Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1592
Views
0
Helpful
3
Replies

Layer 2 routing question

Go to solution
RussMcIntire
Level 1
Level 1

‎03-01-2020 12:58 PM

In my lab, I have 2 Cisco SG350-10 switches connected to a Palo Alto 220 firewall. On my switches, I want to do layer 2 switching and routing on the firewall. Here is my setup:

 

SG350-10 switch #1

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port connected to Palo Alto (tagging all VLAN's except VLAN1)

port 10 set as trunk port connected to Switch #2 (tagging all VLAN's except VLAN1)

 

SG350-10 switch #2

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port - not used

port 10 set as trunk port connected to Switch #1 (tagging all VLAN's except VLAN1)

 

VLAN1 192.168.0.1/16

VLAN2 10.0.2.0/24 (Gateway .1)

VLAN4 10.0.4.0/24 (Gateway .1)

VLAN5 10.0.5.0/24 (Gateway .1)

 

In VLAN management>VLAN settings, I have the VLAN's created

In IP Configuration>IPv4 Interface I have the VLAN Interfaces created with the appropriate IP addresses and subnet masks.

 

PC #1 10.0.2.5/24

PC #2 10.0.4.5/24

PC #3 10.0.5.5/24

 

I have the interfaces set up in the Palo Alto 

 

I can connect each PC in the appropriate VLAN and ping the other by IP address. Even VLAN's between switches. The only thing I can't ping is the gateway (.1) on the firewall from any VLAN. Do I need to set up an IPv4 route to the firewall?

 

 

I am wondering if I am missing something in my switch setup. Any help would be appreciated since I am fairly new to this?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RussMcIntire
Level 1
Level 1

‎04-07-2020 08:47 AM

After talking with Palo Alto, The issue was with the config on my firewall. It seems my switches were set up just fine. 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sujoy Paria
Cisco Employee
Cisco Employee

‎03-30-2020 09:15 AM

Hi,

Please configure the management IP on the switches from the same IP pool as configured in Firewall, add default route on the switches towards firewall LAN IP, allow all the VLANs on the Trunk port (VLAN 1 as native will be helpful). All the VLAN interfaces will be configured on the Firewall, PC gateway will be the respective VLAN interface IP.

0 Helpful

Go to solution
RussMcIntire
Level 1
Level 1

‎04-07-2020 08:47 AM

After talking with Palo Alto, The issue was with the config on my firewall. It seems my switches were set up just fine. 

0 Helpful

Go to solution
phugiay
Level 1
Level 1
In response to RussMcIntire

‎12-28-2022 10:45 AM

What is the issue on your firewall? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents