Adding one more cat2960 switch

modelman100 · ‎04-09-2017

I have situation like this, one cat2960 24 ports switch is connected directly to asa5505 on port ga0/0 and that is inside network. Other ga0/1 port on asa5505 is connected to router and its outside network. All computers have internet and that is working fine and now we should extend the network and add one more switch (cat2960 24 ports). What is the best way to connect other switch ? Should I connect directly to asa5505 on the port ga0/2 or connect to other switch and make trunk ports on both switch ? I accept all suggestions ? :)

Julio E. Moisa · ‎04-09-2017

Hi

If you are using 1 firewall and 1 switch without redundancy you have 2 point of failure, if one of these device is down the entire Internet access and services will be down.

I recommend to have at least 2 firewall (they received the internet as well) in order to avoid downtime. But based on your scheme, you could you connect other switch to firewall in order to avoid other point of failure that will be the first 2960 switch.

Le me share a example, the first picture is based on your topology, on this scheme you will redistribute the vlans through two uplinks, I dont suggest to cascade more of 2 switches. and we have suggestion that can be used in a future with other switches models like 3750, 3650 or 3850, on this second option the firewall will work like active and standby.

Please rate the comment if it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

modelman100 · ‎04-09-2017

Yes, I will connect only one more switch and that would be total of two switch and one firewall. Later we should add one more firewall. Thanks for suggestion

Julio E. Moisa · ‎04-09-2017

Hi

It was a pleasure, have a good day

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<