Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
3
Replies

Internet Edge Design

Steven-Williams-83
Level 1
Level 1

‎01-14-2024 06:33 AM

Currently running some ISR4400s as my ISP CEs and looking to eliminate these for reasons that I stopped arguing with leadership on. I believe they should be there, but honestly internet edge is simple enough I do not really need them. I did get some layer 3 switches to put in front of my firewalls though, which I can essentially make "routers" so win/win. But that being said I have seen people use this internet switch layer as layer 2 vs layer 3. Any reason to do one vs the other? I have three blocks of IPs that are assigned to me. ISP gives me ethernet hand off with a /30 and I use my blocks on the other side of that /30. So currently my routers terminate the /30 on the outside interface and my assigned blocks on the inside interface. Moving to the switches, I was going to just terminate the /30 on a no switchport interface and make my public blocks vlan interfaces and assign ports in those vlans to my firewall outside interfaces. 

How are you running this edge internet design? I already have simulated it and it works fine with my design, but looking to see others perspective. 

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎01-14-2024 07:12 AM

Did your SW do NATing ?

MHM

0 Helpful

Steven-Williams-83
Level 1
Level 1
In response to MHM Cisco World

‎01-14-2024 07:49 AM

No the firewalls are doing the NAT. I mean i kinda just made the switches "routers" to get around the leadership taking away actual routers. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-14-2024 11:27 AM

If your Firewall can handle routing and NAT then i will do below to eliminate the Hop, Hoping that you have only 1 Exit point

ISP CE----Layer 2 Switch ---FW--LAN network should work for you.

ISP CE thinking that they hosted in your environment have not control (managed by ISP)

Please correct if you have Dual ISP link and other requirement like BGP  so on.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents