Currently i'm only advertising/peering 8 of theses 16 like so:
encapsulation dot1Q 230
ip address 188.8.131.52 255.255.255.0 secondary
ip address 184.108.40.206 255.255.255.0 secondary
ip address 220.127.116.11 255.255.255.0 secondary
ip address 18.104.22.168 255.255.255.0 secondary
ip address 22.214.171.124 255.255.255.0 secondary
ip address 126.96.36.199 255.255.255.0 secondary
ip address 188.8.131.52 255.255.255.0 secondary
ip address 184.108.40.206 255.255.255.0
Is it good practice to do 3 vlans sub-interfaces on the FastEthernet, like for instance:
I need to bring in 5 more, but I'm thinking of changing this setup now.
My 3640 is connected to a 6500 as a trunk port and the firewall is on the 6500 with a trunk port also.
Could I do 3 netblocks each with it's own vlan and sub-interface on the 3640, trunk that to the 6500 and back to the firewall? The firewall is a fortigate and actualy supports up to 256 sub interfaces.
How many sub interfaces are you allowed to put on a 3640 Fastethernet?
Im thinking of this setup:
(This would be vlan 224 with Firewall Sub-Interface as 220.127.116.11/21)
encapsulation dot1Q 224
ip address 18.104.22.168 255.255.248.0
(This would be vlan 232 with Firewall Sub-Interface as 22.214.171.124/22)
encapsulation dot1Q 232
ip address 126.96.36.199 255.255.252.0
(This would be vlan 236 with Firewall Sub-Interface as 188.8.131.52/22)
Not sure I see the purpose of the 6500 between the router and the firewall. All it is doing is to act as a crossover cable between the router and the firewall.
I am going to hope that you have another switch on the far side of firewall and have not cabled both the trust and untrust into the 6500. Still you are going to have to run the firewall in layer 2 mode which make things more challenging.
You will also need to change your BGP since it will not advertise out any of these subnets. You will need to verify with the ISP they will take a bgp advertisement with less than a /24 mask.
Have to agree with edison you really want to move the routing further into you network. Either on the firewall itself on the inside ports or to a layer 3 switch behind the firewall. With this many layer 2 networks running through the firewall one broadcast storm will bring the firewall to its knees.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...