09-10-2007 02:40 PM - edited 03-05-2019 06:23 PM
We have a firewall downstream from our Layer3 switch. If I were to define a port on the switch as a layer 2 port (switchport) and connect one of the fw int to that port, would the IP address of the int on the fw and the IP address of the vlan that the port belongs to have to be on the same subnet?
Thanks...
09-10-2007 04:42 PM
Hi Greg,
If you were to connect the fw interface to a layer 2 port whether is a L2 or L3 switch you must create a vlan in the switch and place that port in that new vlan for the switchport to reference the fw layer 3 interface-subnet, this is only if that port is currently in a vlan-subnet different from the fw interface subnet.
Remember, access ports operate at layer 2, once you make a switch port a member of a particular vlan is when you have layer 3 interfaces-subnets with their respective vlans defined.
HTH
Jorge
09-10-2007 05:12 PM
Thanks for your response. So, what you're saying is that a switchport has to belong to a vlan whose subnet is the same as the one on the fw int....
Thanks again...
09-11-2007 04:08 AM
That is correct.
Jorge
09-11-2007 01:42 PM
Thanks. Is this generally true for all the connections from a layer 3 swithchport to a router?
thanx..
09-11-2007 03:48 PM
when you use " switchport mode access" or
"switchport access vlan # " on the port it is no longer a layer 3 port, once you introduce the " no switchport mode access " and introduce and IP address on the port it becomes a routed port and is no longer a layer 2 port.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide