I'm looking to move to a new 6500-core based architecture, but there's a piece of the plan I can't figure out.
How would your architect this: I want all networks to be a vlan on the 6500 with it acting as their gateway router. However I want to group those vlan's into 'zones' where to get from one zone to another the 6500 will route it out to the PIX and then back down to the other zone.
This way I could have a PIX with say three inside interfaces, USERS, DMZ1, DMZ2. Then I could have a SALES, TECH, SYSADMINS, and OTHER set of "user" vlans that are all downstream of the pix's users interface. DMZ1 and DMZ2 would similarly have 3 - 10 vlan's behind them.
Make sense? I also want a set of VLANs that don't uplink through the PIX at all, they skip over it and go straight out to the internet. I need this because my PIXs can't handle the full bandwidth load of our web and stream servers.
edit: I drew this diagram to help explain what I'm talking about.
Use an FWSM Module which is basically a Virtual PIX. It'll sove all your headaches.
The way it works is using Contexts (IE Virtual Firwall) You assign vlans to a context depending on how you want to setup your routing and sercurity.
Lets say you have three contexts with vlans 1-5 10,11
You would attach vlans 1-5 to your primary context
vlan 5 and 10 to another and 5 and 11 to yet another.
Lets say you want traffic to flow from vlan 1 to vlan 11. Triffic would hit the Primary_Context go through the access-list then get dropped onto vlan 5 where it would then go to your Third_Context access-lists and then drop into vlan 11.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...