Backbone configuration

[drewdown]

This is more of a concept question than anything. I have a demo environment setup and right now its just a physical subnet. Gi1/0/3 on the core layer 3 switch is configured as a physical interface with an IP address of 172.23.16.5 and running OSPF.

Could I create a vlan on the core switch, give it an ip address of 172.23.16.5 and simply make gi1/0/3 a member of that vlan? And be done with it? I ask because I set up the network this way so that 172.23.16.0/24 would be a backbone network, but quickly realized that if I wanted to put devices on that network I would have to seperate them physically, which I don't want to do. Would rather be able to vlan everything.

 

[burtsbees]

Why do you want 2 firewalls on the same vlan? Not sure what you wanna do here...but to answer your question, yes.

Burt

 

[drewdown]

They would be for redundant internet lines. IE if FW-A goes down then traffic would flow out of FW-B.

Should it be configured another way?

 

[Alterac]

HSRP on the Firewalls would be best as long as you are not hosting anything inside your network.

----------------------------------
Bill

 

[baddos]

You probably don't want to do that as having 2 distinct firewalls can bring up security and/or other issues.

You want a firewall that can be in say a cluster or failover type situation. This way the configurations can be synchronzied immediately and not leave potentional vulnerabilities by configuring fw1 one way and fw2 another.

 

[burtsbees]

I would also think that the firewalls would be on two different vlans...

Burt