Using a single 3550 as an edge router and campus switch?
We have a single 3550-EMI a Pix 515e and 2 WAN connections (1Mbit and 3Mbit). My question is, can I use the 3550 to load balance between the two WAN connections, go to the PIX, and then come back into the same 3550 on a separate VLAN and switch for the rest of the network?
VLAN 10 would have WAN1, WAN2, and the PIX WAN interface.
VLAN 20 would have the PIX LAN interface and the rest of the network.
Will the 3550 even load balance on different speed connections? Am I out on a limb with ths one?
Re: Using a single 3550 as an edge router and campus switch?
You can do this, but I would not recommmend to use the same switch for the inside and outside interfaces of the pix. Eventhough the inside and outside interfaces of the pix will be in two different vlans, from a security standpoint, they are physically on the same switch. You will still have to have a vlan based ACL to secure access control between the two vlans (10 and 20 in your case).If a hacker breaches till your switch, he can very well bypass the pix and attack your inside lan.
Before getting into Load balancing, what protocol do you run to route packets to your ISP. Do you use BGP or are you using static default routes ? Do you plan to use HSRP with one link as primary and the other as backup, or do you plan to use both links at the same time ?
The following methods will ensure that both links will be used for outbound load balancing. You wont be able to achieve inbound load balancing without running a protocol such as BGP with your provider.
Loadbalancing on 3550:
You can put the pix wan interface and the wan1 and wan2 interface in the same vlan 10. Vlan 10 will be a SVI (switched virtual interface). In this case, you can configure two default routes, pointing to wan1 and wan2 respectively.
You also have the option of doing load balancing at the PIX. If you run a routing protocol on wan1, wan2 and pix such as OSPF (PIX requires 6.3 OS to run OSPF). On WAN 1 and WAN 2 you can use the "defaut-information originate" command to inject default routes into OSPF.
If you plan to use one link as primary and second link as backup, run a protocol such as HSRP on wan1 and wan2. The 3550 should have its default gateway pointing to the HSRP virtual address of wan 1 and wan 2.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...