Solved

Layer 3 switch with stateful inspection capability

Posted on 2010-11-07
9
1,483 Views
Last Modified: 2012-05-10
Hello:

I need a layer 3 switch with all gigabit ports (48 ports) that can do stateful packet inspection between vlans.  The switch will have about 3 vlans.

This switch will be connected to a single LAN interface on the hardware firewall device and not each vlan to each firewall interface and I want the switch to do the routing/managing traffic between vlans to take advantage of the switch's gigabit speed rather than the firewall's 100 mb interface.
Do I even need a layer 3 switch in this case as all the vlans will be hosted on the same switch?

Can you recommend me a good switch make/model that's reasonably priced that is:
-layer 3
-can do stateful packet filtering between vlans on its ACLs.
-48 gigabit ports.

It doesn't need to be CIsco as I'm looking for a reasonably priced one.
0
Comment
Question by:Lindows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 14

Assisted Solution

by:SIM50
SIM50 earned 125 total points
ID: 34081286
As far as I know Cisco 6500 series switches are the only ones who support firewall modules.
It would be cheaper to upgrade your ASA license to support 1Gb interfaces than buying 6500.
0
 

Author Comment

by:Lindows
ID: 34081562
So you're saying no switches other than Cisco 6500 can do stateful inspection?
If that's the case, then I'd need to settle for packet filtering between vlans as buying 6500 would be overkill for my case.
I'm not running ASA btw.

 
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 125 total points
ID: 34082013
Hi,

You need ASA, if you not want to buy 6500!

BEst regards,
Istvan
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Lindows
ID: 34082075
Is it just the stateful packet inspection that is only capable by 6500?
Then let me rephrase my question:

I'll need a switch that is:
-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34082172
Only 6500 capable to do:

-layer 3
-can do static packet filtering between vlans on its ACLs.
-48 gigabit ports.
0
 
LVL 4

Accepted Solution

by:
cdowdy earned 250 total points
ID: 34083417
You might take a look at the Juniper EX4200-48T.. It is a layer 3 switch which can do static packet filtering through RVI interfaces via "Junos Firewall Filters" (Junos ACL) and has 48 gigE ports and is not a Cisco.
0
 
LVL 4

Expert Comment

by:cdowdy
ID: 34083445
Also, look at the EX3200-48T it also may meet your needs if you don't need redundant internal power supplies etc..
0
 

Author Closing Comment

by:Lindows
ID: 34090186
What about these?  These are little cheaper.

PowerConnect 5448
http://www.dell.com/us/business/p/powerconnect-5448/pd

Juniper EX2200-48T
http://www.juniper.net/us/en/products-services/switching/ex-series/ex2200/
0
 
LVL 4

Expert Comment

by:cdowdy
ID: 34093124
I have no experience with the Dell switches, so I can't say.

As far as the EX2200, I have read that there are some routing features that these do not support, although I am not sure which. Best case if you like the Juniper pricing and features, might be to contact Juniper and discuss with them what your needs today and possibly in the future may be for this switch and they can guide you. The thing is that these all run JunOS and even though the OS might support a feature, the hardware may not. The 3200 and 4200 may be slight overkill for you, but they support probably anything you will come to need in the near future.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP recommended setup with failover 2 105
Dlink-DIR 816 router 4 63
Install module in switch 4507 2 68
Need to cut my Verizon home cost 3 66
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question