlan on each switch. Make sure HSRP active router is also the root bridge to minimise trafic on the link between the 2 router.
3.YES,if it's an access vlan, you have no loop. Imagine on sw2 if one uplink interface break, your network will be split in 2.Very bad if your vlan host are on many different switch.
Thanks Dominic, I am restructuring the existing design by adding some additional Switches and adding Vlans for a heretical design. Already I have a PIX Firewall and you have mentioned that, firewall connected with the VLAN will not be really help helpful. I that case how I should restructure my design. Where can I place the firewall ??? Give me your kind suggestions guys.
Brad, just to save ports in the Core Switch I am piggy bagging like a daisy chain. And if I connect each Access Switch with the Core Switch, I dt have a Gig port for the third Switch for a redundant link. If you guys have any other solutions, give me your suggestions.
In the design the Server Vlan is assigned to 6506 switch and all the servers like DNS, Domain & Exchange will be inside this Vlan. I am little bit confused whether to use ip helper-address or ip directed-broadcast.
In either case should I need to assign the helper address inside each of the vlan interface on both Switches.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...