Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4034
Views
0
Helpful
33
Replies

L3 Switch routing

Go to solution
imanco671
Level 1
Level 1

‎10-07-2011 09:05 AM - edited ‎03-04-2019 01:51 PM

Hello Community,

I have a Catalyst L3 switch. I have 3 Vlans setup.

This L3 switch is acting as my internal router for my 3 different subnets.

VLAN 2 - 10.10.10.1 - eth0/1

VLAN3 - 192.168.202.1 - eth0/2

VLAN4 - 192.168.200.1 - eth0/3

Within subnet 192.168.200.0, I have a firewall gateway of 192.168.200.254. There are 5 vpn tunnels going though this firewall.

192.168.102.0

192.168.103.0

192.168.104.0

192.168.105.0

192.168.106.0

These tunnel subnets have a default gateway of 192.168.200.254.

How can I configure them within my L3 switch?

Example: A server within my 10.10.10.0 subnets wants to get to the tunnel 192.168.102.0 - how is the routing handled? I assume I need to have routes setup in my L3 switch, I am just nt sure how I should create them? I would like to use a routing protocol like OSPF. I have an ASA 5510 that acts as the gateway for the 192.168.202.0 network. The others are sonicwalls which do not support routing protocols, so I would keep their static routes.

Thanks in advance.

Labels:
0 Helpful
33 Replies 33

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to imanco671

‎10-07-2011 02:24 PM

The end goal would be to what we have been discussing but we can't get there just yet. There are a number of things we could consider -

1) Upgrade the license on the L3 switch to run IP Services. Note that in addition to PBR you also need IP Services to run OSPF although i think with 12.2(55) it has been included in the IP Base. What is the exact version you have ie. 12.2(??).

There is a cost to upgrade feature sets as far as i know so you would need to contact your Cisco reseller if you have one.

2) leave as is until you use just one firewall for internet access

3) have multiple default-routes on the L3 switch and let the switch choose which one to use. Basically the switch would rotate between the routes but that would mean you would need each firewall to have rule bases that allow internet access for all subnets.

Note this wouldn't affect the remote tunnels because they are specific destinations so you can add specific routes to the L3 switch pointing to the right firewall.

Jon

0 Helpful

Go to solution
imanco671
Level 1
Level 1
In response to Jon Marshall

‎10-11-2011 12:34 PM

Hi Jon,

I have version: C3560 Software (C3560-IPBASE-M), Version 12.2(35) SE5

I hope if I cannot use OSPF, then can I still use RIP?

John

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to imanco671

‎10-11-2011 12:52 PM

John

Good point. Yes both the 3560 IP Base and the ASA support RIP so you could use this instead.

Jon

0 Helpful

Go to solution
imanco671
Level 1
Level 1
In response to Jon Marshall

‎10-11-2011 12:59 PM

Hi Jon,

okay, I guess I needed the IP Services to get OSPF running. I guess I am forced to use RIP.

Jon, Thanks for all the help setting up my L3 switch, I will open a new discussion about setting up RIP to use between my L3 switch and my ASA.

Thanks again

John

0 Helpful
Customers Also Viewed These Support Documents