Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
4
Replies

L3 routing

goutam_04
Level 1
Level 1

‎05-27-2008 12:51 AM - edited ‎03-05-2019 11:14 PM

Hi, I have connected Firewall to Switch. Presently all inter Vlan traffic routing through L3 switch, Now I want to stop internal routing in L3 switch. i want all inter vlan traffic will route through firewall and only intra vlan traffic will route through switch.

Labels:
0 Helpful
4 Replies 4

bvsnarayana03
Level 5
Level 5

‎05-27-2008 02:55 AM

This may be achieved by adding acl's to SVI's. default-gateway or specific routes pointing to FW.

0 Helpful

Wantser1981_2
Level 1
Level 1

‎05-27-2008 03:08 AM

I would simplfy this by removing the VLAN interfaces (currently the gateways) from the switch (appart from the one you want to use to access the switch for mangement), remove the routing and adding the gatewyas to the firewall either by using the pysical ports in an access port on the switch for the particular vlan or, subinterfacing a single firewall interface for a gateway in each vlan connected to a trunk on the switch.

Basically a "router on a stick" setup, which is effectivly what you are trying to achieve.

0 Helpful

goutam_04
Level 1
Level 1
In response to Wantser1981_2

‎05-27-2008 05:13 PM

Hi, I can not remove the vlan, coz, lots of server and users are connected in the vlan...total 10 vlans are configured in my Switch. I want that... in the same network if any server from a vlan wants to connect to another server in other vlan, then the traffic must be forward towards Firewall and firewall will check then again will forward towards Switch. coz, all the vlans are configured in the same switch. like this.

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to goutam_04

‎05-27-2008 10:41 PM

Which L3 switch you are using ?

Simplest is " no ip routing " on the switch (depending upon the hardware).

Other way is to delete the SVI's on the switch and the assing the same IP on the firewall trunk interface. This way your all the host will noow use the firewall as the GW. You can assign any other free IP to one of the SVI to manage the switch.

Confg t

no interface vlan 1

no interface vlan 2

no interface vlan 3

Please plan a proper downtime for this activity.

HTH,

-amit singh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card