Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Network Design

Hi Experts,

As our compony is looking for network re-designing by getting Layer 3 Swicth (Cisco 3560 E Series),Layer 2 (2950 Switch) and ASA 5510.

please find the attached traditionla network diagram of our compony and sugest me if we bring Layer 3 Swicth (Cisco 3560 E Series),and ASA 5510 where can we place all this devices.

1. is 3560 switch better to place in Distributed layer or Core Layer.

Hall of Fame Super Silver

Re: Network Design

Hello Chamakura,

the C3560 can be good for Distribution.

However, if your company is not so big you can collapse the core and distribution on the same devices.

The ASA 5510 should be placed on the path to the internet links to be able to protect your network

see enteprise campus design

If the company is big and you need a core layer you should think of a more powerful pair of devices as your core like C4500 or C6500.

Note: I don't see your attachment file try to post it again

Hope to help


New Member

Re: Network Design

Hi Giuseppe,

Thank You,if that is the case then what about the remaining port of the C3560(24 Ports).

2 Port for 2-ISP

1 Port for the ASA.

how can i do inter vlan routing.

we have 1841 router can i place this in Core layer after that ASA and then the Multilayer Switch in Distribution layer and 2950 in Access Layer.

1. 1841 (Core Router) connected to IS and ASA.

2. ASA 5510 Connected to 3560 Switch.

3. 3560 Switch to Access Layer (2950 Switch).


Kiran Kumar Ch

Hall of Fame Super Silver

Re: Network Design

Hello Kiran,

you can do inter-vlan routing on the C3560 itself.

you just need to enable ip routing and to create the logical Switched virtual interfaces on the C3560

ip routing

vlan 10

vlan 20

int vlan 10

ip address

no shut

int vlan20

ip address

this is enough to perform inter-vlan routing

I think the 1841 should be after the ASA if you want to use the ASA to protect your network it needs to be on the path to external world.

I suppose the C1841 terminates some data connection from a service provider and/or an internet connection.

The internet connection can also be connected to the ASA and the c1841 used to connect to some remote site using a data service

the connection with the access layer switches will be made of L2 trunks to carry all the client vlans (vlan 10 and vlan 20 in my example)

Hope to help


New Member

Re: Network Design

Hi Giuseppe,

I have challenge to re-design the Network.

I have following devices.

1. 1841 Router

2. 3560-E Multilayer Switch.

3. ASA 5510

4. 2950 Switches.


1. Priority Basaed Routing for Video,Voice and data.

2. Should perform VLAN's

3. Inter Vlan routing.

with above given devices what type of Design will you suggest.


Kiran Kumar CH

Hall of Fame Super Silver

Re: Network Design

Hello Kiran,

actually you didn't provide much more details

The central device is clearly the C3560E that will perform inter-vlan routing.

I guess but I may be wrong that you need to have two exit points one to ASA and one to 1841.

So you can think to have this setup

2950--- L2 trunk --- C3560E

this is for client vlans

exit points are two and connected to C3560E

C3560E --- routed link 1 --- C1841

|---------- routed link 2 ---- ASA

PBR is performed on C3650E that supports it


using an extended access-list you can define traffic to be diverted by PBR

just an example

access-list 111 permit udp any any range 16

access-list 111 permit tcp any any eq 554

route-map pbr_mmedia permit 10

match ip address 111

set ip next-hop c1841.ipaddress

the route-map has to be applied inbound on each client Vlan

int vlan10

ip policy route-map pbr_mmedia

int vlan 20

ip policy route-map pbr_mmedia

to complete the solution you need a preferred default route out ASA

ip route asa-ipaddress 10

a backup default route to c1841

ip route c1841-ipaddress 200

for return paths static routes for the client vlans are needed on both ASA and C1841

Hope to help


Super Bronze

Re: Network Design

Just wondering about the combination of 3560-E and 2950. It seems a bit odd for a network design because the 3560-E is about top tier for a standalone Cisco L3 switch yet the 2950s, being 10/100 (except for uplinks), wouldn't seem to merit the need for 3560-E.

Some other equipment you might want to consider, if you don't need 10 gig perhaps a 4948 L3 switch in lieu of the 3560-E; if you don't need 10 gig nor the performance of the 3560-E, perhaps a 3560; if the L3 switch and the L2 switch (es) are next to each other, perhaps a 3750 stack; if you want device redundancy for the "core/distribution", perhaps a 3750 or 3750-E dual unit stack, etc.