Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using a single 3550 as an edge router and campus switch?

We have a single 3550-EMI a Pix 515e and 2 WAN connections (1Mbit and 3Mbit). My question is, can I use the 3550 to load balance between the two WAN connections, go to the PIX, and then come back into the same 3550 on a separate VLAN and switch for the rest of the network?

For example:

VLAN 10 would have WAN1, WAN2, and the PIX WAN interface.

VLAN 20 would have the PIX LAN interface and the rest of the network.

Will the 3550 even load balance on different speed connections? Am I out on a limb with ths one?

  • Other Network Infrastructure Subjects
1 REPLY

Re: Using a single 3550 as an edge router and campus switch?

You can do this, but I would not recommmend to use the same switch for the inside and outside interfaces of the pix. Eventhough the inside and outside interfaces of the pix will be in two different vlans, from a security standpoint, they are physically on the same switch. You will still have to have a vlan based ACL to secure access control between the two vlans (10 and 20 in your case).If a hacker breaches till your switch, he can very well bypass the pix and attack your inside lan.

Before getting into Load balancing, what protocol do you run to route packets to your ISP. Do you use BGP or are you using static default routes ? Do you plan to use HSRP with one link as primary and the other as backup, or do you plan to use both links at the same time ?

The following methods will ensure that both links will be used for outbound load balancing. You wont be able to achieve inbound load balancing without running a protocol such as BGP with your provider.

Loadbalancing on 3550:

You can put the pix wan interface and the wan1 and wan2 interface in the same vlan 10. Vlan 10 will be a SVI (switched virtual interface). In this case, you can configure two default routes, pointing to wan1 and wan2 respectively.

You also have the option of doing load balancing at the PIX. If you run a routing protocol on wan1, wan2 and pix such as OSPF (PIX requires 6.3 OS to run OSPF). On WAN 1 and WAN 2 you can use the "defaut-information originate" command to inject default routes into OSPF.

If you plan to use one link as primary and second link as backup, run a protocol such as HSRP on wan1 and wan2. The 3550 should have its default gateway pointing to the HSRP virtual address of wan 1 and wan 2.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801a6b39.html

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#19261

199
Views
0
Helpful
1
Replies
This widget could not be displayed.