09-25-2010 03:43 AM - edited 03-06-2019 01:10 PM
To all
i need to make my core switch transparent for my access users the Gateway should be Firewall ip
1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing
2) for going Outside to network Gateway should be Firewall ip
kinldy share some thoughts and idea with me i shall be very thanksful
Solved! Go to Solution.
09-25-2010 03:57 AM
faizankhursheed wrote:
To all
i need to make my core switch transparent for my access users the Gateway should be Firewall ip
1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing
2) for going Outside to network Gateway should be Firewall ip
kinldy share some thoughts and idea with me i shall be very thanksful
You have 2 choices -
1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall
2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.
Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.
If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.
Jon
09-25-2010 03:57 AM
faizankhursheed wrote:
To all
i need to make my core switch transparent for my access users the Gateway should be Firewall ip
1)if valn A access swicth users needs to communicate with other vlan B access switch they have to perfom intervaln routing
2) for going Outside to network Gateway should be Firewall ip
kinldy share some thoughts and idea with me i shall be very thanksful
You have 2 choices -
1) make the core switch simply L2 ie. it does no inter-vla routng and have the vlan interfaces on the firewall
2) make the core switch responsible for the inter-vlan routing and then have a default-route on the core switch pointing to the firewall inside interface. You would also need to add routes to the firewall for the vlans on the core switch.
Assuming your core switch is L3 capable and you don't have to firewall between internal vlans option 2) is much better because it is standard setup and often a lot easier to configure than inter-vlan routng on your firewall which might not even be able to do that.
If you did use option 2) then the clients default-gateway would not be the firewall but the L3 vlan interface on the core switch.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide