Announcement

Collapse
No announcement yet.

Advice about Layer 3 switching

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advice about Layer 3 switching

    Hello

    My network (where I work) currently has 5 or so VLAN's but only using layer 2 switching (we use a checkpoint firewall as the router on a stick), I want to replace the current switch's with layer 3 switch's, now I read the artical on the main page and that put my mind at rest a bit, I just though would like to confirm what I think will work, will work.

    I was considering Cisco 3560's, would these sound about correct??? The main thing I want to achieve is routing between subnets without having to use the Checkpoint (as this is limited to a single 10/100 port). I would also like switch's that if possible have the option to link them into a single switch using some sort of wide bandwidth connection (ie not just linking them with 10/100/1000 cat5's)

    I like to only use the command like, has anybody got any config parts that show how the routing and access-lists work?? I would be interested to see them.

    Sorry I know it includes some daft questions, but I want to put this forword to my company as a recomendation, but I have this silly situation where I cant get any of the kit until the recomendation is OK'd, and I cant produce a recomendation with the kit....
    Last edited by Wizball; 26th January 2007, 18:02.

  • #2
    Re: Advice about Layer 3 switching

    you can use a routing protocol like ripv2, eigrp or ospf.
    an another option is using static routes.

    I'm not sure about the switch you mentioned, but i'm sure the 3750 can handle the job. Maybe you should compare the specs...
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Advice about Layer 3 switching

      The 3560 is very capable of handling your needs (make sure you get the right IOS and the right type of switch if you require additional things like PoE). You can use any of the routing protocols that Dumber mentioned. It would be in your best interest to get a Cisco Sales Rep on the phone to answer any last minute questions and to verify you are getting what you expect.

      It's a great thing that you are taking the load off of your CheckPoint because (at least IMO) it should be dedicated to firewall duties.

      Here is a link to the Cisco Hierachial Model:
      http://www.mcmcse.com/cisco/guides/h...al_model.shtml

      Maybe referencing this model during your recommendation will help...

      Good Luck~!

      Comment


      • #4
        Re: Advice about Layer 3 switching

        A 3560 will do the trick. Just keep in mind you're going to lose the ability of the checkpoint to be a firewall between these vlans.

        3750s are 3560s with a backplane connection on the back (aka stacking).

        To do the routing you do a one time command "ip routing" to enable it. At that point you can do something like this

        int vlan3
        ip addr 192.168.3.1 255.255.255.0
        Thanks,
        Brian Desmond
        Microsoft MVP - Directory Services
        www.briandesmond.com

        Comment


        • #5
          Re: Advice about Layer 3 switching

          although AFAIK you can set some access-lists on the 3650.
          But it does not perform real firewall security.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Advice about Layer 3 switching

            OK, thanks for the advice guys, all good stuff. Access-lists should be ok, only looking for allowing the odd port here and there, and most rules would be subnet wide.

            Looks for sure this is the way to go.

            Thanks again.

            Comment


            • #7
              Re: Advice about Layer 3 switching

              Hi Wizball,
              Thanks for your post!
              And thanks to everyone else who already posted - great info!

              I just wanted to say, I suggest you get with a good cisco reseller in your area to make sure you get all the right parts in your quote. For example, I believe for a switch to do layer 3 routing, you need to have the enterprise IOS.

              Also, the ability to link the switches with something more than just a 1GB Ethernet crossover cable is nice. At my company, we have linked our two switches with the stacking cable to get a 16GB connection between them, I believe it is.
              David Davis - Petri Forums Moderator & Video Training Author
              Train Signal - The Global Leader in IT Video Training
              TrainSignalTraining.com - Free IT Training Products
              Personal Websites: HappyRouter.com & VMwareVideos.com

              Comment

              Working...
              X