11-10-2011 07:29 AM
I am looking to create two default routes on an SGE.
I will be setting up a network in which two organizations will be sharing a common infrastructure and phone system but need to maintain separate data and servers.
I will create three VLANs: Company A, Company B, and Voice VLAN. I will also put in ACLs to allow traffic between each organization and the voice but restricting traffic between the organizations.
Clearly, each company will need a default route out to their firewall. Will the SGE switches support two default routes? Both VLANs would attempt the one with the lowest cost first, but the one company would get blocked due to the ACL and would try the next higher cost default route.
Any thoughts? Does the SGE support multiple default routes?
11-10-2011 01:08 PM
Hi Adam,
Sound like the switch should be in Layer 2 mode, with two user VLANs with a interface in each VLAN connected to two seperate Firewalls.
Easily achieved on the SGE2000 or even the very capable 300 series switch product.
My train of twisted thought makes me think, in a router, with dual WAN, you can have two default routes, depending on the router, it starts to perform equal cost multipath routing between the two WAN interfaces, if the route costs are equal. If there routes are not equal then the higher cost route is not used.
Usually, a dual port WAN in a router can support policy based routing, so that one subnet can go out to one firewall and the other subnet can be policy routed through a different interface to another firewall. that's what i think you are trying to achieve.
The SGE2XXX switch want to have one default route not two. I just can't recall seeing policy based routing on the SFE/SGE.
I think, if you could squeeze two default routes into the SGE2000, we would have a situation of equal cost multipath routing between the two WAN interfaces which usually ends up as a round robin . Not what you want.
Why not just leave the switch in Layer two mode with four VLANs configured,
Have a untagged port on each data vlan connected to the Firewall device that also performs some sort of DHCP functionality and gateway functionality for the VLAN members..
Yep use the ACL functionality to restrict any potential routing between data vlans, if that is what you want.
just my 2 cents worth
regards Dave.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide