10-19-2022 07:47 AM
I have configured a network with some switches CISCO 350 series (SX550X-24F, CBS350-48T, CBS350-24T-4X, CBS350-24T-4G)
The switch CISCO SX550X-24F is the principal switch and it has routing enabled (while all the others have routing disabled).
I have configured 3 VLAN on all switches:
- VLAN 2 (10.0.0.0/24)
- VLAN 3 (10.30.0.0/24)
- VLAN 4 (172.31.1.0/24)
On switch CISCO SX550X-24F i have configured 3 VLAN interfaces:
!
interface VLAN 2
name DATA
ip address 10.0.0.211 255.255.255.0
sntp client enable
!
interface VLAN 3
name VOIP
ip address 10.30.0.211 255.255.255.0
!
interface VLAN 4
name VIDEO
ip address 172.31.1.211 255.255.255.0
!
I have configured a default gateway on VLAN2 with IP 10.0.0.30
The switch SX550X-24F is connected directly to the router with 3 ports, one for each VLAN.
I setup two sample host:
- HOST1 10.0.0.57/255.255.255.0 GW 10.0.0.211 on VLAN 2
- HOST2 172.31.1.56/255.255.255.0 GW on 172.31.1.211 VLAN 4
Inter VLAN works fine:
- I ping all VLAN interfaces from all hosts
- I ping HOST1 from HOST2 and viceversa
I navigate to internet from HOST1 without any problem, but i can't do that from HOST2.
Can I configure a gateway for each VLAN?
for example:
- 10.30.0.254 for VLAN 3
- 172.31.1.254 fron VLAN 4
How can I route the traffic from VLAN 4 to internet?
Thanks
Best Regards
10-19-2022 12:38 PM
what router is this? looks for me like there is no NAT rule, and static route back is not available on the router for the other VLANs.
10-20-2022 12:03 AM
Hi,
Now we are in testing enviroyment, and gateway is a firewall Nethesecurity.
In production will be a firewall Sophos.
Is it possible that the switch send packets through the default gareway 10.0.0.30 of VLAN 2?
Can i set another gateway for each of others VLAN?
Thanks.
10-20-2022 12:11 AM
i would suggest moving from the default gateway to IP routing.
Now we are in testing enviroyment, and gateway is a firewall Nethesecurity.
In production will be a firewall Sophos.
either one, you need to check is the NAT added that IP address. also, same IP address is routed back to the gateway of that IP address.
10-20-2022 12:40 AM
Hi
Please, Can you give me a sample of the configuration for routing my vlans.
Thanks
10-20-2022 01:04 AM
not sure about the other product, look at sophos document for NAT and routing :
Take example :
PC------Switch-----Firewall--Intenet
PC mentioned as gateway
on switch you need to add IP route 0.0.0.0 0.0.0.0 10.0.0.30 (towards Sophos FW IP)
On sophos you need add NAT for below below IP address
10.0.0.0/24 (I belive this is working)
VLAN 3 (10.30.0.0/24)
- VLAN 4 (172.31.1.0/24)
on sophos you need to static route back -
VLAN 3 (10.30.0.0/24) towards switch IP 10.0.0.211
- VLAN 4 (172.31.1.0/24) -towards switch IP 10.0.0.211
This high level as per my understanding, we always suggest to draw a network diagram for easy understand.
10-20-2022 04:00 AM
Hi,
Thanks for the sample.
In this sample configuration, if i understand, you set the default gateway on switch, as is, and NAT/routing the traffic from firewall to the switch.
I attached my actual routing table and static routes.
Is it possible to use only layer 3 routing on switch?
So i don't need to configure NAT/routing on test environment firewall and production firewall.
Thanks
10-20-2022 04:41 AM
You can make Layer3 switch, but switch can not do any NAT. this should be your FW and routing required (as i am thinking top of my head).
10-20-2022 05:26 AM
Hi
I'll try to configure firewall as in your sample and then let you know.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide