cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


705
Views
0
Helpful
2
Replies
RussMcIntire
Beginner

Layer 2 routing question

In my lab, I have 2 Cisco SG350-10 switches connected to a Palo Alto 220 firewall. On my switches, I want to do layer 2 switching and routing on the firewall. Here is my setup:

 

SG350-10 switch #1

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port connected to Palo Alto (tagging all VLAN's except VLAN1)

port 10 set as trunk port connected to Switch #2 (tagging all VLAN's except VLAN1)

 

SG350-10 switch #2

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port - not used

port 10 set as trunk port connected to Switch #1 (tagging all VLAN's except VLAN1)

 

VLAN1 192.168.0.1/16

VLAN2 10.0.2.0/24 (Gateway .1)

VLAN4 10.0.4.0/24 (Gateway .1)

VLAN5 10.0.5.0/24 (Gateway .1)

 

In VLAN management>VLAN settings, I have the VLAN's created

In IP Configuration>IPv4 Interface I have the VLAN Interfaces created with the appropriate IP addresses and subnet masks.

 

PC #1 10.0.2.5/24

PC #2 10.0.4.5/24

PC #3 10.0.5.5/24

 

I have the interfaces set up in the Palo Alto 

 

I can connect each PC in the appropriate VLAN and ping the other by IP address. Even VLAN's between switches. The only thing I can't ping is the gateway (.1) on the firewall from any VLAN. Do I need to set up an IPv4 route to the firewall?

 

 

I am wondering if I am missing something in my switch setup. Any help would be appreciated since I am fairly new to this?

 

1 ACCEPTED SOLUTION

Accepted Solutions
RussMcIntire
Beginner

After talking with Palo Alto, The issue was with the config on my firewall. It seems my switches were set up just fine. 

View solution in original post

2 REPLIES 2
Sujoy Paria
Cisco Employee

Hi,

Please configure the management IP on the switches from the same IP pool as configured in Firewall, add default route on the switches towards firewall LAN IP, allow all the VLANs on the Trunk port (VLAN 1 as native will be helpful). All the VLAN interfaces will be configured on the Firewall, PC gateway will be the respective VLAN interface IP.

RussMcIntire
Beginner

After talking with Palo Alto, The issue was with the config on my firewall. It seems my switches were set up just fine. 

Create
Recognize Your Peers
Polls
How would you describe your level of technical expertise?