Solved: Re: Cisco Core switch connect to Firewall

abee · ‎04-25-2019

Our current Core router setting:

3750 sw -> Meraki MS450 Lan port ->Firewall (192.168.1.2)

Config:

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
no ip http server
no ip http secure-server

My question is does the core switch 3750 need to have a direct physical connection to the Firewall and not through an access switch Meraki? It looks like the only connection we have from the switch to the Firewall is from Meraki Lan port, also that port is an access port. How can the traffic route to the firewall?

Another question I have is I don't see any interface that have an ip 10.1.1.1 but I am able to ssh into the switch via 10.1.1.1. Can we ssh into switch with vlan ip address?

no ip domain-lookup
ip domain-name hydraflowusa.com
!
stack-power stack Powerstack-1
!
stack-power switch 1
stack Powerstack-1
stack-power switch 2
stack Powerstack-1
!
vtp domain hydraflow
vtp mode transparent
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-1005 priority 0
!
!

interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown

!

interface Vlan101
description MANAGEMENT
ip address 10.1.1.1 255.255.255.0

paul driver · ‎04-25-2019

Hello

yes I am assuming the ms would be acting as a host switch and the Cisco would/is the stp root

The Fw wold just connect to the ms switch via an access port in a assigned vlan from the cisco

And yes you can remote access on the the Cisco switch via its SVI interface address

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎04-25-2019

Hello

yes I am assuming the ms would be acting as a host switch and the Cisco would/is the stp root

The Fw wold just connect to the ms switch via an access port in a assigned vlan from the cisco

And yes you can remote access on the the Cisco switch via its SVI interface address

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

abee · ‎04-25-2019

To clarify: The Meraki MS is acting as a bridge in between core the FW? If so, how did the core get network connection when the ISP connect straight to the firewall?

Jaderson Pessoa · ‎04-25-2019

3750 sw -> Meraki MS450 Lan port ->Firewall (192.168.1.2)

Config:

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
no ip http server
no ip http secure-server

My question is does the core switch 3750 need to have a direct physical connection to the Firewall and not through an access switch Meraki? It looks like the only connection we have from the switch to the Firewall is from Meraki Lan port, also that port is an access port. How can the traffic route to the firewall?

If meraki is configured as access switch, you wont have problem here. But if there other configurations, you need know if there connection between your 3750 and your firewall.

Another question I have is I don't see any interface that have an ip 10.1.1.1 but I am able to ssh into the switch via 10.1.1.1. Can we ssh into switch with vlan ip address?

you have a vlan interface configured on your device

interface Vlan101
description MANAGEMENT
ip address 10.1.1.1 255.255.255.0

>>end of the page <<

no ip domain-lookup
ip domain-name hydraflowusa.com
!
stack-power stack Powerstack-1
!
stack-power switch 1
stack Powerstack-1
stack-power switch 2
stack Powerstack-1
!
vtp domain hydraflow
vtp mode transparent
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-1005 priority 0
!
!

interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown

!

interface Vlan101
description MANAGEMENT
ip address 10.1.1.1 255.255.255.0

Jaderson Pessoa
*** Rate All Helpful Responses ***