01-14-2024 06:33 AM
Currently running some ISR4400s as my ISP CEs and looking to eliminate these for reasons that I stopped arguing with leadership on. I believe they should be there, but honestly internet edge is simple enough I do not really need them. I did get some layer 3 switches to put in front of my firewalls though, which I can essentially make "routers" so win/win. But that being said I have seen people use this internet switch layer as layer 2 vs layer 3. Any reason to do one vs the other? I have three blocks of IPs that are assigned to me. ISP gives me ethernet hand off with a /30 and I use my blocks on the other side of that /30. So currently my routers terminate the /30 on the outside interface and my assigned blocks on the inside interface. Moving to the switches, I was going to just terminate the /30 on a no switchport interface and make my public blocks vlan interfaces and assign ports in those vlans to my firewall outside interfaces.
How are you running this edge internet design? I already have simulated it and it works fine with my design, but looking to see others perspective.
01-14-2024 07:12 AM
Did your SW do NATing ?
MHM
01-14-2024 07:49 AM
No the firewalls are doing the NAT. I mean i kinda just made the switches "routers" to get around the leadership taking away actual routers.
01-14-2024 11:27 AM
If your Firewall can handle routing and NAT then i will do below to eliminate the Hop, Hoping that you have only 1 Exit point
ISP CE----Layer 2 Switch ---FW--LAN network should work for you.
ISP CE thinking that they hosted in your environment have not control (managed by ISP)
Please correct if you have Dual ISP link and other requirement like BGP so on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide