06-23-2021 02:16 PM
Hello! I have a Cisco WS-C2960G-24TC-L switch placed outside my firewall. We already have two ISPs but we're now adding a 1Gbps Centurylink fiber link. They are requiring us to provide equipment to route a /30 on the outside to a /27 on the inside. The inside goes to my firewall. My switch isn't currently doing routing and has a single interface for management. This network is 24/7, So I have a few questions to make sure I'm doing this right and don't mess it up royally.
1. The switch currently isn't able to add ip routing. I read that I need to run "sdm prefer lanbase-routing" and reboot the switch. Are there any potential downsides to this?
2. I want to make sure I follow any security best practices. If I enable routing, I want to make sure it doesn't route any traffic through my management vlan. What routes/default gateway/ACLs would I need?
3. Is there any reason it may be better to use either a different model of switch or a second switch?
Thanks!
Andy
Solved! Go to Solution.
06-24-2021 12:12 AM
- In general switches are not good for routing , have the subsequent-vlans (for the segments) terminated at the firewall too and let that handle the routing or use a separate router on the perimeter, 'closest' to the ISP(s)
M.
06-24-2021 12:12 AM
- In general switches are not good for routing , have the subsequent-vlans (for the segments) terminated at the firewall too and let that handle the routing or use a separate router on the perimeter, 'closest' to the ISP(s)
M.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: