Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1719
Views
0
Helpful
2
Replies

route between VLANs with different gateways

jjohnson
Level 1
Level 1

‎02-24-2017 06:39 AM - edited ‎03-08-2019 09:29 AM

Hello, i created another vlan for pc's out in our plant that i'd like to have access to our internal network but not the internet.  everything is configured correctly (vlan address, trunking) but i cannot ping vlan 3 from my pc unless my gateway is vlan 1's address (right now its the address of our firewall which is managed by an outside vendor) but if i change my gateway address to the vlan 1 address on our core layer 3 switch i cannot access the internet unless i have our firewall vendor make a change

is there a way to set a static route on our layer 3 switch to allow communication between vlan 1 and 3 but still allow my pc to have a gateway of our firewall's address?

any help would really be appreciated as i'd like to avoid contacting our firewall vendor

Labels:
0 Helpful
2 Replies 2

chrihussey
VIP Alumni
VIP Alumni

‎02-24-2017 10:05 AM

Is your PC is the only device, or are there a small number of devices that need to get to VLAN 3? If so, you could put a host route to VLAN3 in your PC with the VLAN 1 IP of your L3 switch as your next hop.

So if you have a Windows machine, just do "route help" from the command prompt which gives you the syntax. It would be something like this if VLAN 3 was the 10.3.3.0/24 network and your VLAN 1 interface was 10.1.1.1:

route ADD 10.3.3.0 MASK 255.255.255.0 10.1.1.1

If it is an entire network to network thing it would get a bit more involved. One solution would be to put a default route to the firewall in your L3 switch and have the PCs use the VLAN 1 interface as the default gateway. The L3 switch would then be responsible to redirect packets accordingly to the firewall. You would also need to put an ACL on the VLAN3 interface allowing access only to and from VLAN1 and not the Internet. Not optimal, but it should work.

0 Helpful

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎02-24-2017 10:08 AM

Hello!

All you have to do is put the ip of your layer 3 switch as your gateway and configure a default route to your SP firewall to go to the internet (ip route 0.0.0.0 0.0.0.0 ip of your firewall), if you want to restrict your vlan access to the internet you can use policy base routing, access list and so on to control that access, maybe your Service Provider has rules to control what trafic of your network can go to the internet so probably you do not have to configure that rules. Remember enable your Layer 3 funtion with "ip routing" command in the global configuration of your switch.

Regards,

---If this answer is correct do not forget to mark it as correct---Don't forget to rate useful answers.---

0 Helpful
Customers Also Viewed These Support Documents