Solved

VLAN PIX 515E version 7 vs Layer 3 switch

Posted on 2006-06-09
1
747 Views
Last Modified: 2012-08-13
Hi, we are planning to deploy 2 VLAN's in our company.
One VLAN for our normal dekstop/server envoirement and one for the machines we sell and build.
In conjunction to my other post (http://www.experts-exchange.com/Hardware/Routers/Q_21873510.html)
i would like to know some more about the PIX version 7 against a layer 3 switch.
As talked about earlyer, layer 3 switches are somewhat more expensive then a memory expension and updating the software on the pix.

A pix OS7 can route between 2 virtual networks, a dmz and the internet.
When the VLAN's have the same security level the traffic can be routed between them i learned.

But what can a layer 3 switch mean for a company? Currently we have a relativly new PBX/Phone system and i don't see a VOIP in the next 5 years or maybe more. maybe there will be an expansion on the PBX to our branch office that allows VOIP over our VPN tunnel, but it wont go any further than that

With the access-lists used in a pix i guess one could set the same rules as i did earlyer for dmz and internet access.
What is different in that view?

i understand the pix isnt't build for inter-vlan routing on large scale, so its speed would be lower than on a router/layer3 switch. it also doenst have traffic prior and so.

What can a layer 3 switch mean in a company network with 2 VLAN's / Subnets?
Furthermore, when one would use a layer3 switch,  it acts like a router..
so does the gateway of an endstations also need to point to the address of that switch?



We are now about to buy 3 (3com) switches to make a another 150 ports managed / vlan ready.
the new 3com 4500 family (layer 3) has a nice price against the Superstack 3 Switch 4200 layer 2 family.

3com 4500 50 port - 3cr17562-91 (costs 658 euro)
(layer 3, 8 stackable, 2x GB, 2x SFP, QOS, 8 priority ques, 256 vlan, IEEE 802.1X User login Security)

3com 4250T 50 port - 3c17302 (costs 525 euro)
(layer 2, 4 stackable, 2x GB, 2x SFP, QOS, 2 priority ques, 60 vlan)

using the memory expension and the new OS7 for the pix we can achieve vlan routing.
With 3 50-ports switches would be ready to deploy,  won't we!?
0
Comment
Question by:Rick
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16871117
>when one would use a layer3 switch,  it acts like a router..so does the gateway of an endstations also need to point to the address of that switch?
Yes. The end stations point to the respective VLAN interface of the switch, the switch points its default gateway to the PIX.

>using the memory expension and the new OS7 for the pix we can achieve vlan routing.
you don't even need the memory upgrade if all you have is a Restricted license

The primary differences between using a l3 switch and the PIX for routing is that the PIX will provide a security barrier between you test/build vlan and your internal network and inspects every packet going across. A L3 switch will be much much faster because it routes flows without inspecting packets. If you need security access-lists between the two vlans, then go with the PIX in the middle. If you need primarily speed and simple broadcast boundaries, then go with L3 switch.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question