Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
5
Helpful
3
Replies

2960-X Intervlan routing with two gateways??

Mohammad Zeid
Level 1
Level 1

‎08-01-2016 10:33 AM - edited ‎03-08-2019 06:50 AM

Hello 

I'm currently implementing vlans for our company's network, but things are getting little complicated.

I've done with basic configurations, created the vlans 10,20,30 ... and defined a last resort static route to the gateway which it is a sophos UTM.

The problem is the some devices like the VoIP system and NVR and other devices and services are using another firewall which is a Mikrotik.

So instead of having one gateway that I can make it as default gateway I have two gateways.

I was looking on how to route based on source IP address and read about IP Policy Based Routing but then learned that our L3 switch (WS-C2960X-24TS-L) which is user for inter-VLAN routing doesn't support route-map command! so we can't use PBR!

The question is, is there anyway to do PBR with this L3 switch? a workaround? or an alternative? or even a completely different idea????

I don't have a topology handy right now.

vlan1-----|                         

vlan2-----|                         |------Sophos-----Internet

vlan3-----|------2960-X-----|

vlan4-----|                         |------Mikrotik-----Internet

vlan5-----|                         

I will try to upload a topology drawing soon.

Please note that both gateways I cant remove them nor change much with their configuration because many of the configs are managed with 3rd parties.

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎08-01-2016 01:53 PM

I don't think that you can solve that with the 2960-X. But the Mikrotik is capable of doing PBR. You could route all traffic to the Mikrotik, which sends the traffic out of the local internet or to the Sophos based on the source. If your Sophos appliance can also do PBR, you could also do it the other way round.

Mohammad Zeid
Level 1
Level 1
In response to Karsten Iwen

‎08-01-2016 10:28 PM

Good morning/evening Karsten,

Yes I've thought of that but I was planning to keep the 2960-X doing the routing part between vlans because of the performance we can gain. I will do what you suggested eventually if no other solution were found.

I will suggest to the manager buying a new cisco L3 switch that is capable for what we want. Do you have any suggestion? I prefer something feature rich, so in the future I don't stumble on another thing that is not supported!

Thank you very much Karsten

0 Helpful

Karsten Iwen
VIP
VIP
In response to Mohammad Zeid

‎08-01-2016 10:59 PM

I prefer something feature rich, so in the future I don't stumble on another thing that is not supported!

Then a Catalyst 6880-X is the right choice for you ... ;-)

Based on the documentation, a 3650/3850 should also do PBR (never used it myself on these platforms). They are the "next level" above the 2960-X. And not as expensive as a really feature-rich 6800.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card