Catalyst 3560 VLAN Routing

Unanswered Question
Nov 3rd, 2009

We have 10 VLAN's created with in our network. DHCP and VLAN is setup on the 3560 switch.

There is an "ip default-gateway" command pointing to the interface on our firewall which is connected to the switch and it is on VLAN1.

We would like all traffic from two VLAN's to go through our proxy server that is located in our data center instead of directly going out to the net.

I can accomplish this via group policy since the computers are on the domain but I have been asked to accomplish this via this switch i.e; route traffic from the two VLAN's to our proxy server located in our data center over the VPN.

Will appreciate your help and feed back.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 11/03/2009 - 13:44

Well you can use PBR (Policy Based Routing) to direct the traffic of the 2 vlans to the proxy server.

What is confusing is whether or not the 3560 switch is routing for the vlans or not. The "ip default-gateway" is only used for the switch itself ie. not the other vlans. Do you have a default-route on the 3560 pointing to the firewall as well ?


challc2008 Tue, 11/03/2009 - 14:06

I'm assuming you are talking about this?

All VLANs are directly connected interfaces.

IP Routing is enabled on the switch but RIP is not configured. On our Firewall (Juniper Netscreen 204) we have static entries for all the VLAN's like this:

"set route int eth4 gateway"

(eth4 is (Interface on the Firewall and VLAN 1 on the switch)

#sh conf | inc route

default-router (VLAN 13)

default-router (VLAN 15)

default-router (VLAN 14)

default-router (VLAN 12)

ip route


This Discussion