L3 routing

Unanswered Question
May 27th, 2008

Hi, I have connected Firewall to Switch. Presently all inter Vlan traffic routing through L3 switch, Now I want to stop internal routing in L3 switch. i want all inter vlan traffic will route through firewall and only intra vlan traffic will route through switch.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bvsnarayana03 Tue, 05/27/2008 - 02:55

This may be achieved by adding acl's to SVI's. default-gateway or specific routes pointing to FW.

Wantser1981_2 Tue, 05/27/2008 - 03:08

I would simplfy this by removing the VLAN interfaces (currently the gateways) from the switch (appart from the one you want to use to access the switch for mangement), remove the routing and adding the gatewyas to the firewall either by using the pysical ports in an access port on the switch for the particular vlan or, subinterfacing a single firewall interface for a gateway in each vlan connected to a trunk on the switch.

Basically a "router on a stick" setup, which is effectivly what you are trying to achieve.

goutam_04 Tue, 05/27/2008 - 17:13

Hi, I can not remove the vlan, coz, lots of server and users are connected in the vlan...total 10 vlans are configured in my Switch. I want that... in the same network if any server from a vlan wants to connect to another server in other vlan, then the traffic must be forward towards Firewall and firewall will check then again will forward towards Switch. coz, all the vlans are configured in the same switch. like this.

Amit Singh Tue, 05/27/2008 - 22:41

Which L3 switch you are using ?

Simplest is " no ip routing " on the switch (depending upon the hardware).

Other way is to delete the SVI's on the switch and the assing the same IP on the firewall trunk interface. This way your all the host will noow use the firewall as the GW. You can assign any other free IP to one of the SVI to manage the switch.

Confg t

no interface vlan 1

no interface vlan 2

no interface vlan 3

Please plan a proper downtime for this activity.

HTH,

-amit singh

Actions

This Discussion