Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
3
Replies

Trying to route voice traffic over WAN and data traffic out local firewall...

ChuckHaynes
Level 3
Level 3

‎02-15-2015 10:39 AM - edited ‎03-05-2019 12:48 AM

Here is the network topology:

 

Router (2811)-----Switch (3560)-----Switch (3560)-----Firewall (5505)

 

There are clients connected to both switches. Ideally, I would like to see the firewall connected to the same core switch as the router, but that isn't an option at this exact time (as this is a remote site). A new circuit was just cut over and the new router installed. The goal is to get all voice traffic routed over the router and back to the corporate WAN, while all the data traffic is routed through the local firewall and then back to the corporate firewall. Both switches are Layer 3. The router is running BGP, but it is only advertising the voice network. However, when you do a "sh bgp", you can see routes for the voice and the data vlans/subnets. This was causing all traffic to be routed over the router. At first, we tried static routes such as 10.10.0.0 and 192.168.0.0, but that wasn't specific enough. After we tightened it down to 10.10.1.0, 10.10.2.0, etc. and 192.168.1.0, 192.168.2.0, etc., we got the traffic to route correctly. However, this is more like a band-aid than an actual fix, because everytime we want to route a new subnet through the firewall (from anywhere on the WAN), we have to add the static route to the local router. I would like an opinion on the best practice for this scenario. Is there some way to exclude the data traffic from BGP? Perhaps with an ACL or some other means? Any suggestions would be greatly appreciated. Thanks.

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎02-16-2015 07:18 AM

I'm not sure I follow.

Are you saying that all traffic even from the L3 switches goes to the 2811 router first ?

Or are you saying that the 2811 redistributes BGP into an IGP which is also running on the 3560s ?

It's not clear from your description why clients in the non voice vlans would use the 2811.

Jon

0 Helpful

ChuckHaynes
Level 3
Level 3
In response to Jon Marshall

‎03-01-2015 10:15 AM

This project has been put on hold for a while. I will reply back when we are ready to move forward with it. Thanks.

0 Helpful

Andre Neethling
Level 4
Level 4

‎02-16-2015 09:49 AM

On which device are the data and voice vlans terminating? I understand where the new WAN link is terminating, and that you want to route voice traffic over that link. But how is the firewall site connecting? If it is a remote site, then surely this should be a WAN link too. it is important to know where your VLANs terminate.

0 Helpful
Customers Also Viewed These Support Documents