Re: WAN AGGREGATION SWITCH DESIGN WITH FIREWALL

isaaco001 · ‎07-22-2019

Dear community,

I have two ISP wan connections that need to terminate in a layer three switch. How can i use vlans to separate the connections terminating in the wan switch? I have i firewall that needs to be connected to this wan switch. How can i design this?what vlans do i need to create and how do I route them to the firewall?

Any example of deployment in this scenario would be helpful.

Thanks

Isaac.

Reza Sharifi · ‎07-22-2019

Hi,

Are these Internet facing ISPs?

What type of switch do you have?

The providers usually don't use vlans. They use layer-3 point-to-point link. Most switches support routed layer-3 links. So, you can simply use a /30 per provider and establish 2 peering.

HTH

isaaco001 · ‎07-23-2019

Hi Reza,

The links from ISP are the internet facing links. I have layer 3 switches i.e 3560's. I have seen a situation where the wan aggregation switch is segmented with vlans then traffic redirected to firewall,thats what i want to learn, why they do that.

Thanks for your response.

Regards,

Isaac.

Reza Sharifi · ‎07-23-2019

Hi,

Usually that is the case when the provider provide you the public IP and they are your default gateway on the same segment.

So, a couple of questions:

Are you planning to use NAT, if yes, the 3560 series switches do not support NAT. You need a router to do that.

Do you have your own public IP segment or the provider is providing that too you?

HTH