Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
10
Helpful
3
Replies

Inter vlan routing

mahimakundu1
Level 1
Level 1

‎04-04-2015 02:56 PM - edited ‎03-10-2019 12:30 PM

Current Scenario:- Firewall is connected to a switch and that switch is connected to other switches in piggy backing scenario, there are no only 2 vlan, native and vlan20 with 30 hosts, all other 250 hosts are in native plan.  All hosts have firewall as their default gateway, and internal routing is also being done by firewall.

we want to create more vlan's and internal routing to be done by layer3 switch, in that scenario what will be the config of switch interface connected to firewall(will i have to define a default route) and what would be the default gateway for hosts?

 

Labels:
0 Helpful
3 Replies 3

Andre Neethling
Level 4
Level 4

‎04-04-2015 04:22 PM

Depending on the firewall model............ I would have a routed switch port with a /30 network between the firewall and layer 3 switch. Each vlan will have it's gateway on the layer 3 SVI and the switch will have a default route pointing to the firewall.

Pranay Prasoon
Level 3
Level 3

‎04-04-2015 05:53 PM

Hi Mahima,

which device either firewall or switch will route traffic is based on the default gateway configured on host

Example

                      Trunk

  vlan 1----sw------------fw

                  |

               vlan 250

Say vlan 1 machine has IP address 192.168.1.1, switch svi 1 has ip address 192.168.1.2 and fw

has ip address 192.168.1.3

similarly vlan 250 machine has ip address 10.1.1.1 , switch svi 250 10.1.1.2 and and fw vlan 10.1.1.3.

So in your scenario all hosts have FW as default gateway. Therefore to reach to an unknow network hosts will send traffic to fw and fw will route it based on its routing table. if your switch is in L3 mode and rather than specifying fw as gateway if you provide the switch IP address then it will be the responsibility of the switch to do the routing.  

So if you need to add another VLAN on sw and point default gateway of hosts to switch, switch will route traffic. However FW are mostly stateful in nature and would expect all two way communication through it. So you cannot have default gateway of vlan 250 to fw and vlan XYZ to switch. In this scenario, you can configure interface of switch going to FW as L3 and point a default-route to FW and configure route for all vlans through switch on FW.

Thanks
Pranay

mahimakundu1
Level 1
Level 1
In response to Pranay Prasoon

‎04-14-2015 06:08 AM

Hi Pranay,

Thanks for the explanation. I am new I firewall configuration, there are twao sub interfaces configured on firewall for vlan 60 and vlan 90, I believe which are for interval routing, Kindly confirm

 X0LAN 192.168.1.77255.255.252.0Static1 Gbps Full DuplexDefault LAN 
 X0:V60LAN 10.0.80.4255.255.240.0StaticVLAN Sub-InterfaceDEV/SUP Domain V... 
 X0:V90LAN 10.0.128.3255.255.240.0StaticVLAN Sub-InterfaceQA Domain VLAN

 

and on switch there is a default route to firewall, but on all the hosts default gateway is also considered as firewall.

 

Kindly explain me how can I configure route for all vlans through switch on FW.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card