Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
1
Replies

Using a single 3550 as an edge router and campus switch?

bascheew
Level 1
Level 1

‎11-26-2003 03:39 PM - edited ‎03-02-2019 12:00 PM

We have a single 3550-EMI a Pix 515e and 2 WAN connections (1Mbit and 3Mbit). My question is, can I use the 3550 to load balance between the two WAN connections, go to the PIX, and then come back into the same 3550 on a separate VLAN and switch for the rest of the network?

For example:

VLAN 10 would have WAN1, WAN2, and the PIX WAN interface.

VLAN 20 would have the PIX LAN interface and the rest of the network.

Will the 3550 even load balance on different speed connections? Am I out on a limb with ths one?

Labels:
0 Helpful
1 Reply 1

thisisshanky
Level 11
Level 11

‎11-26-2003 06:55 PM

You can do this, but I would not recommmend to use the same switch for the inside and outside interfaces of the pix. Eventhough the inside and outside interfaces of the pix will be in two different vlans, from a security standpoint, they are physically on the same switch. You will still have to have a vlan based ACL to secure access control between the two vlans (10 and 20 in your case).If a hacker breaches till your switch, he can very well bypass the pix and attack your inside lan.

Before getting into Load balancing, what protocol do you run to route packets to your ISP. Do you use BGP or are you using static default routes ? Do you plan to use HSRP with one link as primary and the other as backup, or do you plan to use both links at the same time ?

The following methods will ensure that both links will be used for outbound load balancing. You wont be able to achieve inbound load balancing without running a protocol such as BGP with your provider.

Loadbalancing on 3550:

You can put the pix wan interface and the wan1 and wan2 interface in the same vlan 10. Vlan 10 will be a SVI (switched virtual interface). In this case, you can configure two default routes, pointing to wan1 and wan2 respectively.

You also have the option of doing load balancing at the PIX. If you run a routing protocol on wan1, wan2 and pix such as OSPF (PIX requires 6.3 OS to run OSPF). On WAN 1 and WAN 2 you can use the "defaut-information originate" command to inject default routes into OSPF.

If you plan to use one link as primary and second link as backup, run a protocol such as HSRP on wan1 and wan2. The 3550 should have its default gateway pointing to the HSRP virtual address of wan 1 and wan 2.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801a6b39.html

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#19261

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents