Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2367
Views
0
Helpful
6
Replies

4506 Core Switch, 7204 Core Router, 3700 border router - HELP

Andrew Schulz
Level 1
Level 1

‎05-15-2012 03:17 PM - edited ‎03-04-2019 04:21 PM

Hi, I'm looking for some guidance/recommendations. I'm looking at ways to eliminate the need for extra equipment/costs and here is what I am thinking.

I currently have Comcast EDI (CPE) that connects to my 3700 border router, from the border router I have a 2960 External Switch that connects to my 2 HA firewalls, the firewalls then connect to my internal network via the 4506 core switch (just switching) and then for routing I have the 7204 core router.

What I am thinking about attempting is to eliminate the border router, external switch and core router and use just my 4506 for all three. I can easily conceive of how to move my core router into my core switch, but I'm not sure if A) its a good idea to move the border router to the core switch B) how to vlan this with the default gateway as I currently have on my border router C) if it is a security concern to set it up this way.

Any help, guidance or suggestions on this would be appriceated.

Labels:
0 Helpful
6 Replies 6

avendittelli
Level 1
Level 1

‎05-15-2012 04:55 PM

Hi,

It seems the most logical thing to do would be to eliminate your external switches and 1 firewall.  Under your current scenario you have a single router and a single core switch, both single points of failures.  Having 2 firewalls does not really buy you anything because you have a single core and single BR.  In fact you have actually introduced another point of failure by adding the 2960 switch.

You can certainly get rid of your BR and connect your CPE device directly into your FW.  Then you can connect your FW into your core router.  I will assume you have 1 Vlan since you do not list any.  The easiest configuration would be to have our FW internal interface be the DG for all of your devices and the FW will forward all of your external traffic to your CPE.  All local traffic will be switched within your 4500.

If you have more than 1 vlan the DG on your internal devices would simply be the VLAN interface on the core switch.  For example if you have VLAN 10, create a vlan interface w/ ip address of 192.168.1.1 /24.  All devices on that vlan would use 192.168.1.1 as their DG.  VLAN 20 would have a vlan interface of 192.168.2.1 /24 and all devices on that vlan would have a DG of 192.168.2.1.  The Core Switch itself would have a DG that pointed to the FW internal interface.

Hope that helps.

0 Helpful

Andrew Schulz
Level 1
Level 1
In response to avendittelli

‎05-15-2012 08:03 PM

Thanks for the reply. To clearify, yes I have multiple VLAN's (data, voice, wireless, etc) so that is a good point and helpful information. As for the firewalls they are setup as primary/standby and thus are valuable in the event the primary goes down then the secondary would pickup until the primary came back online.

Finally, let me help clear up the picture. Below is my current network setup, I would like to eliminate the Border Router, Core Router and External Switch and use only the Core Switch. What I think I need to do is 1) turn on routing on the core switch give it the IP that I currently use on my core router for the default gateway of all my internal traffic, and setup all existing routes that I had on my core router. 2) I would create a VLAN for the Border router, give it an IP and needed routes. 3) Designate two ports in a VLAN for both firewalls, acting as the external switch. Thus eliminating both routers and 1 switch leaving me with just the 4506.

Avendittelli,

Does this still seem feasable and logical? Or am I missing what you are describing to me as the direction I should take?

Thanks again...

0 Helpful

avendittelli
Level 1
Level 1
In response to Andrew Schulz

‎05-17-2012 05:08 PM

It seems what you want to do is correct.  Remember CEF will do all the routing for you when you create VLAN interfaces.  So be careful when you create the vlan interfaces as routing will happen between them automatically.

Make sure you create your default route and you should be good with the plan you stated above.

0 Helpful

AnnaV
Level 1
Level 1
In response to Andrew Schulz

‎06-24-2019 09:43 PM - edited ‎06-25-2019 06:52 AM

Zebor

0 Helpful

AnnaV
Level 1
Level 1
In response to AnnaV

‎06-24-2019 09:44 PM - edited ‎06-25-2019 06:53 AM

Zebor

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Andrew Schulz

‎06-24-2019 11:13 PM

Hi,

Your network diagram is not attached properly or not visual for me. I recommended creating VRF on your core switch for your WAN connections. It will help to make sperate routing/L3 and L2 tables on the Switch. 

What is currently the functionality of your border router? Is there any Dynamic routing or any other features enabled on the router? I hope you had checked that same and you can perform the same task on the Core switch. 

If not then you must verify the configuration and limitation of your core switch. 

 

On all other points, I agree as other persons guided to you. 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card