cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1535
Views
10
Helpful
5
Replies

Router or ASA Firewall?

MarkSymms88085
Level 1
Level 1

Hi All,

So this question is for my home network, which at most times will have less than 50 hosts connected (IoT, cellphones, tablets, desktops, etc).  I have a Cisco Catalyst 3750.   I will create 7 different VLANs to segment the network.  My question involves solving my DHCP problem and a firewall.  I have looked at the ASA 5515X and a router with IOS Firewall, but cannot afford both.  I want to be able to, obviously,  assign IP addresses to each separate subnet/VLAN.  The 7th VLAN, however, is for the security cameras and the NVR (Network Video Recorder) system has its own DHCP server, apparently with limited configurability, that supplies ipv4 addresses to each camera. I don't want the main DHCP server to conflict or try to assign IPs to the cameras.  I am assuming that the NVR, once it receives a DHCP request from the camera will not forward to the main DHCP server.  I will assign a static IP, hopefully to the NVR itself.

 

Can I accomplish this with an ASA 5515X?  Will setting up the firewall services on a router (i.e. 2811) throttle the throughput noticeably?  Or am I better off running pfSense?

 

Any help or insight is greatly appreciated..

-mark

2 Accepted Solutions

Accepted Solutions

I think that SW can do DHCP work, where you can config DHCP local for VLAN and make Camera and other connect to DHCP server in specific VLAN.

so router or FW will be far away form dhcp and it concert is only internet and security connect. 

View solution in original post

balaji.bandi
Hall of Fame
Hall of Fame

Edge side Prefer to have FW, so it protects your network.

3750 can support as DHCP Server for your requirement.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

I think that SW can do DHCP work, where you can config DHCP local for VLAN and make Camera and other connect to DHCP server in specific VLAN.

so router or FW will be far away form dhcp and it concert is only internet and security connect. 

balaji.bandi
Hall of Fame
Hall of Fame

Edge side Prefer to have FW, so it protects your network.

3750 can support as DHCP Server for your requirement.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MarkSymms88085
Level 1
Level 1

Thanks for the help BB and MHM!  I will work on that scenario

You Are welcome, if it solve please mention that it SOLVED.
Good Luck...

Another option would be to configure DHCP servers on the ASA itself. In that case you can configure the 3750 to act as a layer 2 switch, and trunk a connection to the ASA where you will have all the inter-VLAN security policies applied. You can also ether channel the connection between the switch and the ASA to get more bandwidth if needed.