Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
2
Replies

PIX and Switch VLAN Question

rasoftware
Level 1
Level 1

‎04-28-2006 06:17 AM - edited ‎03-04-2019 03:08 AM

I need a bit of advice on a setup i'm proposing.

We want to use a switch 2950 or similar L2 switch to create multiple VLANs to give to each customer at our site which we can do. Inter-VLAN routing is not required. I want to provide each with internet access by plugging in a PIX or router into one of the switch ports to provide VLAN trunking to the whole switch and the VLANS. I also want to use the DMZ port on pix/router to provide non-natted connections also for those that want it. I also want to have some kind of QoS to restrict each VLAN port to a maximum bandwidth.

I don't have the hardware available at them moment to test this but does it sound possible?

1) Am I better using a PIX or router. I read somewhere the PIX wont support VLAN trunking?

2)Is QoS the correct thing to be using to restrict bandwidth? ie if the pay for 200Kbs I can restrict that port to 200Kbs.

3) Would a layer 3 switch be better and just a simple router as a gateway?

I've attached a diagram of what im trying to do!

Labels:
Preview file
24 KB
0 Helpful
2 Replies 2

sean
Level 3
Level 3

‎04-28-2006 11:22 AM

With pix version 7 and at least a PIX 515E, you can trunk. You just create the subinterfaces required on the PIX, but there is a limit to the number of subinterfaces allowed.

QoS will work for rate-limiting, but will depend on where you are trying to impose the limit. For example, if you have a simple layer 2 switch and a router, you would only be able to rate-limit only on the router interface. This would be fine for downloading (from the end-user perspective) but uploading is not rate-limited until it hits the router interface. This might cause an issue if too many individuals have a virus on their network connection, and kill the switch. Higher end switches allow greater functionality at the port level, but they cost more.

Depends on what kind of layer 3 switch you were going to use. If you used something high end like a 4500 or 6500 (with the right sup), that would definitely be better than a low end router (just depends on the budget and application). If it is only a 3550, then it is nice, but you loose some of the features on a router such as NBAR. This may not be a big deal, but if you are trying to clean up traffic and make it more efficient, NBAR definitely helps.

0 Helpful

rasoftware
Level 1
Level 1
In response to sean

‎05-02-2006 07:25 AM

Hi, thanks for the info.

What I would be looking at is a single VLAN per port. The clients would then use this port as access to the internet. I would like to limit upload and download on a switch single port is this possible?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card