Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VLAN PIX 515E version 7 vs Layer 3 switch

Posted on 2006-06-09
1
Medium Priority
?
766 Views
Last Modified: 2012-08-13
Hi, we are planning to deploy 2 VLAN's in our company.
One VLAN for our normal dekstop/server envoirement and one for the machines we sell and build.
In conjunction to my other post (http://www.experts-exchange.com/Hardware/Routers/Q_21873510.html)
i would like to know some more about the PIX version 7 against a layer 3 switch.
As talked about earlyer, layer 3 switches are somewhat more expensive then a memory expension and updating the software on the pix.

A pix OS7 can route between 2 virtual networks, a dmz and the internet.
When the VLAN's have the same security level the traffic can be routed between them i learned.

But what can a layer 3 switch mean for a company? Currently we have a relativly new PBX/Phone system and i don't see a VOIP in the next 5 years or maybe more. maybe there will be an expansion on the PBX to our branch office that allows VOIP over our VPN tunnel, but it wont go any further than that

With the access-lists used in a pix i guess one could set the same rules as i did earlyer for dmz and internet access.
What is different in that view?

i understand the pix isnt't build for inter-vlan routing on large scale, so its speed would be lower than on a router/layer3 switch. it also doenst have traffic prior and so.

What can a layer 3 switch mean in a company network with 2 VLAN's / Subnets?
Furthermore, when one would use a layer3 switch,  it acts like a router..
so does the gateway of an endstations also need to point to the address of that switch?



We are now about to buy 3 (3com) switches to make a another 150 ports managed / vlan ready.
the new 3com 4500 family (layer 3) has a nice price against the Superstack 3 Switch 4200 layer 2 family.

3com 4500 50 port - 3cr17562-91 (costs 658 euro)
(layer 3, 8 stackable, 2x GB, 2x SFP, QOS, 8 priority ques, 256 vlan, IEEE 802.1X User login Security)

3com 4250T 50 port - 3c17302 (costs 525 euro)
(layer 2, 4 stackable, 2x GB, 2x SFP, QOS, 2 priority ques, 60 vlan)

using the memory expension and the new OS7 for the pix we can achieve vlan routing.
With 3 50-ports switches would be ready to deploy,  won't we!?
0
Comment
Question by:Rick
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 16871117
>when one would use a layer3 switch,  it acts like a router..so does the gateway of an endstations also need to point to the address of that switch?
Yes. The end stations point to the respective VLAN interface of the switch, the switch points its default gateway to the PIX.

>using the memory expension and the new OS7 for the pix we can achieve vlan routing.
you don't even need the memory upgrade if all you have is a Restricted license

The primary differences between using a l3 switch and the PIX for routing is that the PIX will provide a security barrier between you test/build vlan and your internal network and inspects every packet going across. A L3 switch will be much much faster because it routes flows without inspecting packets. If you need security access-lists between the two vlans, then go with the PIX in the middle. If you need primarily speed and simple broadcast boundaries, then go with L3 switch.

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question