cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1141
Views
0
Helpful
8
Replies

How can I configure a Gateway for each VLAN on CISCO SX550X-24F

fabiodna
Level 1
Level 1

I have configured a network with some switches CISCO 350 series (SX550X-24F, CBS350-48T, CBS350-24T-4X, CBS350-24T-4G)
The switch CISCO SX550X-24F is the principal switch and it has routing enabled (while all the others have routing disabled).
I have configured 3 VLAN on all switches:

- VLAN 2 (10.0.0.0/24)
- VLAN 3 (10.30.0.0/24)
- VLAN 4 (172.31.1.0/24)


On switch CISCO SX550X-24F i have configured 3 VLAN interfaces:
!
interface VLAN 2
name DATA
ip address 10.0.0.211 255.255.255.0
sntp client enable
!
interface VLAN 3
name VOIP
ip address 10.30.0.211 255.255.255.0
!
interface VLAN 4
name VIDEO
ip address 172.31.1.211 255.255.255.0
!

I have configured a default gateway on VLAN2 with IP 10.0.0.30

The switch SX550X-24F is connected directly to the router with 3 ports, one for each VLAN.

I setup two sample host:
- HOST1 10.0.0.57/255.255.255.0 GW 10.0.0.211 on VLAN 2
- HOST2 172.31.1.56/255.255.255.0 GW on 172.31.1.211 VLAN 4

Inter VLAN works fine:
- I ping all VLAN interfaces from all hosts
- I ping HOST1 from HOST2 and viceversa

I navigate to internet from HOST1 without any problem, but i can't do that from HOST2.

Can I configure a gateway for each VLAN?
for example:
- 10.30.0.254 for VLAN 3
- 172.31.1.254 fron VLAN 4

How can I route the traffic from VLAN 4 to internet?

Thanks

Best Regards

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

what router is this? looks for me like there is no NAT rule, and static route back is not available on the router for the other VLANs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Now we are in testing enviroyment, and gateway is a firewall Nethesecurity.

In production will be a firewall Sophos.

Is it possible that the switch send packets through the default gareway 10.0.0.30 of VLAN 2?

Can i set another gateway for each of others VLAN?

Thanks.

i would suggest moving from the default gateway to IP routing.

Now we are in testing enviroyment, and gateway is a firewall Nethesecurity.

In production will be a firewall Sophos.

either one, you need to check is the NAT added that IP address. also, same IP address is routed back to the gateway of that IP address.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

Please, Can you give me a sample of the configuration for routing my vlans. 

Thanks

not sure about the other product, look at sophos document for NAT and routing :

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/StaticRouting/index.html

 

Take example :

PC------Switch-----Firewall--Intenet

PC mentioned as gateway

on switch you need to add IP route 0.0.0.0 0.0.0.0 10.0.0.30 (towards Sophos FW IP)

On sophos you need add NAT for below below IP address

10.0.0.0/24 (I belive this is working)

VLAN 3 (10.30.0.0/24)  
- VLAN 4 (172.31.1.0/24)

on sophos you need to static route back -

VLAN 3 (10.30.0.0/24)  towards switch IP  10.0.0.211
- VLAN 4 (172.31.1.0/24) -towards switch IP  10.0.0.211

 

This high level as per my understanding, we always suggest to draw a network diagram for easy understand.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Thanks for the sample.

In this sample configuration, if i understand, you set the default gateway on switch, as is, and NAT/routing the traffic from firewall to the switch.

I attached my actual routing table and static routes.

Is it possible to use only layer 3 routing on switch?

So i don't need to configure NAT/routing on test environment firewall and production firewall.

Thanks

 

You can make Layer3 switch, but switch can not do any NAT. this should be your FW and routing required (as i am thinking top of my head).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

I'll try to configure firewall as in your sample and then let you know.

Thanks

Review Cisco Networking for a $25 gift card