Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
2
Replies

Catalyst 3560 Config question (vlan routing)

Go to solution
Jason Whitehead
Level 1
Level 1

‎01-12-2010 03:47 PM - edited ‎03-06-2019 09:15 AM

I have setup the default route for my layer 3 switch 0.0.0.0 0.0.0.0 10.100.1.2 255.255.255.252 on interface gigabitEthernet 0/1 with the

Switch(config-if)#no switchport
Switch(config-if)#ip address 10.100.1.1 255.255.255.252
Switch(config-if)#no shutdown

We are using a Watchguard firebox that associates rules and policies based on the Port that is receiving 
the traffic, each network has different policies on Internet access that the watchgaurd filters.

with the setup above all traffic would leave the switch to one interface of the Firebox, what would the best
solution be to solve this problem? maybe make a different routing port on the switch, any help or advice would
be appreciated

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-13-2010 12:28 AM

Hi,

As per your existing setup switch --- watchgaurd firewall---internal lan,with this setup you can achive that from outside network what ever traffic comes to internal LAN will be filter as per the policies in firewall.

Routing will be done at switch and outside world.

But if you want to filter traffic between internal lan you need to have separate segment of firewall in separate segment so that all traffic from internal lan can come to firewall then policy will checked and goes to destination segment.

Hope that Helps

Regards

Ganesh.H

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-12-2010 04:27 PM 

JasonWhitehead wrote:
I have setup the default route for my layer 3 switch 0.0.0.0 0.0.0.0 10.100.1.2 255.255.255.252 on interface gigabitEthernet 0/1 with the
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.100.1.1 255.255.255.252
Switch(config-if)#no shutdown

We are using a Watchguard firebox that associates rules and policies based on the Port that is receiving 
the traffic, each network has different policies on Internet access that the watchgaurd filters.

with the setup above all traffic would leave the switch to one interface of the Firebox, what would the best
solution be to solve this problem? maybe make a different routing port on the switch, any help or advice would
be appreciated

Jason

It depends on a few things -

1) how many ports do you have on the WatchGuard and are there enough for all the vlans ?

2) If not can the Watchguard support 802.1Q ie. can you have subinterfaces on the WatchGuard ?

3) Can the Watchguard not filter by subnet IP address as it seems very restrictive otherwise ie. you need an interface per vlan/subnet ?

Jon

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-13-2010 12:28 AM

Hi,

As per your existing setup switch --- watchgaurd firewall---internal lan,with this setup you can achive that from outside network what ever traffic comes to internal LAN will be filter as per the policies in firewall.

Routing will be done at switch and outside world.

But if you want to filter traffic between internal lan you need to have separate segment of firewall in separate segment so that all traffic from internal lan can come to firewall then policy will checked and goes to destination segment.

Hope that Helps

Regards

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card