We are managing an environment where currently we have 8 pairs of redundant 3750 switches in a distribution layer.
Access layer switches (2960's) about 200.
The 3750's are acting as L3 routers for traffic (connecting to a core, which we do not control) as well as providing Access-lists for security and traffic filtering between the pairs.
The ACL lines on some 3750's are reaching close to 4000 lines!! (as far as I can tell best practise is 2000max)
While we are in the process of optimizing and reducing ACL lines I am looking at an alternative of using an ASA to provide the filtering and security instead of the additional load we are currently putting on the switches.
Can anyone provide some advise on which model to use for this type of environment. Uptime is critical, the network cannot go down.
Comparisons show that the ASA 5515-X has better features and throughput in all aspects than the ASA5520. As well as being cheaper.
Can this ASA handle the ACL capacity in terms of rules and capacity for load?
And do the SSM modules provide more capacity to the ASA5520 or is it a functionality module?
Any assistance, advise or feedback will be appreciated.
Cisco Champion Radio · S7|E40 From SD-WAN to SASE: Speed Up and Secure SaaS Internet Apps
The changing global environment has transformed how enterprise users connect to applications. The SASE architecture delivers important networking and securit...
Hi guys,Have a question regarding spanning tree and way its supposed to work when there is a redundant path in fiber daisy-chained switches. Root switch for all vlans is connected via fiber link to the first of the daisy-chained switches. Below is same co...
Hi Experts, I am designing a Ring topology to connect all all DRs and back to CR sites. Do I need to consider what is the maximum DRs which I am able to connect in the Ring and I am thinking does the latency will be affected if more sites will j...
HiI have an issue with a pppoe command in a subinterface. I'm using a c1841-advipservicesk9-mz.124-25f.bin IOSand I have a problem with the command pppoe-client dial-pool-number6. I can configure in a interface but I can't in a subinterface. Any...
c1111-4plteea yesterday i was playing for nearly an hour because my upload was at < 1Mbps as a last resort i did a few cell 0 shut -> no shut and it was at 25Mbps moving the device an inch to the left or right and bam 1Mbpsthis can no...