Solved: Layer 3 /30 Vlans Daisy Chain help - Page 2

BrianOver · ‎06-08-2022

Hi All!

I got dragged into a partly configured project & am trying to piece together what's needed

*UPDATE because I worded this poorly

Network:

Firewall -> Aggregate C3850-S

-> Trunk -> (A) C3850-S

-> Trunk -> (B) C3850-S

-> Trunk -> (C) C3850-S

A, B, & C contain many /30 Vlans connected to corresponding DHCP pools (They give out 1 specific IP)

Vlans are all configured with a INT address & only are populated on their corresponding switch

A is 192.168.5.0 - split into Vlan 2-20 all /30

B is 192.168.6.0 - split into Vlan 26-49 all /30

C is 192.168.7.0 - split into Vlan 50-73 All /30

The trouble, as always, is internet access. I've tried a lot of different route combinations on the Firewall & Switches but they never seem to pick up internet access

A buddy theorized I could make the interface on the firewall 192.168.4.1/16 & make that the default router for all the vlan (DHCP) but I cannot seem to get that to work

Any ideas? Struggling here

BrianOver · ‎06-08-2022

The links between all switches are Trunks - the only common Vlan between them is Vlan 1

Currently the link between the aggregate switch & the firewall is trunk allow all vlan

BrianOver · ‎06-08-2022

Switches all are trunk ports they allow their Vlan connections - the only common Vlan is vlan 1

The Aggregate switch to the Firewall is Trunk allow Vlan all

Flavio Miranda · ‎06-08-2022

Hi

Does you firewall supports subinterface and dot1q?

You can create vlan per switch and corresponding subinterface on the firewall. The firewall would perform intervlan routing and traffic filtering among those vlans and would be the gateway to the internet.