VLAN PIX 515E version 7 vs Layer 3 switch

Hi, we are planning to deploy 2 VLAN's in our company.
One VLAN for our normal dekstop/server envoirement and one for the machines we sell and build.
In conjunction to my other post (http://www.experts-exchange.com/Hardware/Routers/Q_21873510.html)
i would like to know some more about the PIX version 7 against a layer 3 switch.
As talked about earlyer, layer 3 switches are somewhat more expensive then a memory expension and updating the software on the pix.

A pix OS7 can route between 2 virtual networks, a dmz and the internet.
When the VLAN's have the same security level the traffic can be routed between them i learned.

But what can a layer 3 switch mean for a company? Currently we have a relativly new PBX/Phone system and i don't see a VOIP in the next 5 years or maybe more. maybe there will be an expansion on the PBX to our branch office that allows VOIP over our VPN tunnel, but it wont go any further than that

With the access-lists used in a pix i guess one could set the same rules as i did earlyer for dmz and internet access.
What is different in that view?

i understand the pix isnt't build for inter-vlan routing on large scale, so its speed would be lower than on a router/layer3 switch. it also doenst have traffic prior and so.

What can a layer 3 switch mean in a company network with 2 VLAN's / Subnets?
Furthermore, when one would use a layer3 switch,  it acts like a router..
so does the gateway of an endstations also need to point to the address of that switch?



We are now about to buy 3 (3com) switches to make a another 150 ports managed / vlan ready.
the new 3com 4500 family (layer 3) has a nice price against the Superstack 3 Switch 4200 layer 2 family.

3com 4500 50 port - 3cr17562-91 (costs 658 euro)
(layer 3, 8 stackable, 2x GB, 2x SFP, QOS, 8 priority ques, 256 vlan, IEEE 802.1X User login Security)

3com 4250T 50 port - 3c17302 (costs 525 euro)
(layer 2, 4 stackable, 2x GB, 2x SFP, QOS, 2 priority ques, 60 vlan)

using the memory expension and the new OS7 for the pix we can achieve vlan routing.
With 3 50-ports switches would be ready to deploy,  won't we!?
RickAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
>when one would use a layer3 switch,  it acts like a router..so does the gateway of an endstations also need to point to the address of that switch?
Yes. The end stations point to the respective VLAN interface of the switch, the switch points its default gateway to the PIX.

>using the memory expension and the new OS7 for the pix we can achieve vlan routing.
you don't even need the memory upgrade if all you have is a Restricted license

The primary differences between using a l3 switch and the PIX for routing is that the PIX will provide a security barrier between you test/build vlan and your internal network and inspects every packet going across. A L3 switch will be much much faster because it routes flows without inspecting packets. If you need security access-lists between the two vlans, then go with the PIX in the middle. If you need primarily speed and simple broadcast boundaries, then go with L3 switch.

0
All Courses

From novice to tech pro — start learning today.