cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2192
Views
5
Helpful
3
Replies

Best Practice for Routing VLANs

JB-TX
Level 1
Level 1

Hello All,

I will be re-configuring our network here soon. I wanted to see what the best approach to routing vlans would be?

To make a simple example:

vLAN 1 - user

vLAN 2 - Server

vLAN 3 - WiFi

vLAN 4 - Inside WAN

3 Access Switches -> CORE Switch -> ASA

IP Routing (inter-vlan routing) enabled on all switches. Would it be beneficial to route all traffic to the core switch under it's specific vlan or route all traffic through one primary vlan like vLAN 4?

Thank you.

1 Accepted Solution

Accepted Solutions

Jaderson Pessoa
VIP Alumni
VIP Alumni

In according Cisco's best practices.

L3 connection between access > distribution and core it is a good option. Because your vlans will be managed locally on each device.
Routing: Distribution layer has functionability to provide routing/acl/qos and other features, but in your case you are working in a colapsed environmet (core+distribution). Your topology is small, so in this case, colapsed environment is a good choice, still with all routing on this layer.
Internet: send everything to your firewall and control it trough firewall rules and nats. Dont forget to trace a route back from your firewall to your core for your internal networks.

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

3 Replies 3

luis_cordova
VIP Alumni
VIP Alumni

Hi @JB-TX 

 

I would recommend that the CORE switch route the networks of your LAN, because that will avoid flooding the network with packets of routing protocols, between the switches.
In addition, you will prevent packets from different VLANs joining in a single VLAN.

 

Regards

Thanks for the response so to go into some more detail. Core switch and all 3 access switches are Layer 3 switches. Core switch has the physical interfaces for the servers on our network.

 

So it sound me to what your suggesting (trying to simplify it), don't use the WAN vLAN for routing all access switches to the core, but route each vlan to the core's vlan interface for their respected network? Then from the Core route any internet traffic from the core to the ASA on it's on VLAN?

Jaderson Pessoa
VIP Alumni
VIP Alumni

In according Cisco's best practices.

L3 connection between access > distribution and core it is a good option. Because your vlans will be managed locally on each device.
Routing: Distribution layer has functionability to provide routing/acl/qos and other features, but in your case you are working in a colapsed environmet (core+distribution). Your topology is small, so in this case, colapsed environment is a good choice, still with all routing on this layer.
Internet: send everything to your firewall and control it trough firewall rules and nats. Dont forget to trace a route back from your firewall to your core for your internal networks.

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***