07-03-2018 05:46 PM - edited 03-08-2019 03:33 PM
Hi Everyone,
If we have end device like AP and their Gateway lives on the Cisco Switch.
But we want that layer 3 gateway of different subnets configured on this switch should not talk to each other for that can we config the acl and apply that to the layer 3 vlan on the switch.?
or
If we have switch and it has default gateway for each different subnets on the switch and we have no ACL on the switch can then IP in one subnet talk to IP in another subnet?
Regards
Mahesh
Solved! Go to Solution.
07-04-2018 01:42 PM
Hi Mahesh,
I mean users on vlan 10 can access the 10.10.0.0/16 network as we have static route there?
Correct, assuming network 10.10.0.0/16 is up and running. Also, for reachability, the device that has network 10.10.0.0/16 needs to have a static route back to vlan 10 (192.168.10.0).
Also they can access any network as we have default gateway configured?
In an environment like this where we have multiple SVIs and the switch is actually routing, it is better to have a default route instead of a default gateway. A default gateway is mainly used on a layer-2 switch with one SVI which is used for management and needs reachability to the rest of the network.
So,
ip route 0.0.0.0 0.0.0.0 <next hop ip>
HTH
07-06-2018 07:20 PM
Hi Mahes
If say switch1 has default route to switch2 then if device in vlan 10 can access the rest of network as
switch1 has default route to switch 2 right?
Correct.
Also to make this happen then switch2 needs route back to device in vlan 10 right?
That is correct.
HTH
07-03-2018 06:44 PM
Hi Mahesh,
But we want that layer 3 gateway of different subnets configured on this switch should not talk to each other for that can we config the acl and apply that to the layer 3 vlan on the switch.?
That is correct. You would need to configure ACLs and apply them to proper vlan interfaces (SVIs) to block communications.
If we have switch and it has default gateway for each different subnets on the switch and we have no ACL on the switch can then IP in one subnet talk to IP in another subnet?
Correct. By default, the SVIs can communicate with each other unless you configure access lists and applies them to the SVIs.
HTH
07-03-2018 07:59 PM
Hi Reza,
Thanks for answering this question too.
One last thing if we have this setup
Different subnets and all the layer 3 gateway for those subnets live on one switch.
There are no ACL so all these layer 3 subnets can talk to each other.
If we have these layer 3 SVI on the switch
192.168.10.1 vlan 10
192.168.20.1 vlan 20
192.168.30.1 vlan 30
If we have this static routes on the switch
10.10.0.0/16 next hop 10.1.10.0
default gateway is 0.0.0.0/0
then users on the vlan 10 can access all the ips in the vlan 20 and 30 and also they can access any
network as long as there is static route on the switch ?
I mean users on vlan 10 can access the 10.10.0.0/16 network as we have static route there?
Also they can access any network as we have default gateway configured?
Regards
Mahesh
07-04-2018 01:42 PM
Hi Mahesh,
I mean users on vlan 10 can access the 10.10.0.0/16 network as we have static route there?
Correct, assuming network 10.10.0.0/16 is up and running. Also, for reachability, the device that has network 10.10.0.0/16 needs to have a static route back to vlan 10 (192.168.10.0).
Also they can access any network as we have default gateway configured?
In an environment like this where we have multiple SVIs and the switch is actually routing, it is better to have a default route instead of a default gateway. A default gateway is mainly used on a layer-2 switch with one SVI which is used for management and needs reachability to the rest of the network.
So,
ip route 0.0.0.0 0.0.0.0 <next hop ip>
HTH
07-06-2018 04:56 PM
Hi Reza,
sorry for typo
i mean to ask for
ip route 0.0.0.0/0 not ip default gateway.
If say switch1 has default route to switch2 then if device in vlan 10 can access the rest of network as
switch1 has default route to switch 2 right?
Also to make this happen then switch2 needs route back to device in vlan 10 right?
Regards
Mahesh
07-06-2018 07:20 PM
Hi Mahes
If say switch1 has default route to switch2 then if device in vlan 10 can access the rest of network as
switch1 has default route to switch 2 right?
Correct.
Also to make this happen then switch2 needs route back to device in vlan 10 right?
That is correct.
HTH
07-17-2018 03:50 PM
Many thanks Reza!!!
Best Regards
Mahesh
07-09-2018 11:24 AM
Q1: Yes, Assuming you enabled the routing between them
Q2: No, unless you type (config)# ip routing in the L3 switch
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide