Cisco Switching issues

Unanswered Question
Oct 28th, 2009


We have a cisco 6500 switch on which we have lot of VLANS configured. Now we are moving some of the VLAN traffic filtering on the firewall which will be the next HOP.But, some of the L3 VLANS will be still working on the switch.

Now, If we are moving the traffic filtering on to the firewall,

we are shutting down the VLANs created on the switch so that the L2 functionality will forward the packets to the firewall.

If we shut down the VLAN will the L2 functionality work properly??

As some of the VLans still will be on the switch do i need to configure trunking on the ports connected to switch so that the traffic from the vlan passess to switch??

I am a bit confused on this..Please help as i need to implement this by the week end...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbrenesj Wed, 10/28/2009 - 10:08

The VLAN and the interface VLAN (SVI) on the switch are separate instances, you can have only a L2 vlan defined in the vlan database and not an interface vlan (L3). Of course you need to ensure that the traffic from that vlan can get to the L3 device (firewall in ur case) so it can get out to other subnets.

If you don't have separate interfaces on the firewall, one for each vlan, then you can use trunking if the Firewall supports it.

The idea to have L3 vlan capabilities on the switch is to avoid using a separate device for inter-VLAN traffic.

Let me know if I can be of any help

iyde Thu, 10/29/2009 - 00:17


So what you will have is that some of your VLAN have their default gateway on a SVI (L3 interface) on the switch while other VLAN have their default gateway on the firewall. This should work quite fine, as long as you make sure that the switch and the firewall have a common VLAN over which to exchange routing information.

I.e. on the firewall you have to make routing for the SVI networks towards the switch and on the switch you have to make the routing for the firewall VLANs point towards the firewall.

HTH, Ingolf

sairamteju Thu, 10/29/2009 - 06:46

Thanks for the inof..

I am also now doing the same by connecting the firewall and switch interface in the same VLAN. amd i am creating sub-interfaces on the firewall. i will enable trunking on the switch ports which will be connected to the firewall where sub-interfaces are created.

Do i need to have trunking on all the interfaces connected to the firewall ???

In Routing i am giving default route in switch to point all the traffic to Firewall, but will this route have any effect on the L3 vlan traffic on the switch.


This Discussion