Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
891
Views
0
Helpful
3
Replies

Is Cisco Firepower 2110 impact my entire VLAN?

tmq626
Level 1
Level 1

‎03-11-2020 06:16 PM

Hello experts. I am really not a network guru, so please bear with me. I am currently using 4x Cisco 4948E-E switches for 4 cabinets. These switches are on same VLAN. I think these switches are running as Layer2.

---

C4948E#sh ver

Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 15.1(2)SG7, RELEASE SOFTWARE (fc1)

---

C4948E#sh running-config

interface GigabitEthernet1/1

switchport access vlan 250

switchport mode access

spanning-tree portfast

 

interface TenGigabitEthernet1/49

switchport trunk allowed vlan 250

switchport mode trunk

---

I am considering to buy Cisco Firepower 2110 to use for some of my servers but I am not sure if this hardware firewall impact my entire VLAN or all servers. Some of my servers will be connected to Cisco Firepower 2110 then the uplink port of Firepower 2110 will be connected to one switch port of Cisco 4948E.

I have talked to a network engineer at the data center and he said that: "Depends on the overall configuration. Devices will cause issues if they do not interact with spanning-tree properly so they either need to set this up to only be a layer3 network on each port or have it properly negotiating with pvst using a high bridge priority."

 

I am currently having a Cisco 2901 connected to my switch 4948E and there is no network issues. I am not sure if this Cisco Firepower 2110 will cause any network issues for all of my servers or my entire VLAN....What do you guys think?

 

Thank You!

Tom

Labels:
0 Helpful
3 Replies 3

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎03-11-2020 09:09 PM

Hi,

 

Whats your objective about connecting all the vlans directly to firewall ? It seems you want to protect the traffic between the firewalls ?

 

 

You cannot connect two servers using same network address to different ports in a firewall if firewall is configured in Routed Mode.

 

Firewall can be configured in transparrent mode but need to understand your objective.

0 Helpful

tmq626
Level 1
Level 1
In response to Muhammad Awais Khan

‎03-11-2020 09:18 PM

I am just want to use Cisco Firepower 2110 to protect some servers, but I am worry it will cause network issues such as high packet loss, disconnections, etc for all servers on my vlan.

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to tmq626

‎03-11-2020 10:43 PM

Hi,

 

Firewall will not cause any issues to your VLAN, infact it will provide you protection especially if you have lot of traffic comming from Internet :) 

 

If you are looking to have protection from outside, then i would suggest you following.

 

- Keep all server connections as it is on the switch,

- make new connection from the switch to firewall and part of the same VLAN as of servers and this firewall interface will be the default gateway of your servers.

- make new connection and layer 3 subnet between Router and the Firewall.

- configure appropriate policies and enable IPS rules for the inbound traffic to the servers.

 

if you are not from your networking background then your Network Engineer will understand it.

0 Helpful
Customers Also Viewed These Support Documents