Solved

VLAN PIX 515E version 7 vs Layer 3 switch

Posted on 2006-06-09
1
745 Views
Last Modified: 2012-08-13
Hi, we are planning to deploy 2 VLAN's in our company.
One VLAN for our normal dekstop/server envoirement and one for the machines we sell and build.
In conjunction to my other post (http://www.experts-exchange.com/Hardware/Routers/Q_21873510.html)
i would like to know some more about the PIX version 7 against a layer 3 switch.
As talked about earlyer, layer 3 switches are somewhat more expensive then a memory expension and updating the software on the pix.

A pix OS7 can route between 2 virtual networks, a dmz and the internet.
When the VLAN's have the same security level the traffic can be routed between them i learned.

But what can a layer 3 switch mean for a company? Currently we have a relativly new PBX/Phone system and i don't see a VOIP in the next 5 years or maybe more. maybe there will be an expansion on the PBX to our branch office that allows VOIP over our VPN tunnel, but it wont go any further than that

With the access-lists used in a pix i guess one could set the same rules as i did earlyer for dmz and internet access.
What is different in that view?

i understand the pix isnt't build for inter-vlan routing on large scale, so its speed would be lower than on a router/layer3 switch. it also doenst have traffic prior and so.

What can a layer 3 switch mean in a company network with 2 VLAN's / Subnets?
Furthermore, when one would use a layer3 switch,  it acts like a router..
so does the gateway of an endstations also need to point to the address of that switch?



We are now about to buy 3 (3com) switches to make a another 150 ports managed / vlan ready.
the new 3com 4500 family (layer 3) has a nice price against the Superstack 3 Switch 4200 layer 2 family.

3com 4500 50 port - 3cr17562-91 (costs 658 euro)
(layer 3, 8 stackable, 2x GB, 2x SFP, QOS, 8 priority ques, 256 vlan, IEEE 802.1X User login Security)

3com 4250T 50 port - 3c17302 (costs 525 euro)
(layer 2, 4 stackable, 2x GB, 2x SFP, QOS, 2 priority ques, 60 vlan)

using the memory expension and the new OS7 for the pix we can achieve vlan routing.
With 3 50-ports switches would be ready to deploy,  won't we!?
0
Comment
Question by:Rick
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 16871117
>when one would use a layer3 switch,  it acts like a router..so does the gateway of an endstations also need to point to the address of that switch?
Yes. The end stations point to the respective VLAN interface of the switch, the switch points its default gateway to the PIX.

>using the memory expension and the new OS7 for the pix we can achieve vlan routing.
you don't even need the memory upgrade if all you have is a Restricted license

The primary differences between using a l3 switch and the PIX for routing is that the PIX will provide a security barrier between you test/build vlan and your internal network and inspects every packet going across. A L3 switch will be much much faster because it routes flows without inspecting packets. If you need security access-lists between the two vlans, then go with the PIX in the middle. If you need primarily speed and simple broadcast boundaries, then go with L3 switch.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now