[c-nsp] Firewall/LAN implementation

Mark Tohill Mark at u.tv
Wed Aug 17 10:11:58 EDT 2005


Hi, 

Hope this is not off-topic.

Current Scenario: 

2 x 3700 series routers in active-standby configuration (HSRP) . They
are implementing IOS SLB and NAT. 
Behind these a 2950-24 switch. This box has only the Standard Image. 
Behind this again are a number of Windows servers requiring protection. 

Requirement: 
Implement Firewall Solution with SonicWall in order to protect a subset
of these hosts. 

Questions: 
1. Can the Firewall be 'hung' off the switch and create port-based
VLAN's? 

2. Would this involve sub-interfaces on the Firewall? I read in
SonicWall doc. that with appropriate Firmware upgrade, it can implement
sub-interfaces, but requires a 802.1q-capable switch. 

3. Leading on from 2., I believe 2950-24 cannot run 802.1q since it runs
only a Standard Image(SI), according to CCO. Is this true? 

4. Any other advice appreciated.

Thanks,
Mark.




More information about the cisco-nsp mailing list