cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

152
Views
0
Helpful
3
Replies
Highlighted
Beginner

WAN AGGREGATION SWITCH DESIGN WITH FIREWALL

Dear community,

 

I have two ISP wan connections that need to terminate in a layer three switch. How can i use vlans to separate the connections terminating in the wan switch? I have i firewall that needs to be connected to this wan switch. How can i design this?what vlans do i need to create and how do I route them to the firewall? 

Any example of deployment in this scenario would be helpful.

 

Thanks

Isaac.

3 REPLIES 3
VIP Expert

Re: WAN AGGREGATION SWITCH DESIGN WITH FIREWALL

Hi,

Are these Internet facing ISPs?

What type of switch do you have?

The providers usually don't use vlans. They use layer-3 point-to-point link. Most switches support routed layer-3 links. So, you can simply use a /30 per provider and establish 2 peering.

HTH

 

Beginner

Re: WAN AGGREGATION SWITCH DESIGN WITH FIREWALL

Hi Reza,

 

The links from ISP are the internet facing links. I have layer 3 switches i.e 3560's. I have seen a situation where the wan aggregation switch is segmented with vlans then traffic redirected to firewall,thats what i want to learn, why they do that.

 

Thanks for your response.

 

Regards,

Isaac.

VIP Expert

Re: WAN AGGREGATION SWITCH DESIGN WITH FIREWALL

Hi,

Usually that is the case when the provider provide you the public IP and they are your default gateway on the same segment. 

So, a couple of questions:

Are you planning to use NAT, if yes, the 3560 series switches do not support NAT. You need a router to do that.

Do you have your own public IP segment or the provider is providing that too you? 

HTH

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards