1

Currently my setup has our egress uplink connected directly to an external interface on a linux router/firewall/nat gateway. Since the linux box is a single point of failure, I've since setup two openbsd boxes using carp+pf+pfsync in order to gain some additional redundancy. the problem is, I only have one egress uplink (it's still a single point of failure) but need to get it to speak to the active carp node in my openbsd cluster which will server as my new router/firewall/nat cluster.

Is there anything specific I need to do on a 3560G in order for me to be able to:

1) Drop the egress uplink into a port 2) Drop one link from the switch to a firewall 2) Drop a second link from a switch to the firewall

This is so if one box dies, the other still has the egress link to the switch.

Is putting them into one VLAN enough? Anything else that needs to go into the configuration for this setup to work?

imaginative
  • 1,971
  • 10
  • 32
  • 48

1 Answers1

1

Switches don't really have a concept of an 'egress' port -- its just MAC addresses and VLANs to the switch. There are access and trunking ports, but it doesn't sound like you are doing anything with trunking.

To answer your question, put the ports in the same vlan and you should be good to go. You may want to consider implementing a second 3560G to further eliminate points of failure at some point in the future.

Peter
  • 5,453
  • 1
  • 26
  • 32
  • The 3560G has "layer 3" capabilities, and as such can do simple ip routing. – imaginative Feb 16 '10 at 15:13
  • That is correct, if you have the correct IOS image loaded, but you didn't indicate you were doing any kind of routing. Either way, this probably doesn't change the answer I gave (unless there are more details you need to include). – Peter Feb 16 '10 at 15:44