Use Layer 3 Switch to replace service provider Router?

puttybear · ‎11-28-2018

Hi!

I want to replace my service provider Zyxel router with something more manageable. I have 2960 and 3650 switches I can use as layer 3 switches. My concern is the security when implementing a layer 3 switch over the stock router with integrated firewall.

What should I do regarding ports? I don't want outsiders to access open ports inside my network. What I know I have to do:

- NAT

- Access-list

- Routing

- DHCP

So my question is what else do I forget when I want to have a secure layer 3 switch as my router? Thanks for the help!

Seb Rupik · ‎11-28-2018

Stop where you are.

The NAT function is not on those switches. You are better off replacing the Zyxel router with a small ISR (880 series) or an ASA.

cheers,

Seb.

puttybear · ‎11-28-2018

Ohh what.. Thanks for the heads up lol! I was sure NAT worked with layer 3 switches. I can get all the different IOS available from cisco download center If there are any addons to support NAT?

Thanks for the help!

Seb Rupik · ‎11-28-2018

Last time I checked, the only multi-layer switch which did NAT was the 6500.

NAT is certainly not supported on the access-layer switches you mention. You will need to look at introducing an ISR/ ASA to your topology.

cheers,

Seb.