We have L3 switch with VLAN 10,20, and 30. There are no interfcaes for VLAN 20 and 30 on this L3 switch. But interfces are created with IP addresses. Other L2 switches are connected by trunk to this L3 switch. On L3 switch there are interfaces only with VLAN 10. One interface connectd in VLAN 10 is firewall. Hosts in VLAN 20 and 30 have their default gateway as L3 switch VLAN interface. Devices from VLAN 20 and VLAN 30 can communicate with eachn other - inter VLAN routing is working. Now we need to forward traffic to firewall from L3 switch which belongs to internet and not VLAN 20 and 30.
So the interface connected to firewall which is memeber of VLAN 10 group need to be in trunk ?
In my opinion when L3 switch is forwarding the frame to firewall it will remove the VLAN-tag-id from frame and will forward that frame to firewall as if the firewall is next hop router. ( It will send a untagged frame to firewall then firewall will NAT-PAT and will send it to internet, also firewall will have reverse route for VLAN 20 and VLAN 30 subnet ).
Please share the experience.
Thanks in advance.