Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
576
Views
0
Helpful
3
Replies

Vlan routing Question

Go to solution
g-serghiou
Level 1
Level 1

‎05-28-2007 11:37 PM - edited ‎03-05-2019 04:20 PM

Hi All,

I am new to layer 3 switches + firewalls and my new job has both,

I would like some information about the routing of packets between the following devices and scenario :

(ROUTER) connected with FR to Internet

+

|

|

+

(FIREWALL)4 Ethernetin, out, DMZ1,DMZ2)

+ + + +

| | | |

| | | |

| | | |

+ + + +

(3750 switch)2 VLANs configured and GiEth1/0/2 is configured as Trunk

Each VLAN is connected on E2 and E3 of Firewall !!!

Now, how do VLAN1 and VLAN2 communicate with each other(IP Layer). Does the Routing occure inside the layer 3 switch, or is it going through the TRUNK port to the Firewall and then back from the firewall throught the TRUNK again to the switch ???

If this is the case, i do not see any route statements in the PIX. or does it do routing based on the interface IP addresses ???

I hope i made my self clear here !!!

Thanks,

George

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bjornarsb
Level 4
Level 4
In response to g-serghiou

‎05-29-2007 12:57 AM

Hi again,

the case is that when you do this at the fw and not on the 3750 is to use firewall features (rules for communication between vlan's)

Of course you can do acl's on the switch if its enabeled for layer 3 (vlan interfaces) and you want that, but with limited features (but maybe good enough) compared with the FW.

Keep in mind when using acl's on the switch you do not get wired speed.

HTH, check the scroll-box at the bottom rigth :)

BR,

Bjornarsb

View solution in original post

0 Helpful
3 Replies 3

Go to solution
bjornarsb
Level 4
Level 4

‎05-29-2007 12:08 AM

Hi,

Routing between vlan 1 and vlan 2 is done at the Firewall. You do not need routing of connected interfaces. However I believe that your FW has a default gateway towards your Router :)

BR,

Bjornarsb

0 Helpful

Go to solution
g-serghiou
Level 1
Level 1
In response to bjornarsb

‎05-29-2007 12:23 AM

Hi,

Yes indeed, the firewall has a default route to outside 0.0.0.0 0.0.0.0 which points to the IP of the router's E0.

So you say that i dont need any route information on the PIX as it 'knows' by means of the configured connected interfaces.

I understand that.

but why would someone do that, and send incoming and outgoing traffic over a 100 Mbps link(trunk at PIX side). Couldn't they configure routing between VLANs + ACLs to secure it on the 3750 switch itself and gain all the wire speed !!! ???

Any light on this one please ??

Thanks,

George

0 Helpful

Go to solution
bjornarsb
Level 4
Level 4
In response to g-serghiou

‎05-29-2007 12:57 AM

Hi again,

the case is that when you do this at the fw and not on the 3750 is to use firewall features (rules for communication between vlan's)

Of course you can do acl's on the switch if its enabeled for layer 3 (vlan interfaces) and you want that, but with limited features (but maybe good enough) compared with the FW.

Keep in mind when using acl's on the switch you do not get wired speed.

HTH, check the scroll-box at the bottom rigth :)

BR,

Bjornarsb

0 Helpful
Top