Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

config help needed; 3550 routing to internet

Status
Not open for further replies.
meneerB

meneerB

IS-IT--Management
Oct 4, 2005
311
NL
I want to use a spare 3550, only for routing to the internet.
our provider has a fiber connected to a switch, from which we can use 1 interface.

because it's only a 10mb line, is a L3 switch enough instead of a dedicated router?
so, like this:
fast0/1 vlan 10 'internet'
fast0/2 vlan 20 firewall corp network
fast0/3 vlan 20 linksys router for a test network
fast0/4 vlan 20 linksys router for guest internet

okay, settingup routing between these 2 vlans is easy, but:

now, I've red somewhere -a while ago- that if I want to use a cisco like that, that I should implement some security against hackers etc.

1. what and how..?
2. and what is good way to manage the switch?

thanks!
 
Sort by date Sort by votes
The layer 3 switch is enough as a border router (although a very expensive one), however it is not enough as a security device. You will need a stateful firewall behind it like an ASA or PIX (if you wish to stay Cisco).

Otherwise, do not use this...it would be better if you used a border internet router with a firewall feature set if you only want to use one device. Typically Layer 3 switches would be used on the inside behind your firewall meneer.

I hope this is helpful.
HH

Real trouble call:
Customer: "I have a huge problem. A friend has put a screensaver on my computer, but every time I move the mouse, it disappears!"
 
Upvote 0 Downvote
HungryHouse,

Absolutely, the 3550 is only used for routing, not for any security at all.
Firewalls are behind fast 0/2, 3 and 4

I agree its expensive, but we have a few on stock, with inline power:))

What to do about attacks on the fast0/1?
If I want to route to subnets, 0/1 should have an IP.
What basic countermeasures should I have?
 
Upvote 0 Downvote
3550 doesn't do nat from what i recall.. Unless there is an image there that provides it (couldn't find one last time... ) ..

you will need a L3 switch that CAN do NAT if you are planning to use more than one machine online...


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
imbadatthis,

I don't require NAT. I've /25 block of ip addresses available.
Any other thoughts?

thanks
 
Upvote 0 Downvote
aside from being jealous no



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
407
Jared R
Jared R
Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
225
Pankaj88
Pankaj88
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
302
Luzbel
Luzbel
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
534
BIS
BIS
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
395
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top