Folks, I'll try to keep this as organized as possible. After lurking the board, I've yet to find any posts that address this exact question.
Requirements:
Connect a Catalyst 3560C (8 port) switch to our metro fiber ethernet handoff. Goal would be moving away from the 'daisy chain' configuration that currently exists. I want to make sure that there's separation and no host device is dependant upon an upstream network should there be a failure, or schedued maintenace, etc.
Hosts connecting on public IP's to the Catalyst 3560:
ASA 5512x
Edgemark 4502 (VOIP router)
ASA 5505 (config Test network)
Test Server
Other Notes/thoughts/assumptions:
There's no publicly accessible IP on this switch, it's accessed internally.
Goal is to treat this switch like a DMZ
Has to connect to Ethernet handoff via Layer 2.
I have 5 public IP's allocated on a 255.255.255.248 subnet.
Wasnt sure if I needed 'ip route 0.0.0.0 0.0.0.0 [gateway IP address]' However there's going to have to be some default, not sure how to approach.
Wasnt sure if there's a need for switchport mode vlan [#] & switchport mode access
I'd like to say flat out that any direction or configuration advice would be greatly appreciated. Thank you,
Here's the config:
Current configuration : 3931 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TWFiberLink
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxx.
!
username XXXXXX privilege 15 secret xxxxxx
!
!
no aaa new-model
system mtu routing 1500
!
!
no ip domain-lookup
!
!
crypto pki trustpoint TP-self-signed-962718592
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-962718592
revocation-check none
rsakeypair TP-self-signed-962718592
!
!
crypto pki certificate chain TP-self-signed-962718592
certificate self-signed 01
xxxxxxxxxx
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 28
!
interface GigabitEthernet0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 22
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 23
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 24
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 25
switchport mode access
!
interface GigabitEthernet0/8
description Management interface for ethernet handoff
switchport access vlan 29
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface Vlan1
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan20
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan21
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan22
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan23
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan24
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan25
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan26
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan28
no ip address
no ip route-cache
no ip mroute-cache
!
interface Vlan29
description Management access to Ethernet handoff 3560 switch
ip address 10.50.150.2 255.255.255.254
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
snmp-server community XXXXX! RO
!
!
line con 0
privilege level 15
logging synchronous
login local
line vty 0 4
privilege level 15
logging synchronous
login local
line vty 5 15
login
!
end