WS-3550 internet switch

clamzclamz Member Posts: 28 ■□□□□□□□□□
Hey I work for a company and we have a really old 3com hub for our internet switch. I have a 3550 that I would like to replace it with. We have our firewall, vpn concentrator and internet router plugged into it. Our firewall outside interface is in half-duplex mode because of this 3com hub, can anyone provide a sh run of their internet switches? It would help me conceptualize the configuration I would need

Thanks a lot,
Cam

Comments

  • ciscojay-houstonciscojay-houston Banned Posts: 14 ■□□□□□□□□□
    I think it should be the other way around. Is this switch on the outside of your firewall? Sounds like it. If so, all of your ports would need to be on the same VLAN. Make sure that for security purposes, you don't assign an IP address to any of the VLAN interfaces of the switch. This will keep it as a layer 2 switch, and reduce your security risks from the Internet.

    You can set your firewall to full duplex, along with any other devices that will plug into this switch.

    On the switchport,you can set the duplex and speed accordingly. You can change the port number below, but here's a sample syntax you would use to set the speed and duplex on a particular interface.

    conf t
    int f0/1
    speed 100
    duplex full
    exit
    wr mem
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    clamz wrote: »
    Hey I work for a company and we have a really old 3com hub for our internet switch. I have a 3550 that I would like to replace it with. We have our firewall, vpn concentrator and internet router plugged into it. Our firewall outside interface is in half-duplex mode because of this 3com hub, can anyone provide a sh run of their internet switches? It would help me conceptualize the configuration I would need

    Thanks a lot,
    Cam

    I dont think many would be stupid to give out configs willy nilly for security reasons.

    Why dont you try and explain what you require or are stuck on and people can help. Also check the configuration guides from the cisco docs for the 3550. It has all the stuff you need.
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • clamzclamz Member Posts: 28 ■□□□□□□□□□
    I think it should be the other way around. Is this switch on the outside of your firewall? Sounds like it. If so, all of your ports would need to be on the same VLAN. Make sure that for security purposes, you don't assign an IP address to any of the VLAN interfaces of the switch. This will keep it as a layer 2 switch, and reduce your security risks from the Internet.

    You can set your firewall to full duplex, along with any other devices that will plug into this switch.

    On the switchport,you can set the duplex and speed accordingly. You can change the port number below, but here's a sample syntax you would use to set the speed and duplex on a particular interface.

    conf t
    int f0/1
    speed 100
    duplex full
    exit
    wr mem


    Hey ciscojay, yeah good point on not setting the VLAN IP. Also, is it a good practice to hard set the ports to full duplex and 100 speed? Right now all 24 - ports are:

    interface FastEthernet0/6
    switchport mode dynamic desirable

    Also,

    interface Vlan1
    no ip address

    One more question, say my public block is 206.65.23.0 /24.. and my internet router is assigned to 206.65.23.1. On the internet switch, do I need to put in a gateway of last resort to the internet router? (i.e. ip route 0.0.0.0 0.0.0.0 206.65.23.1 255.255.255.0)

    So the devices that are plugged into the internet switch know where to go?

    Thanks
  • clamzclamz Member Posts: 28 ■□□□□□□□□□
    nel wrote: »
    I dont think many would be stupid to give out configs willy nilly for security reasons.

    Why dont you try and explain what you require or are stuck on and people can help. Also check the configuration guides from the cisco docs for the 3550. It has all the stuff you need.

    hey good point, I should of clarified that I wanted just generic templates nothing with routable information,

    Sorry for the confusion hehe
  • kryollakryolla Member Posts: 785
    clamz wrote: »
    Hey ciscojay, yeah good point on not setting the VLAN IP. Also, is it a good practice to hard set the ports to full duplex and 100 speed? Right now all 24 - ports are:

    interface FastEthernet0/6
    switchport mode dynamic desirable

    The above is to negotiate trunking not setting speed and duplex. We also hard code duplex and speed settings at my work. We had some issues with auto-negotiation
    Also,

    interface Vlan1
    no ip address

    One more question, say my public block is 206.65.23.0 /24.. and my internet router is assigned to 206.65.23.1. On the internet switch, do I need to put in a gateway of last resort to the internet router? (i.e. ip route 0.0.0.0 0.0.0.0 206.65.23.1 255.255.255.0)

    So the devices that are plugged into the internet switch know where to go?

    Thanks

    The hosts will get the default gateway (your internet router) via DHCP if not then static. Gateway of last resort configured on a layer 2 switch is to send locally generated traffic off the subnet of the management vlan. Since you have no IP addresses in the switch I wouldnt worry about it. Why did you get a 3550 when a 2950 would of worked for your purpose

    You are replacing a hub with a switch so the switch will work out of the box
    Studying for CCIE and drinking Home Brew
  • tierstentiersten Member Posts: 4,505
    If you've got a hub there currently then any unmanaged switch will do the job. Using a L2/3 managed switch like a 3550 for this is a tad over the top. Even a 2950/2960 will be overkill for what you currently need.
  • clamzclamz Member Posts: 28 ■□□□□□□□□□
    kryolla wrote: »
    The above is to negotiate trunking not setting speed and duplex. We also hard code duplex and speed settings at my work. We had some issues with auto-negotiation



    The hosts will get the default gateway (your internet router) via DHCP if not then static. Gateway of last resort configured on a layer 2 switch is to send locally generated traffic off the subnet of the management vlan. Since you have no IP addresses in the switch I wouldnt worry about it. Why did you get a 3550 when a 2950 would of worked for your purpose

    You are replacing a hub with a switch so the switch will work out of the box

    You know I have a lot of layer two 2900XL's laying around. I should save my 3550 for L3 functionality, thanks!
  • networker050184networker050184 Mod Posts: 11,962 Mod
    clamz wrote: »
    You know I have a lot of layer two 2900XL's laying around. I should save my 3550 for L3 functionality, thanks!

    Or just stash it away for your lab!
    An expert is a man who has made all the mistakes which can be made.
  • clamzclamz Member Posts: 28 ■□□□□□□□□□
    Hey guys I'm cutting over to the 2900XL tonight and had a question. I have hard set all of the interfaces on the new internet switch to duplex 100 and speed 10.

    My firewall and vpn concentrator are not hard set right now, after I unplug them from the current switch do i have to apply those same commands to the outside interfaces on the VPN and Firewall? or should they negotiate the speed I set on the switch?

    Thanks,
    Cam
  • xwesleyxwillisxxwesleyxwillisx Member Posts: 158
    You definately want to hard code the duplex and speed settings if you can (on the attached devices). This is especially true if they are 10/100 ports. If the switch is hard coded it will NOT negotiate with the attached devices.

    I believe the default behavior for 10/100 ports with auto-negotiation is to default to 100/half if it can't negotiate. You'd probably get a "Error: Duplex mismatch" on the switch in that case also...

    Short story is, if you can't hard code the firewall/VPN devices, don't hard code the switch ports.
  • clamzclamz Member Posts: 28 ■□□□□□□□□□
    You definately want to hard code the duplex and speed settings if you can (on the attached devices). This is especially true if they are 10/100 ports. If the switch is hard coded it will NOT negotiate with the attached devices.

    I believe the default behavior for 10/100 ports with auto-negotiation is to default to 100/half if it can't negotiate. You'd probably get a "Error: Duplex mismatch" on the switch in that case also...

    Short story is, if you can't hard code the firewall/VPN devices, don't hard code the switch ports.

    Hmmmm, I think I will undo those ports then and let them auto-negotiate. That would suck if I plugged in the devices and received a duplex mismatch, thousands of users use this internet pipe =)
Sign In or Register to comment.