Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to configure switch to route ISP ethernet handoff? (L3 or VLAN routing)

I have an ISP providing a redundant internet circuit through Ethernet handoff, and I need to route their border network to my firewall which will hold the public IP address block.  The handoffs will go into 2 3750 switches stacked, which in turn will be uplinked to an ASA active/standby pair.  How do I configure the switches to handle the traffic?  The equipment isn't in place yet so I can't test the configuration; just trying to validate the plan.  I'm not sure of the pros/cons of using L3 switchport vs VLAN routing.

 

Example, ISP provides 2 drops, 10.10.10.1/29 and 10.10.10.2/29, and a virtual gateway to route traffic out to the internet, 10.10.10.3/29 (FYI - in reality these are public IP's, just using privates for example).  Assume the public block is 192.168.0.0/24.  I need to configure the 3750 switches with interfaces of 10.10.10.4/29 and 192.168.0.1/24.  The ASA firewall outside interface will be 192.168.0.2/24.

The ISP routes everything destined for 192.168.0.0/24 to 10.10.10.4/29.  I need to route all outbound internet traffic to 10.10.10.3/29.

 

So the 3750 would have a layer 3 port-channel with IP 10.10.10.4/29 to uplink to the ISP drops.  It will also have another layer 3 port-channel with IP 192.168.0.1 (or should I use a VLAN interface for both or either?).  The ASA outside interface will be 192.168.0.2.  On the ASA my default route out is 0.0.0.0 0.0.0.0 192.168.0.1.  The default route on the 3750 stack will be 0.0.0.0 0.0.0.0 10.10.10.3.

Thoughts?

                                                                             [ISP-BORDER1-10.10.10.1]

                                                                           /                                              \

[INTERNET]----[ISP-BORDER-VIP-10.10.10.3]                                                 [3750-L3-PORT-10.10.10.4/192.168.0.1]----------[ASA-192.168.0.2]

                                                                           \                                              /

                                                                            [ISP-BORDER2-10.10.10.2]

 

 

411
Views
0
Helpful
0
Replies