Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1688
Views
5
Helpful
3
Replies

Best Practice for Routing VLANs

Go to solution
JB-TX
Level 1
Level 1

‎11-04-2019 07:28 AM

Hello All,

I will be re-configuring our network here soon. I wanted to see what the best approach to routing vlans would be?

To make a simple example:

vLAN 1 - user

vLAN 2 - Server

vLAN 3 - WiFi

vLAN 4 - Inside WAN

3 Access Switches -> CORE Switch -> ASA

IP Routing (inter-vlan routing) enabled on all switches. Would it be beneficial to route all traffic to the core switch under it's specific vlan or route all traffic through one primary vlan like vLAN 4?

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎11-04-2019 07:55 AM - edited ‎11-04-2019 07:57 AM

In according Cisco's best practices.

L3 connection between access > distribution and core it is a good option. Because your vlans will be managed locally on each device.
Routing: Distribution layer has functionability to provide routing/acl/qos and other features, but in your case you are working in a colapsed environmet (core+distribution). Your topology is small, so in this case, colapsed environment is a good choice, still with all routing on this layer.
Internet: send everything to your firewall and control it trough firewall rules and nats. Dont forget to trace a route back from your firewall to your core for your internal networks.

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎11-04-2019 07:40 AM

Hi @JB-TX 

 

I would recommend that the CORE switch route the networks of your LAN, because that will avoid flooding the network with packets of routing protocols, between the switches.
In addition, you will prevent packets from different VLANs joining in a single VLAN.

 

Regards

Go to solution
JB-TX
Level 1
Level 1
In response to luis_cordova

‎11-04-2019 07:56 AM

Thanks for the response so to go into some more detail. Core switch and all 3 access switches are Layer 3 switches. Core switch has the physical interfaces for the servers on our network.

 

So it sound me to what your suggesting (trying to simplify it), don't use the WAN vLAN for routing all access switches to the core, but route each vlan to the core's vlan interface for their respected network? Then from the Core route any internet traffic from the core to the ASA on it's on VLAN?

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎11-04-2019 07:55 AM - edited ‎11-04-2019 07:57 AM

In according Cisco's best practices.

L3 connection between access > distribution and core it is a good option. Because your vlans will be managed locally on each device.
Routing: Distribution layer has functionability to provide routing/acl/qos and other features, but in your case you are working in a colapsed environmet (core+distribution). Your topology is small, so in this case, colapsed environment is a good choice, still with all routing on this layer.
Internet: send everything to your firewall and control it trough firewall rules and nats. Dont forget to trace a route back from your firewall to your core for your internal networks.

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card