Unfortunately, I'm not in a position where I can configure and test because I don't have a test environment. So I have to get as much right as possible so that the router is plug and play.
Here's what I have to work with:
Cisco 2821 router
2 imbedded GigabitEthernet ports (G0/0-G0/1)
4 port Etherswitch HWIC (fa0/0/0-fa0/0/3)
Here's what I need to do:
Replace old layer 3 switch managed by ISP
Connect switch trunk port on 2821 to ISP router
Connect VLAN 360 to LAN switch
Connect VLAN 560 to Sonicwall
If I am correct, the imbedded GE ports aren't needed as they aren't vlan capable and I can do what I need to do with just the Etherswitch module. Here's my config so far:
vlan database vlan 1 vlan 360 vlan 560
int vlan 1
description OPS_LAN ip address 18.104.22.168 255.255.255.0
int vlan 360 description MPLS_WAN ip address 192.168.1.2 !--insert voice qos policy here
!--Trunk port out to ISP router int fa0/0/0 switchport trunk encapsulation dot1q switchport mode trunk switchport access vlan 360, 560
!--This is the public Internet to the Sonicwall device int fa0/0/1 description TO_FIREWALL_UNTRUSTED no shutdown switchport access vlan 560
!--This is trusted MPLS_WAN traffic to our LAN int fa0/0/2 description TO_LAN no shutdow
!--Lets assume all my routes are correct
ip route 0.0.0.0 0.0.0.0 <sonicwall ip address>
I don't manage either the LAN switch or the Sonicwall. The Sonicwall is managed by a 3rd party, but I'll assume that the configuration can stay the same. The Dell switch I assume is an unmanaged "dumb" switch so nothing needs to be done on that end. Does this look okay?
Guis, thanks for the reply. I have all the routes that I need to the Internet gateway on the provider side. It's a crap-ton of routes, that's why I omitted them. The big concern I had is the communication between the hwic switch, the Sonicwall and the unmanaged L2 switch.
int vlan 1 description OPS_LAN ip address 22.214.171.124 255.255.255.0 no shut
int vlan 360 description MPLS_WAN ip address 192.168.1.2 service-policy output voiceqos no shut
!--Trunk port out to ISP router int fa0/0/0 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast
!--This is the public Internet to the Sonicwall device int fa0/0/1 description TO_FIREWALL_UNTRuSTED no shutdown switchport access vlan 560
!--This is trusted MPLS_WAN traffic to our LAN int fa0/0/2 description TO_LAN no shutdown
The only thing I'm not sure about is how vlan 560 will behave. It's defined on the ISP router on the other end of the trunk. Hopefully our router knows to send the outbound ecapsulated traffic to the trunk port.