I am looking to create two default routes on an SGE.
I will be setting up a network in which two organizations will be sharing a common infrastructure and phone system but need to maintain separate data and servers.
I will create three VLANs: Company A, Company B, and Voice VLAN. I will also put in ACLs to allow traffic between each organization and the voice but restricting traffic between the organizations.
Clearly, each company will need a default route out to their firewall. Will the SGE switches support two default routes? Both VLANs would attempt the one with the lowest cost first, but the one company would get blocked due to the ACL and would try the next higher cost default route.
Any thoughts? Does the SGE support multiple default routes?
Sound like the switch should be in Layer 2 mode, with two user VLANs with a interface in each VLAN connected to two seperate Firewalls.
Easily achieved on the SGE2000 or even the very capable 300 series switch product.
My train of twisted thought makes me think, in a router, with dual WAN, you can have two default routes, depending on the router, it starts to perform equal cost multipath routing between the two WAN interfaces, if the route costs are equal. If there routes are not equal then the higher cost route is not used.
Usually, a dual port WAN in a router can support policy based routing, so that one subnet can go out to one firewall and the other subnet can be policy routed through a different interface to another firewall. that's what i think you are trying to achieve.
The SGE2XXX switch want to have one default route not two. I just can't recall seeing policy based routing on the SFE/SGE.
I think, if you could squeeze two default routes into the SGE2000, we would have a situation of equal cost multipath routing between the two WAN interfaces which usually ends up as a round robin . Not what you want.
Why not just leave the switch in Layer two mode with four VLANs configured,
VLAN1 admin VLAN for you to administer the network.
VLAN2 company A data VLAN
VLAN3 company B data VLAN
VLAN3 Voice VLAN
Have a untagged port on each data vlan connected to the Firewall device that also performs some sort of DHCP functionality and gateway functionality for the VLAN members..
Yep use the ACL functionality to restrict any potential routing between data vlans, if that is what you want.
SFP Module Support List for RV160x and RV260x Devices
Small form-factor pluggable (SFP) ports are included on the RV160 and 260 routers to allow the use of optical SFP transceiver modules. SFP’s convert the optical signals to electrical signals. SFP’s al...
Cisco is excited to offer its San Jose customers a unique opportunity to join us at Cisco headquarters for a design thinking workshop. This exclusive gathering, of no more than 20 people, is designed for an immersive interactive one-day session bet...
Welcome and thanks for visiting the Small Business Community Newsletter. This is our first of what we will make a monthly newsletter where you will be provided information on New products and trends, What’s ...
Hello @All ,
I am Bhuvi Chopra, a product manager on the Cisco Business (formerly SBTG) Team.
Cisco Business is excited to offer its San Jose customers a unique opportunity to join us at Cisco headquarters for a design thinki...
Join us on Thursday, November 14 at 10:00 am PT to learn more about how Cisco is empowering small business. From connectivity to cloud applications, networking plays a crucial role in every business journey. Cisco Business offers simple-to-deploy, fl...