separate internet gateway for a given vlan

gordfran03 · ‎02-07-2013

In my scenario, I have a layer 3 switch acting as my core/root bridge/vtp server for around 30 vlans. On it I've defined the gateway of last resort to be the lan IP address of my internet firewall. I've brought in a new internet connection and new firewall that I will eventually use as a replacement. I've created a new vlan and put the new firewall in it. Before I change the gateway of last resort on my core switch to be the new firewall, is it possible for me to select a particular vlan, vlan 25 for example, and configure it to use the new firewall as its internet gateway for testing?

Richard Burts · ‎02-07-2013

Gordon

If your layer 3 switch supports Policy Based Routing then you could configure one VLAN with PBR and have it use the new firewall as its gateway of last resort.

HTH

Rick

HTH

Rick

gordfran03 · ‎02-07-2013

Thanks for the reply. But unfortunately for me I'd need the Enterprises Servicves IOS. It's a 4506 running IPBASE 12.2(54)SG1 on a Sup V engine.

prakadeesh · ‎02-21-2013

Not sure what firewall you have, do not do layer 3 for this vlan on the core router. Create a layer 2 link between the new firewall and the core router. Define the test vlan default gateway as a virtual IP on the firewall on the vlan say 10.100.0.1.

Then on the clientson the new vlan just point them to this 10.100.0.1 as default. on the new firewall just do a static route for 0.0.0.0 to the internet