vlan's and redundant ports

akblackwel · ‎06-07-2013

I have a limited understanding of vlans and wanted some clairification on a config I'm trying to set up.

As an added bonus, I wanted to ask about redundant wan connections.

Our datacenter provider is providing us with 10 Mbps Base Commit delivered on redundant 1000base-T ports. For fierwall and switching I have a cisco asa 5510 and a WS-C2960G-48TC-L.

I do not have the security plus license so I have to put the switch first to connect to the wan ports and then the asa. This is what I believe it will look like.

WAN1-\

VLAN1 (2960 ports 1, 2, 3) --- port 3 out to ASA 5510 outside interface

WAN2-/

From some stuff I read, spanning tree should handle redundant ports? Is there anything else I need to know or do?

Then I have a DMZ set up in the ASA 5510. So I want to set up a vlan for the 2 servers I have in the DMZ zone

ASA5510 DMZ -- VLAN2 (2960 ports 4,5,6) -- Ports 5 and 6 to DMZ servers

All the other ports dont need to be in a VLAN, or I need to set up all the other ports in a 3rd vlan?

Thanks in advance for anyones comments.

mfurnival · ‎06-07-2013

Hi,

I am not sure what you mean about spanning tree handling redundant ports. From your description it looks as if you are just using your 2960 to increase port density on the WAN side. If this is true you don't really need to worry about spanning tree as this only really comes into play when you interconnect switches.

I think good practice would be to create 2 VLANs (say 10 and 20) and use one for your WAN ports and one for your DMZ. It is good practice to not use VLAN1 - assign unused ports to it and put it in the admin down state.