Removing switch out of LAN segment into router with WIC

[Jerako]

Hi Everyone,
I'm just wondering what the configuration on a Cisco 2811 would look like to remove a switch that is sitting between a pair of clustered firewalls and a Cisco 2811 FE port currently?

Looks like this currently. Firewall cluster spoofs MAC address in the event of a failure. Both firewalls patch into a SOHO switch that is than connected to the Cisco router. I figure removing another single point of failure would be optimal.

FW1 <--->SOHO switch Port1<--->Cisco2811 FE0/1
FW2 <--->SOHO switch Port2
192.168.0.1 192.168.0.2


I would like to remove the SOHO switch and connect the firewall cluster directly to the router. I've purchased and installed a 2 Port FE WIC, but not sure on where to assign an IP and get both of the ports to work together as a standard switch. Any advice would be greatly appreciated.

Thanks,
James

 

[VinceWhirlwind]

I don't think you can do a "switchport" on those WIC interfaces.

The WIC you need is an "ESW". I think you can get a 4-port one for the 2800. Or a 9-port one.

 

[stubnski]

==> Firewall cluster spoofs MAC address in the event of a failure

What are you using for a firewall and in what fail over mode? ASA in Active / Standby?

Can you setup a L3 etherchannel with HSRP on the 2811? If the FW is setup as A/S then it might work. I've only done something like this in a lab using the built-in interfaces (not on a 2811) where it worked great.