Solved

Layer 3 switch with stateful inspection capability

Posted on 2010-11-07
9
1,435 Views
Last Modified: 2012-05-10
Hello:

I need a layer 3 switch with all gigabit ports (48 ports) that can do stateful packet inspection between vlans.  The switch will have about 3 vlans.

This switch will be connected to a single LAN interface on the hardware firewall device and not each vlan to each firewall interface and I want the switch to do the routing/managing traffic between vlans to take advantage of the switch's gigabit speed rather than the firewall's 100 mb interface.
Do I even need a layer 3 switch in this case as all the vlans will be hosted on the same switch?

Can you recommend me a good switch make/model that's reasonably priced that is:
-layer 3
-can do stateful packet filtering between vlans on its ACLs.
-48 gigabit ports.

It doesn't need to be CIsco as I'm looking for a reasonably priced one.
0
Comment
Question by:Lindows
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 13

Assisted Solution

by:SIM50
SIM50 earned 125 total points
ID: 34081286
As far as I know Cisco 6500 series switches are the only ones who support firewall modules.
It would be cheaper to upgrade your ASA license to support 1Gb interfaces than buying 6500.
0
 

Author Comment

by:Lindows
ID: 34081562
So you're saying no switches other than Cisco 6500 can do stateful inspection?
If that's the case, then I'd need to settle for packet filtering between vlans as buying 6500 would be overkill for my case.
I'm not running ASA btw.

 
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 125 total points
ID: 34082013
Hi,

You need ASA, if you not want to buy 6500!

BEst regards,
Istvan
0
 

Author Comment

by:Lindows
ID: 34082075
Is it just the stateful packet inspection that is only capable by 6500?
Then let me rephrase my question:

I'll need a switch that is:
-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34082172
Only 6500 capable to do:

-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.
0
 
LVL 4

Accepted Solution

by:
cdowdy earned 250 total points
ID: 34083417
You might take a look at the Juniper EX4200-48T.. It is a layer 3 switch which can do static packet filtering through RVI interfaces via "Junos Firewall Filters" (Junos ACL) and has 48 gigE ports and is not a Cisco.
0
 
LVL 4

Expert Comment

by:cdowdy
ID: 34083445
Also, look at the EX3200-48T it also may meet your needs if you don't need redundant internal power supplies etc..
0
 

Author Closing Comment

by:Lindows
ID: 34090186
What about these?  These are little cheaper.

PowerConnect 5448
http://www.dell.com/us/business/p/powerconnect-5448/pd

Juniper EX2200-48T
http://www.juniper.net/us/en/products-services/switching/ex-series/ex2200/
0
 
LVL 4

Expert Comment

by:cdowdy
ID: 34093124
I have no experience with the Dell switches, so I can't say.

As far as the EX2200, I have read that there are some routing features that these do not support, although I am not sure which. Best case if you like the Juniper pricing and features, might be to contact Juniper and discuss with them what your needs today and possibly in the future may be for this switch and they can guide you. The thing is that these all run JunOS and even though the OS might support a feature, the hardware may not. The 3200 and 4200 may be slight overkill for you, but they support probably anything you will come to need in the near future.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now