11-28-2018 03:13 AM - edited 02-21-2020 08:31 AM
Hi!
I want to replace my service provider Zyxel router with something more manageable. I have 2960 and 3650 switches I can use as layer 3 switches. My concern is the security when implementing a layer 3 switch over the stock router with integrated firewall.
What should I do regarding ports? I don't want outsiders to access open ports inside my network. What I know I have to do:
- NAT
- Access-list
- Routing
- DHCP
So my question is what else do I forget when I want to have a secure layer 3 switch as my router? Thanks for the help!
11-28-2018 03:48 AM
Stop where you are.
The NAT function is not on those switches. You are better off replacing the Zyxel router with a small ISR (880 series) or an ASA.
cheers,
Seb.
11-28-2018 04:04 AM - edited 11-28-2018 04:05 AM
Ohh what.. Thanks for the heads up lol! I was sure NAT worked with layer 3 switches. I can get all the different IOS available from cisco download center If there are any addons to support NAT?
Thanks for the help!
11-28-2018 04:36 AM
Last time I checked, the only multi-layer switch which did NAT was the 6500.
NAT is certainly not supported on the access-layer switches you mention. You will need to look at introducing an ISR/ ASA to your topology.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide