Layer 3 switch vs Router
-
Hello,
First off i'm really enjoying the content. I'm working my way though the first cisco class. I just finished the last video on switches.
I have the following situation at work:
we have a network with some servers and several cisco sg300 switches small business. they are layer 3 but only do static routing. We also have a Cisco ASA 5512-x as our gateway / firewall. we have two branch locations and they are connected through an MPLS connection provided by our ISP. so network 1: 10.50.0.0 / 255.255.252.0 and network 2: 10.50.4.5 /255 and network 3: 10.50.6.0 /255 here is the question:
would it be better to buy a cisco sg 500x switch that supports RIP v2 or get a Cisco Router like a isr 4331? the amount of traffic is not that large. our internet is 30 Mbit and the two MPLS connection is 15 Mbit. We would then change our default gateway to point to the new device and then have that device point to the ASA as its gateway. the advantage of buying the switch is that we could then replace an older 1oo Mbit switch. Would the switch be able to do the needed routing?
Bonus question?
Does anyone have experience with ASA's and Allworx phone's our remote phones work but we don't get sip audio.
-
Why not just enable routing on the ASA and use that? ASA's do not have impressive spec's but you state the traffic is fairly light so it seems like you should be able to use EIGRP or OSPF from the ASA.
Phil
-
Wish I could edit posts ;-) Adding a second link here.
-
Thanks for the reply
we are doing that at the moment but our Cisco guru suggested that putting in a router would improve our network topology. currently the MPLS connects before the ASA but we could always move that connection. I'm also thinking ahead. We had a Sonic wall TZ 215 that died on us and it handled routing. when we added the ASA everything worked but we noticed some strange behavior as the Cisco device was much more strict.
As it looks like we have the funding for one device which would you choose? I initially liked the Layer 3 switch idea but on second thought the router would make the network cleaner. it would also allow for some filtering of the MPLS connection as the Internet traffic doesn't need to hit the LAN it just needs to hit the ASA and the Internet.
Again very helpful.
Alan
-
I have worked in very few environments that had an actual dedicated router just for internal traffic. So given the fiscal limitation of one or the other, an L3 switch is a great choice for a small environment. Given you still have a 100 Mbps switch in the environment I would definitely look at going that direction. You have to watch pricing though as Cisco charges a pretty penny for the Advanced IP licensing on the Catalyst line. Not sure what the upcharge is on the SMB line if there is one. Pulling the ASA may improve the topology but that doesn't mean it will improve anything else. In an SMB where money is tight, concepts like "ideal" and "better" don't always have a place. Sometimes what works is the best choice you have.
Unless the ASA is overloaded, I probably would go for something more like two cheaper, L2 switches and leave the ASA doing the routing. Not quite as future proofed but the ASA 5512 went end of sale in 2013 so I'm guessing this appliance is not new. So I would get the two cheaper L2 switches and push up a plan to replace the ASA with something beefier in the next year or two depending on load and age. I would also make that upgrade to something that is purpose built as both router and firewall (unlike the ASA) like a higher end UTM appliance. Just seems like a better financial move to me.
I don't have all the details though and there are a lot of factors that can make this a bad recommendation. This is probably more useful as a point of discussion with your team than as an actual recommendation of any kind. Hope that helps.
Phil
-
Thanks for the reply; very helpful. the ASA is new as it is a 5512-x but thats just being nit picky. I will look at licenses for advanced licenses.