Do I need a layer 3 switch to get connected

K

kalale

Active Member
Joined
Oct 16, 2008
Messages
42
Reaction score
0
Hi,

We have fibre in our office up to the server room and they installed a cisco router, now would isp says we need a layer 3 switch to get it to connect to out LAN, my question is do we really need a layer 3 switch? we have pfsense as our firewaal, can we use it? what other cheaper alternatives are there for layer 3 switches?
 
A firewall is basically a layer three switch :p
 
Well you need something to be able to connect to the backbone equipment!

The same goes for FTTH. The GPON ONT is just gives you access to the bandwidth available on the fibre, you need a router to be able to connect to an ISP.
 
If the Cisco is doing the Nat and e.g pppoe then all you need is a layer 2 or dumb switch. If not then rather get a router and a layer 2 switch
 
before the isp came, the was a guy that came and installed a Cisco ME1200-4S-A and he tested and showed me what the speed was, I thought that Cisco was the router or we still need to get the layer 3 switch?
 
kalale said:
before the isp came, the was a guy that came and installed a Cisco ME1200-4S-A and he tested and showed me what the speed was, I thought that Cisco was the router or we still need to get the layer 3 switch?
Click to expand...

DFA Infrastructure?

Just plug in your firewall into the Cisco and do your IP configs on your Firewall's WAN interface using the p2p subnet details they provided you ( or whatever IP block they gave you)
 
Maybe a small diagram would help detailing the boxes already in place?

What does your fibre BB supplier ( DFA) have to say? Ask the sales rep to give you the facts not the oke who installed the boxes.
 
Hi kianm,

I've tried to do the config on the pfsense and I can ping their router but still no internet, maybe im missing something, I'll keep trying.

Isp--->pfsense(WAN port)--->pfsense (LAN Port)--->LAN switch---> PC's.

Im also thinking of getting a Mikrotik but i've never used them before and what would be the best mikrotik model.
 
kalale said:
Hi kianm,

I've tried to do the config on the pfsense and I can ping their router but still no internet, maybe im missing something, I'll keep trying.

Isp--->pfsense(WAN port)--->pfsense (LAN Port)--->LAN switch---> PC's.

Im also thinking of getting a Mikrotik but i've never used them before and what would be the best mikrotik model.
Click to expand...

That should be correct. What IP is the PF WAN port getting from the Cisco? and what IP is the PF LAN range?
 
kalale said:
Hi kianm,

I've tried to do the config on the pfsense and I can ping their router but still no internet, maybe im missing something, I'll keep trying.

Isp--->pfsense(WAN port)--->pfsense (LAN Port)--->LAN switch---> PC's.

Im also thinking of getting a Mikrotik but i've never used them before and what would be the best mikrotik model.
Click to expand...

Ping which router? The one at the other end of the link? No ports blocked on the firewall maybe? what about protocols?
 
I'll try again on Monday, I've also found a Mikrotik Routerboard 951 2n, can i use this instead of pfsense, If it possible, what are the steps that i need to to get it to work.

Here are the details i got from the isp

IPv4 PtP Block 1xx.xxx.xxx.xx0/30
IPv4 SEACOM 1xx.xxx.xxx.xx1
IPv4 Client 1xx.xxx.xxx.xx2
IPv6 PtP Block xxxxxxxxxxxxxxx
IPv6 SEACOM xxxxxxxxxxxxxxx
IPv6 Client xxxxxxxxxxxxxxx
IPv4 Onward Assignment xxx.xxx.xxx.xxx/29
IPv6 Onward Assignment xxxxxxxxxxxx
IPv4 DNS IPs xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

My LAN is 172.16.2.x/24
 
kalale said:
I'll try again on Monday, I've also found a Mikrotik Routerboard 951 2n, can i use this instead of pfsense, If it possible, what are the steps that i need to to get it to work.

Here are the details i got from the isp

IPv4 PtP Block 1xx.xxx.xxx.xx0/30
IPv4 SEACOM 1xx.xxx.xxx.xx1
IPv4 Client 1xx.xxx.xxx.xx2
IPv6 PtP Block xxxxxxxxxxxxxxx
IPv6 SEACOM xxxxxxxxxxxxxxx
IPv6 Client xxxxxxxxxxxxxxx
IPv4 Onward Assignment xxx.xxx.xxx.xxx/29
IPv6 Onward Assignment xxxxxxxxxxxx
IPv4 DNS IPs xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

My LAN is 172.16.2.x/24
Click to expand...

So we are sure they disabled NAT on the Cisco and our pfsense is doing NAT right?

Ok, so on your firewall you'd use the x.x.x.2 and ensure you use gateway x.x.x.1 for your firewall (so your default route like -> ip route 0.0.0.0 0.0.0.0 x.x.x.1)

Your policies are all in order right? (you are also NATing your 172.16.2.x to your Pfsense's WAN interface that's connected to the Cisco)

You've updated your DNS server's to Seacom's DNS servers, or using public DNS servers right?
 
If they have given you IP details then you just need your IP xx2 of the /30 assigned to your WAN interface. Then you need a default route to xx1 and you will need to masquerade out your WAN interface or your local subnet. You then need your firewall/router to also do DNS forwarding which will have the Seacom DNS servers, your internal network will then use your firewall/router as their DNS server. If you aren't sure of the setup just get some IT support to assist?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X