Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1058
Views
6
Helpful
10
Replies

Cisco FPR-2110 as router on a stick

Go to solution
harmitin
Level 1
Level 1

‎03-16-2023 02:48 AM

Hi, I want to know, can we use FPR-2110 firewall as router on stick?

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-16-2023 02:52 AM

@harmitin yes you can, you create a subinterface on the FPR2110 for each VLAN to be routed.

View solution in original post

Go to solution
MHM Cisco World
VIP
VIP
In response to harmitin

‎03-16-2023 03:37 AM - edited ‎03-16-2023 03:48 AM

NO issue, 
Core with VLAN x,y no ip routing 
FW have subinterface for VLAN x,y meaning the FW is GW for all client 
any traffic between x,y will pass through FW 
DMZ SW have vlan Z no ip routing 
FW have subinterface for VLAN z meaning the FW is GW for all client 
the traffic will pass from x,y to z through FW 
so no problem 

View solution in original post

10 Replies 10

Go to solution
Rob Ingram
VIP
VIP

‎03-16-2023 02:52 AM

@harmitin yes you can, you create a subinterface on the FPR2110 for each VLAN to be routed.

Go to solution
harmitin
Level 1
Level 1
In response to Rob Ingram

‎03-16-2023 03:03 AM

HI Rob, Thanks for your reply. I have below scenario where we are using core switch with no routing functionality, only to create VLAN's. Routing between different VLAN should happen via firewall and come back to core switch on the same physical interface as there is only one physical link between firewall and core switch. We have requirement from client that routing should happen on firewall only. At the same time, I wanted to allow policy based forward to send the traffic from core switch network to DMZ switch network via firewall. is this design is correct?

inhamit_0-1678960702949.png

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to harmitin

‎03-16-2023 03:37 AM

@harmitin this seems overly complex (PBR) for a simple design. Why not just create a static route on the core switch for the Voice recording server network, via the FPR2110's inside interface IP address.

Go to solution
harmitin
Level 1
Level 1
In response to Rob Ingram

‎03-16-2023 03:54 AM

Hi Rob, Its is client requirement and as communication between different between VLAN or network should happen through firewall. We will using DMZ switch for windows update server and voice recording server as voice recorder will get traffic from all VLAN in one direction only that is communication from all VLAN's to voice recorder only not in vice versa.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to harmitin

‎03-16-2023 04:00 AM

@harmitin sure I understand, my suggestion was to route the traffic via the FW.

The other option would be to configure the FW in transparent mode.

Go to solution
harmitin
Level 1
Level 1
In response to Rob Ingram

‎03-16-2023 04:05 AM

HI Rob, Thanks for your reply. So our design is correct. we shall route the traffic via firewall from Vlan x to vlan y towards core switch on the same physical interface and at the same time we will allow PBR to forward the traffic from core switch to DMZ switch network.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-16-2023 02:57 AM

Yes since the FW is L3 device like Router and support subinerface, you can config it as router on stick. 
only make sure you config link to SW as trunk from SW side. 

Go to solution
harmitin
Level 1
Level 1
In response to MHM Cisco World

‎03-16-2023 03:18 AM

Hi, Thanks for your response. I have below scenario where we are using core switch with no routing functionality, only to create VLAN's. Routing between different VLAN should happen via firewall and come back to core switch on the same physical interface as there is only one physical link between firewall and core switch. We have requirement from client that routing should happen on firewall only. At the same time, I wanted to allow policy based forward to send the traffic from core switch network to DMZ switch network via firewall. is this design correct?

inhamit_0-1678961874138.png

 

 

Go to solution
MHM Cisco World
VIP
VIP
In response to harmitin

‎03-16-2023 03:37 AM - edited ‎03-16-2023 03:48 AM

NO issue, 
Core with VLAN x,y no ip routing 
FW have subinterface for VLAN x,y meaning the FW is GW for all client 
any traffic between x,y will pass through FW 
DMZ SW have vlan Z no ip routing 
FW have subinterface for VLAN z meaning the FW is GW for all client 
the traffic will pass from x,y to z through FW 
so no problem 

Go to solution
harmitin
Level 1
Level 1
In response to MHM Cisco World

‎03-16-2023 03:55 AM

Thank you  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card