huntlee@ibm wrote:
Dear all Cisco Gurus,
I need help on quoting 4 x brand new Cisco Nexus 7000... does anyone have any sample Build of Materials in terms of part numbers and sample design since Nexus doesn't have firewalls???
Currently, the client's 6509s has the following modules:-
Mod Ports Card Type Model
--- ----- -------------------------------------- ------------------
1 6 Firewall Module WS-SVC-FWM-1
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE
3 48 CEF720 48 port 1000mb SFP WS-X6748-SFP
4 48 CEF720 48 port 1000mb SFP WS-X6748-SFP
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3B
6 2 Supervisor Engine 720 (Active) WS-SUP720-3B
7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX
Would appreciated any help. I have spent a lot of time on this but not able to get anywhere so far.
Cheers,
Hunt
Hunt
Not sure what you are asking. Are you looking to replace the above 6500 switches with 4 x Nexus 7000. And if so presumably the one thing you are having a problem with is the FWSM ?
If so there is no equivalent module for the Nexus switch. If you need firewalling but are getting rid of the 6500 switches then you will need to look at the ASA firewalls instead -
ASA comparison sheet
If you really do need the sort of throughput the FWSM provides then you will need to consider the 5580 models.
Does this answer your question ?
Edit - design wise you would have a pair of ASA 55xx firewalls connecting back to the Nexus 7000 switches and all the vlans you wanted to firewall would have their L3 interfaces on the ASAs. You can run active/active or active/standby just as on the FWSM. The ASAs also support transparent/routed mode and single/multiple context.
Depending on the number of vlan interfaces you have used on the FWSM you may need to use 802.1q trunks from the Nexus to some of the ASA interfaces.
Jon
