Solved: Question about Routing on a 3750

jasongring · ‎07-21-2011

We are getting ready to implement VOIP on our LAN and I am planning to separate the Voice and LAN traffic with VLANS. I do need traffice to be able to route between them. On most of the guide I've seen online it looks as if you are have the devices on each vlan point to the vlan IP as the default gateway. On our LAN currently the devices point to the firewall (CISCO ASA) as the default gateway which is on the same vlan as the lan traffic. How do I configure it so that the devices can get to the internet but also can route traffic between vlans?

Antonio Knox · ‎07-21-2011

You can either configure your vlans (and SVIs) on the 3750 and configure a route that points to the ASA for routing traffic to the segment that has a default gateway pointed there. Alternatively, you can configure all of your vlan (SVI) default gateways on the 3750 and create a default route to the ASA for networks outside of your LAN.

Message was edited by: Antonio Knox

View solution in original post

Jon Marshall · ‎07-21-2011

Jason

You can either -

1) if you don't have spare interfaces on the ASA connect the inside interface of the ASA to the 3750 using a trunk and then use subinterfaces on the ASA for the data and voice vlans

or

2) move the routing of the data and voice vlans to the 3750 and then simply connect to the ASA using a routed connection to the ASA. You would then need routes on the ASA for the data/voice vlans and a default-route on the 3750 pointing to the ASA.

If you don't have to firewall the data and voice vlans from each other then i would go with option 2.

Jon

View solution in original post

Jon Marshall · ‎07-21-2011

Basically create a L3 P2P link using a /30 subnet eg.

3750

int gi0/1 <-- connects to ASA

no switchport

ip address 192.168.5.1 255.255.255.252

ip route 0.0.0.0 0.0.0.0 192.168.5.2

ASA

inside interface will be 192.168.5.2

route inside 192.168.5.1

or run a dynamic routing protocol between 3750 and ASA.

Jon

View solution in original post

Antonio Knox · ‎07-21-2011

Create a routed point to point (/30 segment) connection between the 3750 and the inside interface of the ASA. Then create a default route on the 3750 that points to the inside interface of the ASA. Them create static routes on the ASA for the vlans and point the routes to the ip address of the 3750 interface connected to the ASA.

View solution in original post

Antonio Knox · ‎07-21-2011

You can either configure your vlans (and SVIs) on the 3750 and configure a route that points to the ASA for routing traffic to the segment that has a default gateway pointed there. Alternatively, you can configure all of your vlan (SVI) default gateways on the 3750 and create a default route to the ASA for networks outside of your LAN.

Message was edited by: Antonio Knox

Jon Marshall · ‎07-21-2011

Jason

You can either -

1) if you don't have spare interfaces on the ASA connect the inside interface of the ASA to the 3750 using a trunk and then use subinterfaces on the ASA for the data and voice vlans

or

2) move the routing of the data and voice vlans to the 3750 and then simply connect to the ASA using a routed connection to the ASA. You would then need routes on the ASA for the data/voice vlans and a default-route on the 3750 pointing to the ASA.

If you don't have to firewall the data and voice vlans from each other then i would go with option 2.

Jon

jasongring · ‎07-21-2011

I dont need to firewall them from each other. I was just hoping there was a way i could leave my lan segment the way it was with the inside interface of the ASA as part of that vlan and all the machines on that vlan using the ASA as the default gateway while adding in the voice vlan and allowing the 3750 to route traffic between the two. But based on your post option 2 seems the best it will just mean i have to change everyones default gateway and not make the inside interface of the firewall part of the network vlan. Correct?

Antonio Knox · ‎07-21-2011

If you chose to go with Option 2, you don't have to change anyone DGW if you assign the 3750 SVI the same ip that used to be on the ASA.

jasongring · ‎07-21-2011

That's true. So I think I'm good on the inter-vlan routing and changing the SVI to the IP of the firewall but Im not quit sure i understand what to do with the inside interface of the ASA.

Jon Marshall · ‎07-21-2011

Basically create a L3 P2P link using a /30 subnet eg.

3750

int gi0/1 <-- connects to ASA

no switchport

ip address 192.168.5.1 255.255.255.252

ip route 0.0.0.0 0.0.0.0 192.168.5.2

ASA

inside interface will be 192.168.5.2

route inside 192.168.5.1

or run a dynamic routing protocol between 3750 and ASA.

Jon

jasongring · ‎07-21-2011

Thanks guys..this was a huge help.

Antonio Knox · ‎07-21-2011

Create a routed point to point (/30 segment) connection between the 3750 and the inside interface of the ASA. Then create a default route on the 3750 that points to the inside interface of the ASA. Them create static routes on the ASA for the vlans and point the routes to the ip address of the 3750 interface connected to the ASA.