On 19/Oct/17 10:48, James Bensley wrote:
> We wouldn't offer dual connections to the same layer 3 edge device as > a "resilient" service nor have it participate in layer 2 service if it > is layer 3 edge. I'd stick a switch in place, the FW could have two > links to the switch and the switch can participate in STP and have one > uplink to the ASR920/PE for layer 3 termination/upstream. Yes, we do exactly the same. We've had to reject a number of requests from customers that have multiple firewalls and want our ASR920 edge router to participate in their LAN. We've always told them to present a router to us, and decide, internally, whatever it is they want to do with their firewalls and leave us out of that decision. We are not in the habit of sharing Layer 2 broadcast domains with customers. Mark. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
