cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
0
Helpful
5
Replies

Firewall 1150 Intervlan routing not possible

GatLMCO
Level 1
Level 1

Cisco Firepower FTD unable to Intervlan

5 Replies 5

How you check intervlan?

MHM

Hello,

post the running config of the 1150...

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @GatLMCO ,

VLANs can be used on lower end FP1010, on FP1150 you probably need to use routed subinterfaces on a port connected to a downstream switch.

Hope to help

Giuseppe

 

Here is the Scenario,

I have a host-A(10.10.30.10/24) connected to access port on Switch-A with various other vlans also configured on access ports. Switch-A connects on a Trunk port to CoreCatSwitch. Firepower inside ½ interface trunks to CoreCatSwitch. On The CoreCatSwitch 3 vlans, interfaced as Vlan10(10.10.10.1/24), Vlan20(10.10.20.1/24) and Vlan30(10.10.30.1/24). On FTD ½ interface, 3 Subinterfaces configured Vlan10 (10.10.20.2/24), Vlan20(10.10.20.2/24), and Vlan30(10.10.30.24/24).

Firewall can ping host-A (10.10.30.10/24); host-A PC can ping only Vlan30(same subnet). Host-A cannot ping any other Vlans configured on Firewall that is not Vlan30. However, I believe this to be a functionality by design. So I have another question, is it possible to configure and associate a 1/3 interface as a virtual bridge on a VTP trunk, point trunk to Vlan1 access port on coreCatswitch to enable intervlan routing.

I think this not relate to routing' did you config ACL allow traffic between VLAN ?

MHM

Review Cisco Networking for a $25 gift card