2

I am trying to make a simple network architecture for a small company.

One of the sites is built of a firewall (to create a DMZ, to make the VPN between the sites) and three switches, like in link below.

enter image description here

There are workstations connected to each of the switches. It is a VLAN-based network. Employees obtain their addresses with DHCP server. The company has got also another site, connected with a VPN/IPSec tunnel.

My question is, would it be reasonable to use a layer 3 Switch as SW3? I would then configure the DHCP server and routing inside the site on SW3, leaving ASA for things related with DMZ and VPN.

Or do you think using a layer 2 switch will be enough as SW3, and make all the routing and DHCP configurations on ASA?

Thank you for every answer. I am just afraid it is not worth it doing it with layer 3 switch and a firewall. If you know some literature about creating an architecture I would appreciate.

tombull89
  • 2,964
  • 8
  • 41
  • 52
Justine
  • 35
  • 1
  • 4

1 Answers1

1

List pros and cons for both scenarios and decide. Only you can know which option is best as you know what your environment requirements are. I will start :

With Layer 3 switch

  • Less load on the ASA
  • ASA only deals with external traffic
  • all LAN subnets are contained withing the switches.

Without Layer 3 switch

  • No need to buy layer 3 switch
  • All of the internal network is exposed to ASA
  • You can filter internal traffic using ASA if needed.

etc..

Andrey
  • 558
  • 2
  • 8
  • Yes, this is in general the thing I am considering, that there are pros for both approaches. I only was not sure if in general it is worth being considered. Thank you for ensuring! – Justine Nov 09 '11 at 14:10
  • If you have heavy inter-vLAN traffic you should more heavily consider the L3 Switch design as the ASA will quickly become a bottleneck. If this is not the case without the L3 Switch would be simpler and cheaper. – Chris S Nov 10 '11 at 13:40