cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1633
Views
0
Helpful
3
Replies

VLAN interconnect question

Adeel Azam
Level 1
Level 1

Hello,

I am reviewing a proposed design from a consulting firm and I am not sure this will work, any help will be appreciated.

Have a firewall with 4 interfaces, 2 external interfaces and 2 internal interfaces. The 2 external interfaces for example are business and control system. same for the internal interfaces.

external interfaces:

VLAN 10, 172.XX.225.XX, 255.255.255.0, control system, traffic coming through its dedicated switch

VLAN 20, 172.XX.28.XX, 255.255.255.0, business, traffic coming through its dedicated switch

internal interfaces

VLAN 100, XX.XX.XX.XX, 255.255.255.0, control system, going to some downstream device

VLAN 200, XX.XX.XX.XX, 255.255.255.0, business, going to some downstream device.

there is a logical interface configured that is the trunking port carrying all the above mentioned vlans 10,20,100, 200.

traffic from vlan 10 is only supposed to go to vlan 100, and traffic from vlan 20 is only supposed to go to vlan 200.

does the above configuration work? I am thinking just having different vlans is not enough but they should also be on different subnets. please advise.

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Are you saying vlan 10 and vlan 100 are using the same IP subnet as are vlan 20 and vlan 200 ?

Also where is the logical interface you mention ie. on what device ?

Jon

Right now I don't have any IP address for the internal interfaces, just have the subnet masks. Lets imagine both scenarios then. If they are on the same IP subnet, I don't believe this will work, if they are on different subnets it works correct?

Also the firewall is a ruggedcom with APE module that has the firewall software.

Difficult to say without knowing more ie.  you haven't said where the trunk is.

I have no experience with that firewall but with an ASA firewall it can run in either transparent (L2) or routed (L3)  mode.

If the vlan pairs used the same IP subnet then it could work if the firewall was in transparent mode. But if the firewall was in routed mode then the subnets would have to be different.

However it is simply not possible to say anything about whether the design is appropriate, will work etc. with only the details you have provided.

Jon

Review Cisco Networking for a $25 gift card