Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
3
Replies

Cisco Catalyst 3560-CX as core switch/router on a flat network

Nasos Ergot
Beginner
Beginner

‎09-17-2018 07:27 AM - edited ‎03-05-2019 10:55 AM

Hi all,

 

We are in the process of replacing a very old core router that works as the network's default gateway:

 

current.PNG

 

network: 10.1.0.0/16 (flat, no VLANs)

ASA SSL VPN remotepool: 172.1.1.0/24

 

All the router does here is be the default gateway for the network and send all traffic out to the firewall with a static route (it used to route to remote sites too). That includes the SSL VPN remotepool subnet:

 

ip route 0.0.0.0 0.0.0.0 ASAinsideipaddr

ip route 172.1.1.0 255.255.255.0 ASAinsideipaddr

 

So I've been thinking of replacing the router with two layer 3 switches for redundancy and future-proofness:

 

plan.PNG

 

And just realised i'm a but rusty with layer 3 switch routing.

Now my question is, if i configure these switch ports as routed ports they cannot belong to the same network, correct?

I would have to configure a single VLAN 1 on the switch for the 10.1.0.0/16 subnet but would i also have to tag the ports as belonging in VLAN1 or simply add a default route to the firewall's interface? How would this work? If all ports are switch ports and the VLAN is in the 10.1.0.0/16 subnet then i would only need to add a single static route to send remotepool traffic out to the ASA's inside interface?

 

These LAN connections would be connecting to a HPE switch stack so RSTP would also be needed.

 

Which makes me think, is it worth using the ASAs as the default gateway instead for now to simplify things and look to buy layer 3 switches only if we decide to split the network into VLANs? The userbase is somewhere between 100-150 users.

 

In which case, is there anything i should be aware of when using the ASA as the network's default gateway? I assume the ASA would not need any additional routing done to connect the inside interface 10.1.0.x/16 to the remotepool clients.

Labels:
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎09-17-2018 08:44 AM - edited ‎09-17-2018 08:54 AM

Hello

you don’t really need to use hrsp depending switch type you can just use say  two stackable 2960x for example in a stack with a default route pointing to the asa HA 

 

I am assuming the Asa’s are HA failover and as such just have each individual asa inside interfaces (and outside if applicable -in different L2 vlan access ports) attach to either one of the physical switches in this stack - HA failover will do the rest.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul