I am looking to create two default routes on an SGE.
I will be setting up a network in which two organizations will be sharing a common infrastructure and phone system but need to maintain separate data and servers.
I will create three VLANs: Company A, Company B, and Voice VLAN. I will also put in ACLs to allow traffic between each organization and the voice but restricting traffic between the organizations.
Clearly, each company will need a default route out to their firewall. Will the SGE switches support two default routes? Both VLANs would attempt the one with the lowest cost first, but the one company would get blocked due to the ACL and would try the next higher cost default route.
Any thoughts? Does the SGE support multiple default routes?
Sound like the switch should be in Layer 2 mode, with two user VLANs with a interface in each VLAN connected to two seperate Firewalls.
Easily achieved on the SGE2000 or even the very capable 300 series switch product.
My train of twisted thought makes me think, in a router, with dual WAN, you can have two default routes, depending on the router, it starts to perform equal cost multipath routing between the two WAN interfaces, if the route costs are equal. If there routes are not equal then the higher cost route is not used.
Usually, a dual port WAN in a router can support policy based routing, so that one subnet can go out to one firewall and the other subnet can be policy routed through a different interface to another firewall. that's what i think you are trying to achieve.
The SGE2XXX switch want to have one default route not two. I just can't recall seeing policy based routing on the SFE/SGE.
I think, if you could squeeze two default routes into the SGE2000, we would have a situation of equal cost multipath routing between the two WAN interfaces which usually ends up as a round robin . Not what you want.
Why not just leave the switch in Layer two mode with four VLANs configured,
VLAN1 admin VLAN for you to administer the network.
VLAN2 company A data VLAN
VLAN3 company B data VLAN
VLAN3 Voice VLAN
Have a untagged port on each data vlan connected to the Firewall device that also performs some sort of DHCP functionality and gateway functionality for the VLAN members..
Yep use the ACL functionality to restrict any potential routing between data vlans, if that is what you want.
Article ID:4006 Configure Secure Shell (SSH) Server Authentication
Settings on a Switch Objective Secure Shell (SSH) is a protocol that
provides a secure remote connection to specific network devices. This
connection provides functionality that is similar...
Article ID:4982 Access an SMB Switch CLI using SSH or Telnet Objective
The Cisco Small Business Managed Switches can be remotely accessed and
configured through the Command Line Interface (CLI). Accessing the CLI
allows commands to be entered in a termina...
Article ID:5735 Convert Configuration Files using the Configuration
Migration Tool on Cisco Small Business Switches Introduction The Cisco
Configuration Migration Tool allows you to convert configuration files
from previous generation of Cisco Small Busin...