Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
5
Helpful
4
Replies

Router Connectivity

snarayanaraju
Level 4
Level 4

‎04-08-2010 08:02 AM - edited ‎03-04-2019 08:04 AM

Dear Experts,

It is a design related query. Please find the attached Diagram.

I have 2 firewall & 2 Routers & 2 Switches to be operated in redundancy.

My customer is asking connected the cables and configure the setup as shown in the diagram marked with yellow colour. Now to achieve this I have used a Layer 2 switch to connect the cables between Firewall and Router and another Layer 2 switch to connect the cables between the firewall and Switches.

Is this is a best practice and only option to connect the Devices in this fashion (as shown as Yellow colour in the Diagram attached). Wont it bring the latency or Single point of failure??

Expecting your help in clarifying this concept

sairam

Labels:
Preview file
71 KB
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎04-08-2010 08:11 AM

Sairam-

I think a better way would to be use the (2) layer 2 switches as a redundant pair and create two vlans; one for firewall to router and another for firewall to switches. This will eliminate a single point of failure and still provde enough switching for both areas.

Hope it helps.

snarayanaraju
Level 4
Level 4
In response to Collin Clark

‎04-09-2010 12:16 AM

Hi Clark,

Thanks for your reply. Is this the best Industry practice? I am not able to gather information on the other Datacenter setup..how this wiring is been made and how they are using.

Thanks in advance

sairam

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to snarayanaraju

‎04-09-2010 06:15 AM

If you want to design according to Cisco, you'll be putting in 4 switches. You can find Cisco design guides by searching for "solution reference design guide".

0 Helpful

shailesh.h
Level 1
Level 1
In response to snarayanaraju

‎04-09-2010 08:04 AM

1..I also agree with Colin but VLAN should be non-routable (no ip address to configure VLAN interfaces of the switch.

2. You may free to user the existing switch you your security policy advise for Layer-3 seperation

3. If your policy states that internal network and external network should have Layer-1,2,3 seperation then you have to deploy additional switches between router and firewall. (this is best practice as well)

Best practice depends on your organization security policies...

Hope this clarifies you.

With regards,

Shailesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card