Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4904
Views
0
Helpful
2
Replies

VLAN Routing to Internet through firewall

EduardoAbanto
Level 1
Level 1

‎07-25-2012 01:39 PM - edited ‎03-07-2019 07:59 AM

Greetings

Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.

I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.

One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.

So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.

When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.

attached image.

Labels:
Preview file
63 KB
0 Helpful
2 Replies 2

bhackbarth
Level 1
Level 1

‎07-26-2012 09:18 PM

Realize that the 3560 isn't a small business product and is supported by TAC, not the small business folks. But,

Make sure you enable routing globally on the switch, and create a default route that points to your Internet router:

(Config mode)
ip routing

ip route 0.0.0.0 0.0.0.0 200.1.1.2

Configure an IP interface for each VLAN in the switch:

interface vlan1

ip address 192.168.0.1 255.255.255.0

interface vlan3

ip address 172.16.0.1 255.255.255.0

Then for all devices on VLAN3, let their default gateway be 172.16.0.1. For all devices on vlan1, let their default gateway be 192.168.0.1. And so on.  The switch will be smart enough to route between the vlans as well as the internet (provided you have created the default route described earlier).

Now  to reach back to your  VLAN's from your internet router, go to your router and add static routes pointing to VLAN1's interface. Example for Vlan3:

ip route 172.16.0.0 255.255.255.0 192.168.0.1

The switch receives that and automatically directs it over to VLAN3.

Read this article for more information:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

0 Helpful

EduardoAbanto
Level 1
Level 1
In response to bhackbarth

‎07-27-2012 08:25 AM

Thanks for the reply.

Now  to reach back to your  VLAN's from your internet router, go to your router and add static routes pointing to VLAN1's interface. Example for Vlan3:
ip route 172.16.0.0 255.255.255.0 192.168.0.1

  • I have 5 VLANs
  • One of this VLANs (VLAN 90) is the farm of servers.
  • The device that provides internet to all VLANs is an ENDIAN firewall located in the VLAN 90
  • I only have internet in that VLAN

I attached the configuration of my switch.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Switch#show running-config

Building configuration...

Current configuration : 2865 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/8
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/9
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/10
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/11
switchport access vlan 110
switchport mode access
!
interface GigabitEthernet0/12
switchport access vlan 110
switchport mode access
!
interface GigabitEthernet0/13
switchport access vlan 120
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 120
switchport mode access
!
interface GigabitEthernet0/15
switchport access vlan 130
switchport mode access
!
interface GigabitEthernet0/16
switchport access vlan 130
switchport mode access
!
interface GigabitEthernet0/17
switchport access vlan 140
switchport mode access
!
interface GigabitEthernet0/18
switchport access vlan 140
switchport mode access
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan90
ip address 10.10.90.1 255.255.255.0
ip helper-address 10.10.90.200
!
interface Vlan100
ip address 10.10.100.1 255.255.255.0
ip helper-address 10.10.90.200
!
interface Vlan110
ip address 10.10.110.1 255.255.255.0
ip helper-address 10.10.90.200
!
interface Vlan120
ip address 10.10.120.1 255.255.255.0
ip helper-address 10.10.90.200
!
interface Vlan130
ip address 10.10.130.1 255.255.255.0
ip helper-address 10.10.90.200
!
interface Vlan140
ip address 10.10.140.1 255.255.255.0
ip helper-address 10.10.90.200
!
ip default-gateway 10.10.90.206
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.90.206
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card